npm - not-node - Versions diffs - 5.1.45 → 6.0.0 - Mend

not-node 5.1.45 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/index.js +4 -0
package/package.json +2 -1
package/src/app.js +2 -2
package/src/auth/index.js +0 -2
package/src/auth/routes.js +25 -61
package/src/auth/rules.js +8 -7
package/src/common.js +19 -0
package/src/identity/exceptions.js +17 -0
package/src/identity/identity.js +61 -0
package/src/identity/index.js +35 -0
package/src/identity/providers/session.js +137 -0
package/src/identity/providers/token.js +255 -0
package/src/manifest/route.js +2 -1
package/static2.js +24 -0
package/test/auth/identity.js +0 -0
package/test/auth/routes.js +1 -1
package/test/auth.js +0 -15
package/test/env.js +20 -20
package/test/identity/identity.js +1 -0
package/test/identity/index.js +12 -0
package/test/identity/providers/session.js +227 -0
package/test/identity/providers/token.js +244 -0
package/test/identity.js +5 -0
package/test/notRoute.js +1022 -799
package/src/auth/session.js +0 -151
package/test/auth/session.js +0 -266

package/src/identity/providers/token.js ADDED Viewed

@@ -0,0 +1,255 @@
+const { error, log } = require("not-log")(module, "Identity//Token");
+const { notRequestError } = require("not-error");
+const CONST = require("../../auth/const");
+const ROLES = require("../../auth/roles");
+const { objHas } = require("../../common");
+const phrase = require("not-locale").modulePhrase("not-node");
+const JWT = require("jsonwebtoken");
+module.exports = class IdentityProviderToken {
+    #tokenContent = null;
+    #token = null;
+    static #options = {};
+    static setOptions(options = {}) {
+        this.#options = options;
+    }
+    static #getOptions() {
+        return this.#options;
+    }
+    constructor(req) {
+        this.req = req;
+        return this;
+    }
+    static getTokenFromRequest(req) {
+        const auth = req.get("Authorization");
+        if (auth && auth.length) {
+            const [, token] = auth.split(" ");
+            return token;
+        }
+        return null;
+    }
+    #extractToken(req) {
+        const token = this.getTokenFromRequest(req);
+        if (token) {
+            this.#token = token;
+        }
+    }
+    #updateToken() {
+        this.#token = this.#encodeTokenContent();
+        return this.#token;
+    }
+    #decodeTokenContent() {
+        try {
+            if (this.#token) {
+                const secret = this.#getOptions().secret;
+                JWT.verify(this.#token, secret);
+                return JWT.decode(this.#token, secret);
+            }
+            return null;
+        } catch (e) {
+            error(e.message);
+            return null;
+        }
+    }
+    #encodeTokenContent() {
+        try {
+            if (this.#token) {
+                const secret = this.#getOptions().secret;
+                return JWT.sign(this.#tokenContent, secret);
+            }
+            return null;
+        } catch (e) {
+            error(e.message);
+            return null;
+        }
+    }
+    #extractTokenContent(req) {
+        this.#tokenContent = this.#decodeTokenContent(req);
+    }
+    get tokenContent() {
+        return this.#tokenContent;
+    }
+    get token() {
+        return this.#token;
+    }
+    static #validateSecretForToken({ secret, context }) {
+        if (
+            !secret ||
+            typeof secret === "undefined" ||
+            secret === null ||
+            secret === ""
+        ) {
+            throw new notRequestError(phrase("user_token_secret_not_valid"), {
+                ...context,
+                code: 500,
+            });
+        }
+    }
+    static #validateTTLForToken(tokenTTL) {
+        if (tokenTTL <= 0 || isNaN(tokenTTL)) {
+            log(phrase("user_token_ttl_not_set"));
+            tokenTTL = CONST.TOKEN_TTL;
+        }
+        return tokenTTL;
+    }
+    static #composeUserTokenPayload({ user, additionalFields = [] }) {
+        const addons = {};
+        if (Array.isArray(additionalFields)) {
+            additionalFields.forEach((fieldName) => {
+                if (objHas(user, fieldName)) {
+                    addons[fieldName] = user[fieldName];
+                }
+            });
+        }
+        return {
+            _id: user._id,
+            role: user.role,
+            active: user.active,
+            username: user.username,
+            ...addons,
+        };
+    }
+    static #composeGuestTokenPayload() {
+        return {
+            _id: false,
+            role: CONST.DEFAULT_USER_ROLE_FOR_GUEST,
+            active: true,
+            username: phrase("user_role_guest"),
+        };
+    }
+    static createToken({
+        ip,
+        user,
+        additionalFields = ["emailConfirmed", "telephoneConfirmed"],
+    }) {
+        const context = { ip };
+        const secret = this.#getOptions().secret;
+        this.#validateSecretForToken({ secret, context });
+        let payload = {};
+        if (user) {
+            payload = this.#composeUserTokenPayload({ user, additionalFields });
+        } else {
+            payload = this.#composeGuestTokenPayload();
+        }
+        this.#setTokenExpiration(payload);
+        return JWT.sign(payload, secret);
+    }
+    static #setTokenExpiration(payload) {
+        const tokenTTL = this.#validateTTLForToken(this.#getOptions().ttl);
+        if (!objHas(payload, "exp")) {
+            payload.exp = Date.now() / 1000 + tokenTTL;
+        }
+    }
+    /**
+     *	Checks if user is authenticated
+     *	@return {boolean}	true - authenticated, false - guest
+     **/
+    isUser() {
+        return !!this.tokenContent?._id;
+    }
+    /**
+     *	Returns user role from token object
+     *	@return user role
+     **/
+    getRole() {
+        return this.tokenContent?.role ?? CONST.DEFAULT_USER_ROLE_FOR_GUEST;
+    }
+    /**
+     *	Set user role for active session
+     *	@param	{Array<string>}	role 	array of roles
+     **/
+    setRole(role) {
+        if (this.tokenContent) {
+            this.#tokenContent.role = [...role];
+            this.#updateToken();
+        }
+        return this;
+    }
+    /**
+     *	Set user id for active session
+     *	@param	{string}	_id 	user id
+     **/
+    setUserId(_id) {
+        if (this.tokenContent) {
+            this.#tokenContent._id = _id;
+            this.#updateToken();
+        }
+        return this;
+    }
+    isRoot() {
+        return (
+            this.isUser() &&
+            ROLES.compareRoles(
+                this.getRole(),
+                CONST.DEFAULT_USER_ROLE_FOR_ADMIN
+            )
+        );
+    }
+    /**
+     *	Get user id for active session
+     **/
+    getUserId() {
+        return this.#tokenContent?._id;
+    }
+    /**
+     *	returns token
+     **/
+    getSessionId() {
+        return this.token;
+    }
+    /**
+     *	Set auth data in session, user id and role
+     *	@param	{string}	id 		user id
+     *	@param	{string}	role 	user role
+     **/
+    setAuth(id, role) {
+        this.setUserId(id);
+        this.setRole(role);
+    }
+    /**
+     *	Set auth data in token to Guest
+     **/
+    setGuest() {
+        this.setAuth(null, [CONST.DEFAULT_USER_ROLE_FOR_GUEST]);
+    }
+    /**
+     *	Reset session
+     *	@param	{object}	req 	Express Request
+     **/
+    cleanse() {
+        this.setGuest();
+    }
+    static test(req) {
+        return !!this.getTokenFromRequest(req);
+    }
+};

package/src/manifest/route.js CHANGED Viewed

@@ -3,6 +3,7 @@ const CONST_AFTER_ACTION = "after";
 const obsoleteWarning = require("../obsolete");
+const notAppIdentity = require("../identity");
 const Auth = require("../auth"),
     HttpError = require("../error").Http;
@@ -69,7 +70,7 @@ class notRoute {
      *	@return	{object}	rule or null
      */
     selectRule(req) {
-        const user = Auth.extractAuthData(req);
+        const user = notAppIdentity.extractAuthData(req);
         if (this.actionData) {
             return notRoute.actionAvailableByRule(this.actionData, user);
         }

package/static2.js ADDED Viewed

@@ -0,0 +1,24 @@
+class Parent {
+    static getOptions() {
+        return this.#options;
+    }
+    static setOptions(opts) {
+        this.#options = opts;
+    }
+}
+class Child extends Parent {
+    static #options = {};
+    constructor() {
+        super();
+    }
+    run() {
+        Child.getOptions();
+    }
+}
+Parent.setOptions({ 1: "1" });
+console.log(new Child().run());

package/test/auth/identity.js ADDED Viewed

File without changes

package/test/auth/routes.js CHANGED Viewed

@@ -3,7 +3,7 @@ const {
     HttpExceptionForbidden,
 } = require("../../src/exceptions/http");
-module.exports = ({ Auth, HttpError, expect }) => {
+module.exports = ({ Auth, expect }) => {
     describe("Routes", () => {
         describe("getIP", () => {
             it("req.header[x-forwarded-for]", () => {

package/test/auth.js CHANGED Viewed

@@ -265,20 +265,6 @@ describe("Auth", function () {
             expect(resultFunction).to.throw();
         });
-        it("Both undefined, order defined Array with wrong types of element", function () {
-            let resultFunction = () => {
-                auth.checkSupremacy("undefined", "undefined", [12]);
-            };
-            expect(resultFunction).to.throw();
-        });
-        it("Both undefined, order defined Array with wrong types of element", function () {
-            let resultFunction = () => {
-                auth.checkSupremacy("undefined", "undefined", [null]);
-            };
-            expect(resultFunction).to.throw();
-        });
         it("Both undefined, order defined Array with wrong types of element", function () {
             let resultFunction = () => {
                 auth.checkSupremacy("undefined", "undefined", [null]);
@@ -437,7 +423,6 @@ describe("Auth", function () {
     require("./auth/routes.js")({ Auth: auth, HttpError, expect });
     require("./auth/roles.js")({ Auth: auth, HttpError, expect });
     require("./auth/rules.js")({ Auth: auth, HttpError, expect });
-    require("./auth/session.js")({ Auth: auth, HttpError, expect });
     require("./auth/obsolete.js")({ Auth: auth, HttpError, expect });
     require("./auth/fields.js")({ Auth: auth, HttpError, expect });
 });

package/test/env.js CHANGED Viewed

@@ -1,24 +1,24 @@
-const expect = require('chai').expect,
-	Env = require('../src/env');
+const expect = require("chai").expect,
+    Env = require("../src/env");
-describe('Env', function() {
-	describe('getEnv', function() {
-		it('key exists', function() {
-			const res = Env.getEnv('process');
-			expect(res).to.be.equal('development');
-		});
+describe("Env", function () {
+    describe("getEnv", function () {
+        it("key exists", function () {
+            const res = Env.getEnv("process");
+            expect(res).to.be.equal("development");
+        });
-		it('key not exists', function() {
-			const res = Env.getEnv('key' + Math.random().toString());
-			expect(res).to.be.undefined;
-		});
-	});
+        it("key not exists", function () {
+            const res = Env.getEnv("key" + Math.random().toString());
+            expect(res).to.be.undefined;
+        });
+    });
-	describe('setEnv', function() {
-		it('set', function() {
-			const res = Env.setEnv('key', 'happy');
-			expect(res).to.be.deep.equal(Env);
-			expect(res.getEnv('key')).to.be.deep.equal('happy');
-		});
-	});
+    describe("setEnv", function () {
+        it("set", function () {
+            const res = Env.setEnv("key", "happy");
+            expect(res).to.be.deep.equal(Env);
+            expect(res.getEnv("key")).to.be.deep.equal("happy");
+        });
+    });
 });

package/test/identity/identity.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ module.exports = () => {};

package/test/identity/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+module.exports = ({ expect }) => {
+    describe("notAppIdentity", () => {});
+    require("./identity.js")({ expect });
+    require("./providers/session.js")({
+        expect,
+    });
+    require("./providers/token.js")({
+        expect,
+    });
+};

package/test/identity/providers/session.js ADDED Viewed

@@ -0,0 +1,227 @@
+const Provider = require("../../../src/identity/providers/session");
+const mongoose = require("mongoose");
+const SESSION_NOT_EXISTS = "session not exists";
+module.exports = ({ expect }) => {
+    describe(`${Provider.constructor.name}`, () => {
+        describe("isUser", function () {
+            it("check if user exists - true", function () {
+                var t = {
+                    session: {
+                        user: true,
+                    },
+                };
+                var res = new Provider(t).isUser();
+                expect(res).to.eql(true);
+            });
+            it("check if user exists - false", function () {
+                var t = {
+                    session: {},
+                };
+                var res = new Provider(t).isUser();
+                expect(res).to.eql(false);
+            });
+        });
+        describe("isRoot", function () {
+            it("check if user admin - true", function () {
+                var t = {
+                    session: {
+                        user: mongoose.Types.ObjectId(),
+                        role: "root",
+                    },
+                };
+                var res = new Provider(t).isRoot();
+                expect(res).to.eql(true);
+            });
+            it("check if user admin - false", function () {
+                var t = {
+                    session: {
+                        user: mongoose.Types.ObjectId(),
+                    },
+                };
+                var res = new Provider(t).isRoot();
+                expect(res).to.eql(false);
+            });
+        });
+        describe("getRole", function () {
+            it("get role - root", function () {
+                var t = {
+                    session: {
+                        user: mongoose.Types.ObjectId(),
+                        role: "root",
+                    },
+                };
+                var res = new Provider(t).getRole();
+                expect(res).to.eql("root");
+            });
+            it("get role - undefined", function () {
+                var t = {
+                    session: {
+                        user: mongoose.Types.ObjectId(),
+                    },
+                };
+                var res = new Provider(t).getRole();
+                expect(res).to.eql(undefined);
+            });
+        });
+        describe("setRole", function () {
+            it("session exist, set role - root", function () {
+                var t = {
+                    session: {
+                        user: mongoose.Types.ObjectId(),
+                        role: "user",
+                    },
+                };
+                new Provider(t).setRole("root");
+                expect(t.session.role).to.eql("root");
+            });
+            it("session not exist, set role - admin", function () {
+                var t = {};
+                new Provider(t).setRole("admin");
+                expect(t).to.be.deep.eql({});
+            });
+        });
+        describe("setUserId", function () {
+            it("session exist, set _id", function () {
+                const t = {
+                    session: {
+                        role: "user",
+                    },
+                };
+                const id = mongoose.Types.ObjectId();
+                new Provider(t).setUserId(id);
+                expect(t.session.user).to.eql(id);
+            });
+            it("session not exist, set _id", function () {
+                const t = {};
+                const id = mongoose.Types.ObjectId();
+                new Provider(t).setUserId(id);
+                expect(t).to.be.deep.eql({});
+            });
+        });
+        describe("getUserId", function () {
+            it("session exist, user id exist", function () {
+                const t = {
+                    session: {
+                        user: mongoose.Types.ObjectId(),
+                        role: "user",
+                    },
+                };
+                const id = new Provider(t).getUserId();
+                expect(id.toString()).to.eql(t.session.user.toString());
+            });
+            it(SESSION_NOT_EXISTS, function () {
+                const t = {};
+                const id = new Provider(t).getUserId();
+                expect(id).to.be.deep.eql(undefined);
+            });
+        });
+        describe("getSessionId", function () {
+            it("session exist, session id exist", function () {
+                const t = {
+                    session: {
+                        id: mongoose.Types.ObjectId(),
+                        role: "user",
+                    },
+                };
+                const id = new Provider(t).getSessionId();
+                expect(id.toString()).to.eql(t.session.id.toString());
+            });
+            it(SESSION_NOT_EXISTS, function () {
+                const t = {};
+                const id = new Provider(t).getSessionId();
+                expect(id).to.be.deep.eql(undefined);
+            });
+        });
+        describe("setAuth", function () {
+            it("session exist", function () {
+                const t = {
+                    session: {},
+                };
+                const id = mongoose.Types.ObjectId();
+                new Provider(t).setAuth(id, "root");
+                expect(t.session.user.toString()).to.eql(id.toString());
+                expect(t.session.role).to.eql("root");
+            });
+            it(SESSION_NOT_EXISTS, function () {
+                const t = {};
+                const id = mongoose.Types.ObjectId();
+                new Provider(t).setAuth(id, "user");
+                expect(t).to.be.deep.eql({});
+            });
+        });
+        describe("setGuest", function () {
+            it("session exist", function () {
+                const id = mongoose.Types.ObjectId();
+                const t = {
+                    session: { user: id, role: "admin" },
+                    user: { _id: id },
+                };
+                new Provider(t).setGuest();
+                expect(t.session.user).to.eql(null);
+                expect(t.user).to.eql(null);
+                expect(t.session.role).to.eql(["guest"]);
+            });
+            it(SESSION_NOT_EXISTS, function () {
+                const t = {};
+                new Provider(t).setGuest();
+                expect(t).to.be.deep.eql({});
+            });
+        });
+        describe("cleanse", function () {
+            it("session exist, destroy method exists", function () {
+                const id = mongoose.Types.ObjectId();
+                let destroyed = false;
+                const t = {
+                    session: {
+                        user: id,
+                        role: "admin",
+                        destroy() {
+                            destroyed = true;
+                        },
+                    },
+                };
+                new Provider(t).cleanse();
+                expect(t.session.user).to.eql(null);
+                expect(t.session.role).to.eql(["guest"]);
+                expect(destroyed).to.eql(true);
+            });
+            it("session exist, destroy method exists", function () {
+                const id = mongoose.Types.ObjectId();
+                const t = {
+                    session: {
+                        user: id,
+                        role: "admin",
+                    },
+                };
+                new Provider(t).cleanse();
+                expect(t.session.user).to.eql(null);
+                expect(t.session.role).to.eql(["guest"]);
+            });
+            it(SESSION_NOT_EXISTS, function () {
+                const t = {};
+                new Provider(t).cleanse();
+                expect(t).to.be.deep.eql({});
+            });
+        });
+    });
+};