not-node 5.1.45 → 6.0.1

package/index.js

@@ -15,6 +15,10 @@ module.exports.Manifest = require("./src/manifest/manifest");
 module.exports.notManifestRouteResultFilter = require("./src/manifest/result.filter");
 /** Web Application */
 module.exports.notApp = require("./src/app");
+/** Application User Identity */
+module.exports.notAppIdentity = require("./src/identity");
+/** Application User Identity */
+module.exports.Identity = require("./src/identity/identity");
 /** General Application */
 module.exports.notDomain = require("./src/domain");
 /** Mongoose Documents versioning */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "not-node",
-  "version": "5.1.45",
+  "version": "6.0.1",
   "description": "node complimentary part for client side notFramework.",
   "main": "index.js",
   "scripts": {
@@ -47,6 +47,7 @@
     "express-session": "^1.17.3",
     "fs-extra": "*",
     "helmet": "^6.0.0",
+    "jsonwebtoken": "^8.5.1",
     "lower-case": "*",
     "method-override": "^3.0.0",
     "mock-require": "^3.0.3",

package/src/app.js

@@ -1,4 +1,4 @@
-const Auth = require("./auth");
+const notAppIdentity = require("./identity");
 const notDomain = require("./domain");
 const merge = require("deepmerge");
 const parent = require("../index.js");
@@ -50,7 +50,7 @@ class notApp extends notDomain {
      *	@return 	{object}	manifest
      **/
     getManifest(req) {
-        const creds = Auth.extractAuthData(req);
+        const creds = notAppIdentity.extractAuthData(req);
         return this.collectManifest(creds);
     }
 

package/src/auth/index.js

@@ -6,12 +6,10 @@ const FIELDS = require("./fields");
 const ROLES = require("./roles");
 const RULES = require("./rules");
 const ROUTES = require("./routes");
-const SESSION = require("./session");
 
 module.exports = {
     ...CONST,
     ...ABSTRACT,
-    ...SESSION,
     ...ROLES,
     ...RULES,
     ...ROUTES,

package/src/auth/routes.js

@@ -1,45 +1,12 @@
-const log = require("not-log")(module, "Auth");
 const {
     HttpExceptionUnauthorized,
     HttpExceptionForbidden,
 } = require("../exceptions/http");
-const SESSION = require("./session");
-const ROLES = require("./roles");
-
-/**
- *  Get request ip
- *  @param  {object}  req   Express Request
- **/
-function getIP(req) {
-    if (req) {
-        return (
-            (req.headers && req.headers["x-forwarded-for"]) ||
-            (req.connection && req.connection.remoteAddress) ||
-            (req.socket && req.socket.remoteAddress) ||
-            (req.connection &&
-                req.connection.socket &&
-                req.connection.socket.remoteAddress)
-        );
-    } else {
-        return undefined;
-    }
-}
 
-/**
- *  Collects various authentification and authorization data from request object
- *  @params {object}  req       ExpressRequest
- * @return {object}  various authentification data for actor { root:boolean, auth: boolean, role: [string], uid: ObjectId, sid: string, ip:string }
- */
-function extractAuthData(req) {
-    return {
-        root: SESSION.isRoot(req),
-        auth: SESSION.isUser(req),
-        role: SESSION.getRole(req),
-        uid: SESSION.getUserId(req),
-        sid: SESSION.getSessionId(req),
-        ip: getIP(req),
-    };
-}
+const { log } = require("not-log")(module, "Auth/Routes");
+const ROLES = require("./roles");
+const notAppIdentity = require("../identity");
+const { getIP } = require("../common");
 
 /**
  *  Returns Express middleware witch check role against one presented in request
@@ -48,8 +15,10 @@ function extractAuthData(req) {
  **/
 function checkRoleBuilder(role) {
     return (req, res, next) => {
-        let userRole = SESSION.getRole(req);
-        if (!SESSION.isUser(req)) {
+        const identity = new notAppIdentity(req);
+        const userRole = identity.getRole();
+        const userId = identity.getUserId();
+        if (!identity.isUser()) {
             return next(
                 new HttpExceptionUnauthorized({
                     params: { ip: getIP(req) },
@@ -63,8 +32,8 @@ function checkRoleBuilder(role) {
                 new HttpExceptionForbidden({
                     params: {
                         ip: getIP(req),
-                        user: req.session.user,
-                        role: req.session.role,
+                        user: userId,
+                        role: userRole,
                     },
                 })
             );
@@ -73,14 +42,15 @@ function checkRoleBuilder(role) {
 }
 
 /**
- *  Checks if user is authenticated, by searching req.session.user
+ *  Checks if user is authenticated, by searching in Identity associated with request
  *  If auth pass next, else throw error
  *  @param  {object}  req   Express Request object
  *  @param  {object}  res   Express Repost object
  *  @param  {function}  next   callback
  **/
 function checkUser(req, res, next) {
-    if (SESSION.isUser(req)) {
+    const identity = new notAppIdentity(req);
+    if (identity.isUser()) {
         return next();
     } else {
         return next(
@@ -91,30 +61,18 @@ function checkUser(req, res, next) {
     }
 }
 
-/**
- *  Checks if user is authenticated, by searching req.session.user
- *  If auth pass next, else throw error
- *  @param  {object}  req   Express Request object
- *  @param  {object}  res   Express Repost object
- *  @param  {function}  next   callback
- **/
-function checkAdmin(req, res, next) {
-    log.error("checkAdmin is obsolete, use new version as checkRoot");
-    log.error(req.originalUrl);
-    return checkRoot(req, res, next);
-}
-
 function checkRoot(req, res, next) {
-    if (SESSION.isRoot(req)) {
+    const identity = new notAppIdentity(req);
+    if (identity.isRoot()) {
         return next();
     } else {
-        if (SESSION.isUser(req)) {
+        if (identity.isUser()) {
             return next(
                 new HttpExceptionForbidden({
                     params: {
                         ip: getIP(req),
-                        user: req.session.user,
-                        role: req.session.role,
+                        user: identity.getUserId(),
+                        role: identity.getRole(),
                     },
                 })
             );
@@ -128,9 +86,15 @@ function checkRoot(req, res, next) {
     }
 }
 
+function extractAuthData(req) {
+    log(
+        "Obsolete path notAuth.extractAuthData(req), use notAppIdentity.extractAuthData(req) instead"
+    );
+    return notAppIdentity.extractAuthData(req);
+}
+
 module.exports = {
     checkRoot,
-    checkAdmin,
     checkUser,
     checkRoleBuilder,
     extractAuthData,

package/src/auth/rules.js

@@ -1,15 +1,16 @@
 const ROLES = require("./roles");
 const postWarning = require("../obsolete");
+const { objHas } = require("../common");
 
 function ruleHasRootDirective(rule) {
     return (
-        (Object.prototype.hasOwnProperty.call(rule, "admin") && rule.admin) ||
-        (Object.prototype.hasOwnProperty.call(rule, "root") && rule.root)
+        (objHas(rule, "admin") && rule.admin) ||
+        (objHas(rule, "root") && rule.root)
     );
 }
 
 function compareWithRoot(rule, root) {
-    if (Object.prototype.hasOwnProperty.call(rule, "admin")) {
+    if (objHas(rule, "admin")) {
         return rule.admin && root;
     } else {
         return rule.root && root;
@@ -18,7 +19,7 @@ function compareWithRoot(rule, root) {
 
 function compareRuleRoles(rule, role, auth) {
     if (ROLES.compareRoles(rule.role, role)) {
-        if (Object.prototype.hasOwnProperty.call(rule, "auth")) {
+        if (objHas(rule, "auth")) {
             if (rule.auth && auth) {
                 return true;
             } else {
@@ -41,9 +42,9 @@ function roleRequireAuthState(requiredAuth, userAuth) {
 }
 
 function compareAuthStatus(rule, auth) {
-    if (Object.prototype.hasOwnProperty.call(rule, "auth")) {
+    if (objHas(rule, "auth")) {
         return roleRequireAuthState(rule.auth, auth);
-    } else if (Object.prototype.hasOwnProperty.call(rule, "user")) {
+    } else if (objHas(rule, "user")) {
         return roleRequireAuthState(rule.user, auth);
     } else {
         return true;
@@ -74,7 +75,7 @@ function checkCredentials(rule, auth, role, root) {
             return compareWithRoot(rule, root);
         } else {
             //if we have roles in rule, then using role based aproach
-            if (Object.prototype.hasOwnProperty.call(rule, "role")) {
+            if (objHas(rule, "role")) {
                 return compareRuleRoles(rule, role, auth);
             } else {
                 //if no then just

package/src/common.js

@@ -205,3 +205,22 @@ module.exports.generatePaths = (content = [], relative = "src") => {
         return prev;
     }, {});
 };
+
+/**
+ *  Get request ip
+ *  @param  {object}  req   Express Request
+ **/
+module.exports.getIP = (req) => {
+    if (req) {
+        return (
+            (req.headers && req.headers["x-forwarded-for"]) ||
+            (req.connection && req.connection.remoteAddress) ||
+            (req.socket && req.socket.remoteAddress) ||
+            (req.connection &&
+                req.connection.socket &&
+                req.connection.socket.remoteAddress)
+        );
+    } else {
+        return undefined;
+    }
+};

package/src/identity/exceptions.js

@@ -0,0 +1,17 @@
+const { notError } = require("not-error");
+
+class IdentityExceptionProviderAlreadySet extends notError {
+    constructor(name) {
+        super("not-node:identity_provider_already_set", { name });
+    }
+}
+module.exports.IdentityExceptionProviderAlreadySet =
+    IdentityExceptionProviderAlreadySet;
+
+class IdentityExceptionProviderNotFound extends notError {
+    constructor() {
+        super("not-node:identity_provider_not_found");
+    }
+}
+module.exports.IdentityExceptionProviderNotFound =
+    IdentityExceptionProviderNotFound;

package/src/identity/identity.js

@@ -0,0 +1,61 @@
+const { copyObj, objHas } = require("../common");
+const IdentityProviderSession = require("./providers/session");
+const IdentityProviderToken = require("./providers/token");
+const {
+    IdentityExceptionProviderAlreadySet,
+    IdentityExceptionProviderNotFound,
+} = require("./exceptions");
+
+/**
+ * Class to manage and access to user identity providers and their options
+ */
+class Identity {
+    static #priorities = ["token", "session"];
+
+    static #providers = {
+        session: IdentityProviderSession,
+        token: IdentityProviderToken,
+    };
+
+    static of(req) {
+        const Provider = this.providerSelector(req);
+        return new Provider(req);
+    }
+
+    static providerSelector(req) {
+        return this.getProvider(this.getProviderName(req));
+    }
+
+    static getProvider(providerName) {
+        return this.#providers[providerName];
+    }
+
+    // override if needed
+    static getProviderName(req) {
+        for (let providerName of this.#priorities) {
+            if (this.getProvider(providerName).test(req)) {
+                return providerName;
+            }
+        }
+        throw new IdentityExceptionProviderNotFound();
+    }
+
+    static setProviderOptions(providerName, options) {
+        if (options && typeof options !== "undefined") {
+            this.#providers[providerName].setOptions(copyObj(options));
+        }
+    }
+
+    static setProvider(providerName, Provider) {
+        if (objHas(this.#providers, providerName)) {
+            throw new IdentityExceptionProviderAlreadySet(providerName);
+        }
+        this.#providers[providerName] = Provider;
+    }
+
+    static setProvidersPriorities(list = []) {
+        this.#priorities = [...list];
+    }
+}
+
+module.exports = Identity;

package/src/identity/index.js

@@ -0,0 +1,35 @@
+const Identity = require("./identity");
+const { getIP } = require("../common");
+
+module.exports = class notAppIdentity {
+    static #identity = Identity;
+
+    static set identity(val) {
+        this.#identity = val;
+    }
+
+    static get identity() {
+        return this.#identity;
+    }
+
+    /**
+     *  Collects various authentification and authorization data from request object
+     *  @params {object}  req       ExpressRequest
+     * @return {object}  various authentification data for actor { root:boolean, auth: boolean, role: [string], uid: ObjectId, sid: string, ip:string }
+     */
+    static extractAuthData(req) {
+        const identity = this.#identity.of(req);
+        return {
+            root: identity.isRoot(),
+            auth: identity.isUser(),
+            role: identity.getRole(),
+            uid: identity.getUserId(),
+            sid: identity.getSessionId(),
+            ip: getIP(req),
+        };
+    }
+
+    constructor(req) {
+        return notAppIdentity.identity.of(req);
+    }
+};

package/src/identity/providers/session.js

@@ -0,0 +1,137 @@
+const CONST = require("../../auth/const");
+const ROLES = require("../../auth/roles");
+
+module.exports = class IdentityProviderSession {
+    static #options = {};
+
+    static setOptions(options = {}) {
+        this.#options = options;
+    }
+
+    static #getOptions() {
+        return this.#options;
+    }
+
+    constructor(req) {
+        this.req = req;
+        return this;
+    }
+
+    /**
+     *	Checks if user is authenticated, by searching req.session.user
+     *	@return {boolean}	true - authenticated, false - guest
+     **/
+
+    isUser() {
+        const req = this.req;
+        return req && req.session && req.session.user ? true : false;
+    }
+
+    /**
+     *	Returns user role from request object
+     *	@return user role
+     **/
+    getRole() {
+        const req = this.req;
+        return req && req.session && req.session.role
+            ? req.session.role
+            : undefined;
+    }
+
+    /**
+     *	Set user role for active session
+     *	@param	{Array<string>}	role 	array of roles
+     **/
+    setRole(role) {
+        const req = this.req;
+        if (req && req.session) {
+            req.session.role = role;
+            req.session.save();
+        }
+    }
+
+    /**
+     *	Set user id for active session
+     *	@param	{string}	_id 	user id
+     **/
+    setUserId(_id) {
+        const req = this.req;
+        if (req && req.session) {
+            req.session.user = _id;
+            req.session.save();
+        }
+    }
+
+    isRoot() {
+        return (
+            this.isUser() &&
+            ROLES.compareRoles(
+                this.getRole(),
+                CONST.DEFAULT_USER_ROLE_FOR_ADMIN
+            )
+        );
+    }
+
+    /**
+     *	Get user id for active session
+     **/
+    getUserId() {
+        const req = this.req;
+        if (req && req.session) {
+            return req.session.user;
+        } else {
+            return undefined;
+        }
+    }
+
+    /**
+     *	Get session id for active session
+     **/
+    getSessionId() {
+        const req = this.req;
+        if (req && req.session && req.session.id) {
+            return req.session.id.toString();
+        } else {
+            return undefined;
+        }
+    }
+
+    /**
+     *	Set auth data in session, user id and role
+     *	@param	{string}	id 		user id
+     *	@param	{string}	role 	user role
+     **/
+    setAuth(id, role) {
+        this.setUserId(id);
+        this.setRole(role);
+    }
+
+    /**
+     *	Set auth data in session to Guest
+     **/
+    setGuest() {
+        const req = this.req;
+        if (req && req.session) {
+            req.user = null;
+            req.session.user = null;
+            this.setRole([CONST.DEFAULT_USER_ROLE_FOR_GUEST]);
+        }
+    }
+
+    /**
+     *	Reset session
+     **/
+    cleanse() {
+        const req = this.req;
+        if (req && req.session) {
+            this.setGuest();
+            if (req.session.destroy) {
+                req.session.destroy();
+            }
+        }
+    }
+
+    static test(req) {
+        return typeof req.session !== "undefined" && req.session !== null;
+    }
+};