propro-utils 1.4.72 → 1.4.74

package/README.md

@@ -1,88 +1,89 @@
 # propro-utils
 
-`propro-utils` is a comprehensive Node.js middleware designed for handling both server-side and client-side authentication, notifcations and other utility functions. It's ideal for applications requiring robust authentication strategies and is highly customizable to fit various authentication needs.
+`propro-utils` is a comprehensive Node.js middleware designed for handling authentication, authorization, and various utility functions for web applications. It provides a robust solution for both server-side and client-side authentication, profile management, and application settings.
 
 ## Features
 
-- **Dual Authentication Modes**: Supports both server-side and client-side authentication.
+- **Flexible Authentication**: Supports both server-side and client-side authentication.
+- **Profile Management**: Includes routes for updating user profiles, passwords, emails, two-factor authentication, and avatars.
+- **App Settings**: Provides a route for managing application-specific settings.
+- **Token Refresh**: Handles token refreshing for maintaining user sessions.
+- **Logout Functionality**: Implements secure user logout.
 - **Configurable**: Offers a wide range of options for customizing the authentication process.
-- **Lazy Loading**: Efficiently initializes authentication modules on-demand.
-- **Environment Validation**: Ensures critical environment variables are set.
-- **Error Management**: Provides robust error handling during the authentication process.
+- **Error Handling**: Provides robust error management during the authentication process.
 
 ## Installation
 
-Install the middleware using npm or Yarn:
+Install the middleware using `yarn`:
 
-````bash
-npm install propro-utils
-# or
-yarn add propro-utils
+```bash
+ yarn add propro-utils
+```
 
 ## Usage
 
-After installing the middleware, you can import it in your project:
+After installing the middleware, you can import and use it in your Express application:
 
 ```javascript
-const proproAuthMiddleware = require("propro-utils");
-````
-
-Then, you can use the middleware in your server and client side code:
+const express = require('express');
+const AuthMiddleware = require('propro-utils');
+const userSchema = require('./models/user');
 
-```javascript
-const express = require("express");
 const app = express();
-const proproAuthMiddleware = require("propro-utils");
-
-// Initialize middleware with default parameters
-app.use(proproAuthMiddleware());
-
-// Or, initialize with custom settings
-// For example, to use only server authentication:
-app.use(proproAuthMiddleware(true, false));
-
-// And to use only client authentication:
-app.use(proproAuthMiddleware(false, true));
-
-// Add options
-app.use(
-  proproAuthMiddleware({
-    useServerAuth: true,
-    serverOptions: {
-      validateUser: async (userId) => {
-        /* User validation logic */
-      },
-    secret = "RESTFULAPIs",
-    authUrl = process.env.AUTH_URL,
-    clientId = process.env.CLIENT_ID,
-    clientSecret = process.env.CLIENT_SECRET,
-    clientUrl = process.env.CLIENT_URL,
-    redirectUri = process.env.REDIRECT_URI,
-      onAuthFailRedirect: "/login",
-      additionalChecks: async (req) => {
-        /* Additional request checks */
-      },
-    },
-    useClientAuth: false,
-    clientOptions: {
-      // Client-side authentication options
-    },
-  })
+
+const authMiddleware = new AuthMiddleware(
+  {
+    authUrl: process.env.AUTH_URL,
+    clientId: process.env.CLIENT_ID,
+    clientSecret: process.env.CLIENT_SECRET,
+    clientUrl: process.env.CLIENT_URL,
+    redirectUri: process.env.REDIRECT_URI,
+    appName: process.env.APP_NAME,
+    appUrl: process.env.APP_URL,
+  },
+  userSchema
 );
+
+app.use(authMiddleware.middleware());
+
+// Your other routes and middleware
 ```
 
 ### Configuration Options
 
-- useServerAuth (boolean): Enable or disable server-side authentication.
-- serverOptions (object): Configuration options for server-side authentication.
-- useClientAuth (boolean): Enable or disable client-side authentication.
-- clientOptions (object): Configuration options for client-side authentication.
+The `AuthMiddleware` constructor accepts an options object with the following properties:
 
-## Contributing
+- `secret`: The secret key used for authentication (default: 'RESTFULAPIs')
+- `authUrl`: The authentication URL
+- `clientId`: The client ID
+- `clientSecret`: The client secret
+- `clientUrl`: The client URL
+- `redirectUri`: The redirect URI
+- `appName`: The application name
+- `appUrl`: The URL of the client application
 
-If you have suggestions for how propro-utils could be improved, or want to report a bug, open an issue! We'd love all and any contributions.
+## API Routes
+
+The middleware sets up the following routes:
+
+- `GET /api/auth`: Initiates the authentication process
+- `GET /api/callback`: Handles the callback from the authentication server
+- `POST /api/refreshToken`: Refreshes the authentication token
+- `POST /api/logout`: Logs out the user
+- `PATCH /api/profile`: Updates the user profile
+- `PATCH /api/profile/password`: Updates the user's password
+- `PATCH /api/profile/email`: Updates the user's email
+- `PATCH /api/profile/2fa`: Manages two-factor authentication
+- `PATCH /api/profile/avatar`: Updates the user's avatar
+- `PATCH /api/app/settings`: Manages application settings
+
+## Error Handling
+
+The middleware includes comprehensive error handling for various scenarios, including missing tokens, failed requests, and server errors.
+
+## Contributing
 
-For more, check out the [Contributing Guide](./CONTRIBUTING.md).
+Contributions are welcome! Please feel free to submit a Pull Request.
 
 ## License
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.4.72",
+  "version": "1.4.74",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "scripts": {

package/src/client/index.js

@@ -1,24 +1,45 @@
-import axios from 'axios';
+// client/ClientAuth.js
 
-const setupClientMiddleware = () => {
-  axios.interceptors.request.use(function (config) {
-    const token = localStorage.getItem('token');
-    if (token) {
-      config.headers.Authorization = `Bearer ${token}`;
-    }
-    return config;
-  }, function (error) {
-    return Promise.reject(error);
-  });
+const axios = require('axios');
 
-  axios.interceptors.response.use(function (response) {
-    return response;
-  }, function (error) {
-    if (error.response.status === 401) {
-      localStorage.removeItem('token');
-    }
-    return Promise.reject(error);
-  });
-};
+class ClientAuth {
+  constructor(options = {}) {
+    this.options = options;
+  }
 
-export default setupClientMiddleware;
+  middleware() {
+    return (req, res, next) => {
+      this.setupInterceptors();
+      next();
+    };
+  }
+
+  setupInterceptors() {
+    axios.interceptors.request.use(
+      function (config) {
+        const token = localStorage.getItem('token');
+        if (token) {
+          config.headers.Authorization = `Bearer ${token}`;
+        }
+        return config;
+      },
+      function (error) {
+        return Promise.reject(error);
+      }
+    );
+
+    axios.interceptors.response.use(
+      function (response) {
+        return response;
+      },
+      function (error) {
+        if (error.response && error.response.status === 401) {
+          localStorage.removeItem('token');
+        }
+        return Promise.reject(error);
+      }
+    );
+  }
+}
+
+module.exports = ClientAuth;

package/src/index.js

@@ -1,6 +1,9 @@
 const {
   validateEnvironmentVariables,
 } = require('./server/middleware/validateEnv');
+const ServerAuth = require('./server/index');
+const ClientAuth = require('./client/ClientAuth');
+
 let _serverAuth, _clientAuth;
 
 /**
@@ -43,31 +46,66 @@ let _serverAuth, _clientAuth;
  * }, UserSchema));
  * ```
  */
-module.exports = function proproAuthMiddleware(options = {}, userSchema) {
-  validateEnvironmentVariables([
-    'AUTH_URL',
-    'CLIENT_ID',
-    'CLIENT_SECRET',
-    'CLIENT_URL',
-    'REDIRECT_URI',
-    'APP_URL',
-  ]);
-  return (req, res, next) => {
-    try {
-      // Lazy loading and initializing server and client authentication modules with options
-      if (options.useServerAuth) {
-        _serverAuth =
-          _serverAuth || require('./server')(options.serverOptions, userSchema);
-        _serverAuth(req, res, next);
-      } else if (options.useClientAuth) {
-        _clientAuth = _clientAuth || require('./client')(options.clientOptions);
-        _clientAuth(req, res, next);
-      } else {
-        next();
-      }
-    } catch (error) {
-      console.error('Error in authentication middleware:', error);
-      next(error);
+class ProProAuthMiddleware {
+  constructor(options = {}, userSchema) {
+    this.options = options;
+    this.userSchema = userSchema;
+    this.serverAuth = null;
+    this.clientAuth = null;
+
+    this.validateConfig();
+  }
+
+  validateConfig() {
+    validateEnvironmentVariables([
+      'AUTH_URL',
+      'CLIENT_ID',
+      'CLIENT_SECRET',
+      'CLIENT_URL',
+      'REDIRECT_URI',
+      'APP_URL',
+    ]);
+
+    if (!this.options.useServerAuth && !this.options.useClientAuth) {
+      console.warn(
+        'Neither server-side nor client-side authentication is enabled.'
+      );
+    }
+  }
+
+  initializeServerAuth() {
+    if (!this.serverAuth) {
+      this.serverAuth = new ServerAuth(
+        this.options.serverOptions,
+        this.userSchema
+      );
+    }
+    return this.serverAuth.middleware();
+  }
+
+  initializeClientAuth() {
+    if (!this.clientAuth) {
+      this.clientAuth = new ClientAuth(this.options.clientOptions);
     }
-  };
-};
+    return this.clientAuth.middleware();
+  }
+
+  middleware() {
+    return (req, res, next) => {
+      try {
+        if (this.options.useServerAuth) {
+          return this.initializeServerAuth()(req, res, next);
+        } else if (this.options.useClientAuth) {
+          return this.initializeClientAuth()(req, res, next);
+        } else {
+          next();
+        }
+      } catch (error) {
+        console.error('Error in authentication middleware:', error);
+        next(error);
+      }
+    };
+  }
+}
+
+module.exports = ProProAuthMiddleware;

package/src/server/index.js

@@ -3,9 +3,9 @@ const {
   exchangeToken,
   formatRedirectUrl,
 } = require('./middleware/verifyToken');
-const { setAuthCookies } = require('./middleware/setAuthCookies');
+const { setAuthCookies } = require('./middleware/cookieUtils');
 const { checkIfUserExists } = require('../../middlewares/account_info');
-const { post } = require('axios');
+const axios = require('axios');
 
 /**
  * Middleware for handling authentication and authorization.
@@ -22,145 +22,238 @@ const { post } = require('axios');
  * @param {Schema} [userSchema] - The user schema to perform the operations on.
  * @returns {Function} - Express middleware function.
  */
-function proproAuthMiddleware(options = {}, userSchema) {
-  const {
-    secret = 'RESTFULAPIs',
-    authUrl = process.env.AUTH_URL,
-    clientId = process.env.CLIENT_ID,
-    clientSecret = process.env.CLIENT_SECRET,
-    clientUrl = process.env.CLIENT_URL,
-    redirectUri = process.env.REDIRECT_URI,
-    appName = process.env.APP_NAME,
-    appUrl = process.env.APP_URL,
-  } = options;
-
-  let refreshToken;
-
-  return async (req, res, next) => {
+class AuthMiddleware {
+  constructor(options = {}, userSchema) {
+    this.options = {
+      secret: options.secret || 'RESTFULAPIs',
+      authUrl: options.authUrl || process.env.AUTH_URL,
+      clientId: options.clientId || process.env.CLIENT_ID,
+      clientSecret: options.clientSecret || process.env.CLIENT_SECRET,
+      clientUrl: options.clientUrl || process.env.CLIENT_URL,
+      redirectUri: options.redirectUri || process.env.REDIRECT_URI,
+      appName: options.appName || process.env.APP_NAME,
+      appUrl: options.appUrl || process.env.APP_URL,
+    };
+    this.userSchema = userSchema;
+    this.router = Router();
+    this.initializeRoutes();
+  }
+
+  initializeRoutes() {
+    this.router.get('/api/auth', this.handleAuth);
+    this.router.get('/api/callback', this.handleCallback);
+    this.router.post('/api/refreshToken', this.handleRefreshToken);
+    this.router.post('/api/logout', this.handleLogout);
+    this.router.patch('/api/profile', this.handleProfileUpdate);
+    this.router.patch('/api/profile/password', this.handlePasswordUpdate);
+    this.router.patch('/api/profile/email', this.handleEmailUpdate);
+    this.router.patch('api/profile/2fa', this.handleTwoFactorAuth);
+    this.router.patch('/api/profile/avatar', this.handleAvatarUpdate);
+    this.router.patch('api/app/settings', this.handleAppSettings);
+  }
+
+  handleAuth = (req, res) => {
+    const redirectUrl = this.constructRedirectUrl();
+    res.status(200).json({ redirectUrl });
+  };
+
+  handleCallback = async (req, res) => {
+    const { code } = req.query;
+    if (!code) {
+      return res.status(400).send('No code received');
+    }
+
     try {
-      if (
-        !['/api/auth', '/api/callback', '/api/refreshToken'].includes(req.path)
-      ) {
-        return next();
-      }
+      const { tokens, account, redirectUrl } = await exchangeToken(
+        this.options.authUrl,
+        code,
+        this.options.clientId,
+        this.options.clientSecret,
+        this.options.redirectUri
+      );
 
-      if (req.path === '/api/auth') {
-        const redirectUrl = constructRedirectUrl(
-          clientUrl,
-          appName,
-          clientId,
-          redirectUri
-        );
-        return res.status(200).json({ redirectUrl });
-      }
+      const user = await checkIfUserExists(this.userSchema, account.accountId);
+      setAuthCookies(res, tokens, account, user, redirectUrl);
 
-      if (req.path === '/api/refreshToken') {
-        if (req.cookies) {
-          refreshToken = req.cookies['x-refresh-token'];
-        }
-        if (!refreshToken) {
-          const redirectUrl = constructRedirectUrl(
-            clientUrl,
-            appName,
-            clientId,
-            redirectUri
-          );
-          return res
-            .status(401)
-            .json({ redirectUrl, error: 'No refresh token provided' });
-        }
-
-        const formatedAuthUrl = formatRedirectUrl(authUrl);
-
-        let response;
-
-        try {
-          response = await post(
-            `${formatedAuthUrl}/api/v1/auth/refreshTokens`,
-            {
-              refreshToken,
-            },
-            {
-              params: {
-                actionType: 'refresh',
-              },
-            }
-          );
-        } catch (error) {
-          console.error('an error occur: ', error.message);
-        }
-
-        let { account, access, refresh } = response.data;
-
-        if (!account || !access || !refresh) {
-          return res
-            .status(401)
-            .json({ error: 'Invalid or expired refresh token' });
-        }
-
-        const user = await checkIfUserExists(userSchema, account.accountId);
-
-        setAuthCookies(res, { access, refresh }, account, user, appUrl);
+      res.redirect(formatRedirectUrl(redirectUrl));
+    } catch (error) {
+      console.error('Error in callback:', error);
+      res.status(500).send('Internal Server Error');
+    }
+  };
+
+  handleRefreshToken = async (req, res) => {
+    const refreshToken = req.cookies['x-refresh-token'];
+    if (!refreshToken) {
+      return res.status(401).json({
+        redirectUrl: this.constructRedirectUrl(),
+        error: 'No refresh token provided',
+      });
+    }
+
+    try {
+      const response = await this.refreshTokens(refreshToken);
+      const { account, access, refresh } = response.data;
 
+      if (!account || !access || !refresh) {
         return res
-          .status(200)
-          .json({ message: 'Token refreshed successfully' });
+          .status(401)
+          .json({ error: 'Invalid or expired refresh token' });
       }
 
-      if (req.path === '/api/callback') {
-        const code = req.query.code;
-        if (!code) {
-          return res.status(400).send('No code received');
-        }
+      const user = await checkIfUserExists(this.userSchema, account.accountId);
+      setAuthCookies(
+        res,
+        { access, refresh },
+        account,
+        user,
+        this.options.appUrl
+      );
 
-        const { tokens, account, redirectUrl } = await exchangeToken(
-          authUrl,
-          code,
-          clientId,
-          clientSecret,
-          redirectUri
-        );
+      res.status(200).json({ message: 'Token refreshed successfully' });
+    } catch (error) {
+      console.error('Error refreshing token:', error);
+      res.status(401).json({ error: 'Failed to refresh token' });
+    }
+  };
 
-        const user = await checkIfUserExists(userSchema, account.accountId);
+  handleLogout = async (req, res) => {
+    const refreshToken = req.cookies['x-refresh-token'];
+    if (!refreshToken) {
+      return res.status(401).json({ error: 'No refresh token provided' });
+    }
 
-        setAuthCookies(res, tokens, account, user, redirectUrl);
+    try {
+      await this.logoutUser(refreshToken);
+      clearAuthCookies(res);
+      res.status(200).json({ redirectUrl: this.constructRedirectUrl() });
+    } catch (error) {
+      console.error('Error logging out:', error);
+      res.status(500).json({ error: 'Failed to logout' });
+    }
+  };
 
-        const setCookies = res.getHeader('Set-Cookie');
-        console.log('Set-Cookies: ', setCookies);
+  refreshTokens = async refreshToken => {
+    const formattedAuthUrl = formatRedirectUrl(this.options.authUrl);
+    return axios.post(
+      `${formattedAuthUrl}/api/v1/auth/refreshTokens`,
+      { refreshToken },
+      { params: { actionType: 'refresh' } }
+    );
+  };
 
-        console.log('Redirect URL: ', redirectUrl);
+  logoutUser = async refreshToken => {
+    const formattedAuthUrl = formatRedirectUrl(this.options.authUrl);
+    return axios.post(
+      `${formattedAuthUrl}/api/v1/auth/logout`,
+      { refreshToken },
+      { params: { actionType: 'refresh' } }
+    );
+  };
 
-        const urlToRedirect = formatRedirectUrl(redirectUrl);
+  constructRedirectUrl() {
+    const urlToRedirect = formatRedirectUrl(this.options.clientUrl);
+    return `${urlToRedirect}/signin?response_type=code&appName=${
+      this.options.appName
+    }&client_id=${this.options.clientId}&redirect_uri=${encodeURIComponent(
+      this.options.redirectUri
+    )}`;
+  }
 
-        return res.redirect(urlToRedirect);
+  handleProfileUpdate = async (req, res) => {
+    try {
+      const response = await this.proxyToAuthServer(req, '/api/v1/profile');
+      res.status(response.status).json(response.data);
+    } catch (error) {
+      this.handleProxyError(error, res);
+    }
+  };
 
-        // return res.status(200).json({
-        //   message: 'Token received successfully',
-        //   redirectUrl: urlToRedirect,
-        // });
-      }
+  handlePasswordUpdate = async (req, res) => {
+    try {
+      const response = await this.proxyToAuthServer(
+        req,
+        '/api/v1/profile/password'
+      );
+      res.status(response.status).json(response.data);
     } catch (error) {
-      console.log('Unauthorized: ', error.message);
-      res.status(401).send('Unauthorized: Invalid or expired token');
+      this.handleProxyError(error, res);
     }
   };
-}
 
-/**
- * Constructs the redirect URL for a client application.
- *
- * @param {string} clientUrl - The URL of the client application.
- * @param {string} appName - The name of the application.
- * @param {string} clientId - The client ID.
- * @param {string} redirectUri - The redirect URI.
- * @return {string} The constructed redirect URL.
- */
-function constructRedirectUrl(clientUrl, appName, clientId, redirectUri) {
-  const urlToRedirect = formatRedirectUrl(clientUrl);
+  handleEmailUpdate = async (req, res) => {
+    try {
+      const response = await this.proxyToAuthServer(
+        req,
+        '/api/v1/profile/email'
+      );
+      res.status(response.status).json(response.data);
+    } catch (error) {
+      this.handleProxyError(error, res);
+    }
+  };
+
+  handleTwoFactorAuth = async (req, res) => {
+    try {
+      const response = await this.proxyToAuthServer(req, '/api/v1/profile/2fa');
+      res.status(response.status).json(response.data);
+    } catch (error) {
+      this.handleProxyError(error, res);
+    }
+  };
+
+  handleAvatarUpdate = async (req, res) => {
+    try {
+      const response = await this.proxyToAuthServer(
+        req,
+        '/api/v1/profile/avatar'
+      );
+      res.status(response.status).json(response.data);
+    } catch (error) {
+      this.handleProxyError(error, res);
+    }
+  };
+
+  proxyToAuthServer = async (req, path) => {
+    const accessToken = req.cookies['x-access-token'];
+    if (!accessToken) {
+      throw new Error('No access token provided');
+    }
+
+    const formattedAuthUrl = formatRedirectUrl(this.options.authUrl);
+    return axios({
+      method: req.method,
+      url: `${formattedAuthUrl}${path}`,
+      data: req.body,
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+      },
+    });
+  };
+
+  handleProxyError = (error, res) => {
+    console.error('Error proxying request to auth server:', error);
+    if (error.response) {
+      res.status(error.response.status).json(error.response.data);
+    } else {
+      res.status(500).json({ error: 'Internal Server Error' });
+    }
+  };
+
+  handleAppSettings = async (req, res) => {
+    try {
+      const { settings } = req.body;
+      res.status(200).json({ message: 'App settings updated successfully' });
+    } catch (error) {
+      console.error('Error updating app settings:', error);
+      res.status(500).json({ error: 'Failed to update app settings' });
+    }
+  };
 
-  return `${urlToRedirect}/signin?response_type=code&appName=${appName}&client_id=${clientId}&redirect_uri=${encodeURIComponent(
-    redirectUri
-  )}`;
+  middleware() {
+    return this.router;
+  }
 }
 
-module.exports = proproAuthMiddleware;
+module.exports = AuthMiddleware;

package/src/server/index.test.js

@@ -1,88 +1,294 @@
-const proproAuthMiddleware = require('./index');
+const request = require('supertest');
+const express = require('express');
 const axios = require('axios');
-const { createMockExpressContext } = require('../../utils/testUtils');
+const AuthMiddleware = require('./AuthMiddleware');
+const {
+  setAuthCookies,
+  clearAuthCookies,
+} = require('./middleware/cookieUtils');
+const {
+  exchangeToken,
+  formatRedirectUrl,
+} = require('./middleware/verifyToken');
+const { checkIfUserExists } = require('../../middlewares/account_info');
 
 jest.mock('axios');
-jest.mock('dotenv', () => ({
-  config: jest.fn(),
-}));
-
-process.env.AUTH_URL = 'https://auth.innate.io/api/auth';
-process.env.CLIENT_ID = 'testClientId';
-process.env.CLIENT_SECRET = 'testClientSecret';
-process.env.CLIENT_URL = 'https://example.com';
-process.env.REDIRECT_URI = 'https://example.com/callback';
-process.env.APP_NAME = 'TestApp';
-
-describe('proproAuthMiddleware /api/auth', () => {
-  it('should return a redirect URL on /api/auth path', async () => {
-    const { req, res, next } = createMockExpressContext('/api/auth');
-
-    const middleware = proproAuthMiddleware({}, {});
-    await middleware(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(200);
-    expect(res.json).toHaveBeenCalledWith(
-      expect.objectContaining({
-        redirectUrl: expect.any(String),
-      })
+jest.mock('./middleware/cookieUtils');
+jest.mock('./middleware/verifyToken');
+jest.mock('../../middlewares/account_info');
+
+describe('AuthMiddleware', () => {
+  let app;
+  let authMiddleware;
+  let mockUserSchema;
+
+  beforeEach(() => {
+    app = express();
+    mockUserSchema = {};
+    authMiddleware = new AuthMiddleware(
+      {
+        authUrl: 'http://auth.example.com',
+        clientId: 'test-client-id',
+        clientSecret: 'test-client-secret',
+        clientUrl: 'http://client.example.com',
+        redirectUri: 'http://client.example.com/callback',
+        appName: 'TestApp',
+        appUrl: 'http://app.example.com',
+      },
+      mockUserSchema
     );
+    app.use(express.json());
+    app.use(authMiddleware.middleware());
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('handleAuth', () => {
+    it('should return a redirect URL', async () => {
+      const response = await request(app).get('/api/auth');
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveProperty('redirectUrl');
+      expect(response.body.redirectUrl).toContain(
+        'http://client.example.com/signin'
+      );
+    });
+  });
+
+  describe('handleCallback', () => {
+    it('should handle successful token exchange', async () => {
+      const mockTokens = {
+        access: { token: 'access-token' },
+        refresh: { token: 'refresh-token' },
+      };
+      const mockAccount = { accountId: '123' };
+      const mockUser = { id: '456' };
+
+      exchangeToken.mockResolvedValue({
+        tokens: mockTokens,
+        account: mockAccount,
+        redirectUrl: 'http://app.example.com',
+      });
+      checkIfUserExists.mockResolvedValue(mockUser);
+
+      const response = await request(app).get('/api/callback?code=test-code');
+
+      expect(response.status).toBe(302); // Expecting a redirect
+      expect(response.header.location).toBe('http://app.example.com');
+      expect(setAuthCookies).toHaveBeenCalledWith(
+        expect.anything(),
+        mockTokens,
+        mockAccount,
+        mockUser,
+        'http://app.example.com'
+      );
+    });
+
+    it('should handle missing code', async () => {
+      const response = await request(app).get('/api/callback');
+      expect(response.status).toBe(400);
+      expect(response.text).toBe('No code received');
+    });
+
+    it('should handle token exchange error', async () => {
+      exchangeToken.mockRejectedValue(new Error('Exchange failed'));
+
+      const response = await request(app).get('/api/callback?code=test-code');
+
+      expect(response.status).toBe(500);
+      expect(response.text).toBe('Internal Server Error');
+    });
+  });
+
+  describe('handleRefreshToken', () => {
+    it('should handle successful token refresh', async () => {
+      const mockRefreshToken = 'refresh-token';
+      const mockResponse = {
+        data: {
+          account: { accountId: '123' },
+          access: { token: 'new-access-token' },
+          refresh: { token: 'new-refresh-token' },
+        },
+      };
+
+      axios.post.mockResolvedValue(mockResponse);
+      checkIfUserExists.mockResolvedValue({ id: '456' });
+
+      const response = await request(app)
+        .post('/api/refreshToken')
+        .set('Cookie', [`x-refresh-token=${mockRefreshToken}`]);
+
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual({
+        message: 'Token refreshed successfully',
+      });
+      expect(setAuthCookies).toHaveBeenCalled();
+    });
+
+    it('should handle missing refresh token', async () => {
+      const response = await request(app).post('/api/refreshToken');
+
+      expect(response.status).toBe(401);
+      expect(response.body).toHaveProperty(
+        'error',
+        'No refresh token provided'
+      );
+    });
+
+    it('should handle invalid refresh token', async () => {
+      axios.post.mockResolvedValue({ data: {} });
+
+      const response = await request(app)
+        .post('/api/refreshToken')
+        .set('Cookie', ['x-refresh-token=invalid-token']);
+
+      expect(response.status).toBe(401);
+      expect(response.body).toEqual({
+        error: 'Invalid or expired refresh token',
+      });
+    });
   });
-});
 
-// describe('proproAuthMiddleware /api/refreshToken', () => {
-//   it('should refresh tokens and set cookies', async () => {
-//     axios.post.mockResolvedValue({
-//       data: {
-//         account: { id: 'accountId' },
-//         access: { token: 'accessToken', expires: new Date(Date.now() + 10000) },
-//         refresh: {
-//           token: 'refreshToken',
-//           expires: new Date(Date.now() + 20000),
-//         },
-//       },
-//     });
-
-//     const { req, res, next } = createMockExpressContext('/api/refreshToken', {
-//       cookies: { 'x-refresh-token': 'oldRefreshToken' },
-//     });
-
-//     const middleware = proproAuthMiddleware({}, {});
-//     await middleware(req, res, next);
-
-//     expect(res.cookie).toHaveBeenCalledWith(
-//       'x-refresh-token',
-//       expect.any(String),
-//       expect.objectContaining({
-//         httpOnly: true,
-//         secure: expect.any(Boolean),
-//       })
-//     );
-//     expect(res.cookie).toHaveBeenCalledWith(
-//       'x-access-token',
-//       expect.any(String),
-//       expect.objectContaining({
-//         httpOnly: true,
-//         secure: expect.any(Boolean),
-//       })
-//     );
-//     expect(res.status).toHaveBeenCalledWith(200);
-//     expect(res.json).toHaveBeenCalledWith(
-//       expect.objectContaining({
-//         message: 'Token refreshed successfully',
-//       })
-//     );
-//   });
-// });
-
-// describe('proproAuthMiddleware /api/callback', () => {
-//   it('should handle the callback and set cookies', async () => {
-//     const { req, res, next } = createMockExpressContext('/api/callback', {
-//       query: { code: 'authorizationCode' },
-//     });
-
-//     const userSchemaMock = {};
-//     const middleware = proproAuthMiddleware({}, userSchemaMock);
-//     await middleware(req, res, next);
-//   });
-// });
+  describe('handleLogout', () => {
+    it('should handle successful logout', async () => {
+      const mockRefreshToken = 'refresh-token';
+      axios.post.mockResolvedValue({});
+
+      const response = await request(app)
+        .post('/api/logout')
+        .set('Cookie', [`x-refresh-token=${mockRefreshToken}`]);
+
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveProperty('redirectUrl');
+      expect(clearAuthCookies).toHaveBeenCalled();
+    });
+
+    it('should handle missing refresh token', async () => {
+      const response = await request(app).post('/api/logout');
+
+      expect(response.status).toBe(401);
+      expect(response.body).toEqual({ error: 'No refresh token provided' });
+    });
+
+    it('should handle logout error', async () => {
+      axios.post.mockRejectedValue(new Error('Logout failed'));
+
+      const response = await request(app)
+        .post('/api/logout')
+        .set('Cookie', ['x-refresh-token=test-token']);
+
+      expect(response.status).toBe(500);
+      expect(response.body).toEqual({ error: 'Failed to logout' });
+    });
+  });
+
+  describe('Profile Update Handlers', () => {
+    const testCases = [
+      {
+        method: 'handleProfileUpdate',
+        path: '/api/profile',
+        authPath: '/api/v1/profile',
+      },
+      {
+        method: 'handlePasswordUpdate',
+        path: '/api/profile/password',
+        authPath: '/api/v1/profile/password',
+      },
+      {
+        method: 'handleEmailUpdate',
+        path: '/api/profile/email',
+        authPath: '/api/v1/profile/email',
+      },
+      {
+        method: 'handleTwoFactorAuth',
+        path: '/api/profile/2fa',
+        authPath: '/api/v1/profile/2fa',
+      },
+      {
+        method: 'handleAvatarUpdate',
+        path: '/api/profile/avatar',
+        authPath: '/api/v1/profile/avatar',
+      },
+    ];
+
+    testCases.forEach(({ method, path, authPath }) => {
+      describe(method, () => {
+        it('should successfully proxy the request', async () => {
+          const mockResponse = {
+            status: 200,
+            data: { message: 'Update successful' },
+          };
+          axios.mockResolvedValue(mockResponse);
+
+          const response = await request(app)
+            .patch(path)
+            .set('Cookie', ['x-access-token=test-token'])
+            .send({ someData: 'testData' });
+
+          expect(response.status).toBe(200);
+          expect(response.body).toEqual({ message: 'Update successful' });
+          expect(axios).toHaveBeenCalledWith(
+            expect.objectContaining({
+              method: 'PATCH',
+              url: `http://auth.example.com${authPath}`,
+              data: { someData: 'testData' },
+              headers: expect.objectContaining({
+                Authorization: 'Bearer test-token',
+                'Content-Type': 'application/json',
+              }),
+            })
+          );
+        });
+
+        it('should handle missing access token', async () => {
+          const response = await request(app).patch(path);
+
+          expect(response.status).toBe(500);
+          expect(response.body).toEqual({ error: 'Internal Server Error' });
+        });
+
+        it('should handle proxy error', async () => {
+          axios.mockRejectedValue({
+            response: { status: 400, data: { error: 'Bad Request' } },
+          });
+
+          const response = await request(app)
+            .patch(path)
+            .set('Cookie', ['x-access-token=test-token']);
+
+          expect(response.status).toBe(400);
+          expect(response.body).toEqual({ error: 'Bad Request' });
+        });
+      });
+    });
+  });
+
+  describe('handleAppSettings', () => {
+    it('should successfully update app settings', async () => {
+      const response = await request(app)
+        .patch('/api/app/settings')
+        .send({ settings: { theme: 'dark' } });
+
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual({
+        message: 'App settings updated successfully',
+      });
+    });
+
+    it('should handle update error', async () => {
+      authMiddleware.handleAppSettings = jest
+        .fn()
+        .mockImplementation((req, res) => {
+          throw new Error('Update failed');
+        });
+
+      const response = await request(app)
+        .patch('/api/app/settings')
+        .send({ settings: { theme: 'light' } });
+
+      expect(response.status).toBe(500);
+      expect(response.body).toEqual({ error: 'Failed to update app settings' });
+    });
+  });
+});

package/src/server/middleware/{setAuthCookies.js → cookieUtils.js}

@@ -15,13 +15,17 @@ const setAuthCookies = (res, tokens, account, user, appUrl) => {
   const accessMaxAge =
     new Date(tokens.access.expires).getTime() - currentDateTime.getTime();
 
-  const domain = appUrl ? new URL(appUrl).hostname : undefined;
+  let domain = appUrl ? new URL(appUrl).hostname : undefined;
+
+  if (domain.includes('mapmap.app')) {
+    domain = '.mapmap.app';
+  }
 
   console.log('domain: ', domain);
 
   const commonAttributes = {
     // secure: process.env.NODE_ENV === 'production',
-    secure: false,
+    secure: true,
     sameSite: 'None',
     // path: '/',
     domain: domain,
@@ -59,6 +63,27 @@ const setAuthCookies = (res, tokens, account, user, appUrl) => {
   );
 };
 
+const clearAuthCookies = res => {
+  const commonAttributes = {
+    secure: true,
+    sameSite: 'None',
+    domain: process.env.APP_URL
+      ? new URL(process.env.APP_URL).hostname
+      : undefined,
+  };
+
+  [
+    'x-refresh-token',
+    'x-access-token',
+    'user',
+    'account',
+    'has_account_token',
+  ].forEach(cookieName => {
+    res.clearCookie(cookieName, commonAttributes);
+  });
+};
+
 module.exports = {
   setAuthCookies,
+  clearAuthCookies,
 };

package/src/server/middleware/setAuthCookies.test.js

@@ -1,4 +1,4 @@
-const { setAuthCookies } = require('./setAuthCookies');
+const { setAuthCookies } = require('./cookieUtils');
 
 describe('setAuthCookies', () => {
   let res;