npm - propro-utils - Versions diffs - 1.7.28 → 1.7.30 - Mend

propro-utils 1.7.28 → 1.7.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/middlewares/access_token.js +1 -5
package/middlewares/account_info.js +41 -44
package/middlewares/refresh_token.js +8 -10
package/package.json +4 -2
package/src/server/index.js +49 -22
package/src/server/middleware/verifyToken.js +8 -6

package/middlewares/access_token.js CHANGED Viewed

@@ -42,7 +42,6 @@ const authValidation = (requiredPermissions = []) => {
         req.headers.authorization?.split(' ')[1];
       if (!accessToken) {
-        console.log('Access token is required');
         return res.status(403).json({ error: 'Access token is required' });
       }
@@ -66,7 +65,6 @@ const authValidation = (requiredPermissions = []) => {
       );
       if (!validPermissions) {
-        console.log('Invalid permissions');
         return res.status(403).json({ error: 'Invalid permissions' });
       }
@@ -74,17 +72,15 @@ const authValidation = (requiredPermissions = []) => {
       let user = null;
       try {
-        user = await checkIfUserExists(account.accountId);
+        user = await checkIfUserExists(accountId);
         if (!user) throw new Error('User not found');
       } catch (error) {
-        console.log('User not found 1');
         return res.status(403).json({error: error?.message || 'User not found'});
       }
       req.user = user.id;
       next();
     } catch (error) {
-      console.log(error.message);
       if (error.response && error.response.status) {
         next(new Error(error.response.data.message));
       }

package/middlewares/account_info.js CHANGED Viewed

@@ -1,11 +1,11 @@
-require('dotenv').config();
-const axios = require('axios');
-const { getOrSetCache } = require('../utils/redis');
-const { v4: uuidv4 } = require('uuid');
-const ServiceManager = require('../utils/serviceManager');
+require("dotenv").config();
+const axios = require("axios");
+const { getOrSetCache } = require("../utils/redis");
+const { v4: uuidv4 } = require("uuid");
+const ServiceManager = require("../utils/serviceManager");
 const defaultUserGlobalStyleShortcuts =
-  require('./defaultUserGlobalStyleShortcuts.json').defaultGlobalStyleShortcuts;
-const defaultFolders = require('./defaultFolders.json').defaultFolders;
+  require("./defaultUserGlobalStyleShortcuts.json").defaultGlobalStyleShortcuts;
+const defaultFolders = require("./defaultFolders.json").defaultFolders;
 /**
  * Retrieves the account profile data from the authentication server and caches it using Redis.
@@ -20,10 +20,10 @@ const defaultFolders = require('./defaultFolders.json').defaultFolders;
 const getAccountProfile = async (redisClient, userSchema, accountId) => {
   try {
     const accessToken =
-      req.cookies['x-access-token'] || req.headers.authorization?.split(' ')[1];
+      req.cookies["x-access-token"] || req.headers.authorization?.split(" ")[1];
     if (!accessToken) {
-      throw new Error('Access token is required');
+      throw new Error("Access token is required");
     }
     const fetchPermission = async () => {
@@ -49,7 +49,7 @@ const getAccountProfile = async (redisClient, userSchema, accountId) => {
     );
     if (!profileData) {
-      throw new Error('Invalid permissions');
+      throw new Error("Invalid permissions");
     }
     return profileData;
@@ -57,7 +57,7 @@ const getAccountProfile = async (redisClient, userSchema, accountId) => {
     if (error.response && error.response.status) {
       throw new Error(error.response.data.message);
     }
-    throw new Error('Error validating token');
+    throw new Error("Error validating token");
   }
 };
@@ -140,8 +140,8 @@ async function createUserGlobalStyles(userStyleSchema, accountId) {
  */
 async function createDefaultFolders(folderSchema, accountId) {
   try {
-    console.log('Creating default folders for user:', accountId);
-    const folderPromises = defaultFolders.map(folder =>
+    console.log("Creating default folders for user:", accountId);
+    const folderPromises = defaultFolders.map((folder) =>
       folderSchema.create({
         ...folder,
         user_id: accountId,
@@ -149,17 +149,17 @@ async function createDefaultFolders(folderSchema, accountId) {
     );
     return Promise.all(folderPromises);
   } catch (error) {
-    console.error('Error in createDefaultFolders:', error);
-    throw new Error('Failed to create default folders');
+    console.error("Error in createDefaultFolders:", error);
+    throw new Error("Failed to create default folders");
   }
 }
 const DEFAULT_THEME = {
   canvasBackground: '#1E1D1D',
   defaultItemWidth: 200,
-  defaultColor: '#ffffff',
-  fontSize: '16px',
-  name: 'Default Theme',
+  defaultColor: "#ffffff",
+  fontSize: "16px",
+  name: "Default Theme",
   isDefault: true,
 };
@@ -173,40 +173,40 @@ const DEFAULT_THEME = {
  */
 const checkIfUserExists = async accountId => {
   // Input validation
-  if (!accountId || typeof accountId !== 'string') {
-    console.warn('Invalid accountId provided:', accountId);
-    throw new Error('Invalid accountId provided');
+  if (!accountId || typeof accountId !== "string") {
+    console.warn("Invalid accountId provided:", accountId);
+    throw new Error("Invalid accountId provided");
   }
   try {
     const schemaResults = await Promise.all([
-      ServiceManager.getService('UserSchema'),
-      ServiceManager.getService('UserStyleSchema'),
-      ServiceManager.getService('FolderSchema'),
-      ServiceManager.getService('ThemeSchema'),
+      ServiceManager.getService("UserSchema"),
+      ServiceManager.getService("UserStyleSchema"),
+      ServiceManager.getService("FolderSchema"),
+      ServiceManager.getService("ThemeSchema"),
     ]);
     const [userSchema, userStyleSchema, folderSchema, themeSchema] =
       schemaResults;
     if (!userSchema) {
-      throw new Error('UserSchema service not available');
+      throw new Error("UserSchema service not available");
     }
     // Optional schemas warning
     if (!userStyleSchema) {
       console.warn(
-        'UserStyleSchema service not available - style features will be skipped'
+        "UserStyleSchema service not available - style features will be skipped"
       );
     }
     if (!folderSchema) {
       console.warn(
-        'FolderSchema service not available - folder features will be skipped'
+        "FolderSchema service not available - folder features will be skipped"
       );
     }
     if (!themeSchema) {
       console.warn(
-        'ThemeSchema service not available - theme features will be skipped'
+        "ThemeSchema service not available - theme features will be skipped"
       );
     }
@@ -219,7 +219,7 @@ const checkIfUserExists = async accountId => {
     if (user) {
       const updates = [];
-      // Handle userGlobalStyles
+      // Handle userGlobalStyles - check properly if styles exist in the database
       if (userStyleSchema) {
         // Consolidate any duplicate global styles
         await consolidateGlobalStyles(accountId);
@@ -231,19 +231,19 @@ const checkIfUserExists = async accountId => {
           (async () => {
             const existingFolders = await folderSchema
               .find({ user_id: user.id })
-              .select('name')
+              .select("name")
               .lean();
             const existingFolderNames = new Set(
-              existingFolders.map(f => f.name)
+              existingFolders.map((f) => f.name)
             );
             const foldersToCreate = defaultFolders.filter(
-              folder => !existingFolderNames.has(folder.name)
+              (folder) => !existingFolderNames.has(folder.name)
             );
             if (foldersToCreate.length > 0) {
               return folderSchema.insertMany(
-                foldersToCreate.map(folder => ({
+                foldersToCreate.map((folder) => ({
                   ...folder,
                   user_id: user.id,
                 }))
@@ -258,7 +258,7 @@ const checkIfUserExists = async accountId => {
         updates.push(
           (async () => {
             const defaultThemeExists = await themeSchema.exists({
-              name: 'Default Theme',
+              name: "Default Theme",
               accountId,
             });
@@ -283,11 +283,8 @@ const checkIfUserExists = async accountId => {
       // Wait for all updates to complete
       await Promise.all(updates);
-      // Return fresh user data after updates, excluding specified fields
-      return userSchema
-        .findOne({ accountId })
-        .select('-theme -folderList -userGlobalStyles -mapList')
-        .lean();
+      // Return fresh user data after updates
+      return userSchema.findOne({ accountId }).lean();
     }
     // Create new user with all associated data
@@ -298,7 +295,7 @@ const checkIfUserExists = async accountId => {
     let userGlobalStyles;
     if (userStyleSchema) {
       creationTasks.push(
-        createUserGlobalStyles(userStyleSchema, accountId).then(styles => {
+        createUserGlobalStyles(userStyleSchema, accountId).then((styles) => {
           userGlobalStyles = styles;
           return styles;
         })
@@ -316,8 +313,8 @@ const checkIfUserExists = async accountId => {
             userId,
             id: uuidv4(),
           })
-          .then(theme => {
-            console.log('Created theme:', theme);
+          .then((theme) => {
+            console.log("Created theme:", theme);
             defaultTheme = theme;
             return theme;
           })
@@ -346,7 +343,7 @@ const checkIfUserExists = async accountId => {
       .select('-theme -folderList -userGlobalStyles -mapList')
       .lean();
   } catch (error) {
-    console.error('Detailed error in checkIfUserExists:', {
+    console.error("Detailed error in checkIfUserExists:", {
       accountId,
       errorName: error.name,
       errorMessage: error.message,

package/middlewares/refresh_token.js CHANGED Viewed

@@ -9,10 +9,9 @@ const refreshLimiter = rateLimit({
     message: 'Too many refresh requests from this IP, please try again after 15 minutes',
 });
-const refreshTokenCache = new Map();
 /**
  * Middleware to refresh access token using refresh token.
+ * Note: Cache removed to prevent stale token issues. Token rotation handles efficiency.
  *
  * @param {Object} req - The request object.
  * @param {Object} res - The response object.
@@ -29,11 +28,6 @@ async function refreshTokenMiddleware(req, res, next) {
         return res.status(400).json({ error: 'Invalid refresh token format' });
     }
-    if (refreshTokenCache.has(refreshToken)) {
-        req.newAccessToken = refreshTokenCache.get(refreshToken);
-        return next();
-    }
     try {
         const response = await axios.post(
             `${process.env.AUTH_URL}/oauth/token`,
@@ -43,11 +37,13 @@ async function refreshTokenMiddleware(req, res, next) {
                 client_id: process.env.CLIENT_ID,
                 client_secret: process.env.CLIENT_SECRET,
             }),
-            { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }
+            {
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                timeout: 10000 // 10 second timeout
+            }
         );
         if (response.data && response.data.access_token) {
-            refreshTokenCache.set(refreshToken, response.data.access_token);
             req.newAccessToken = response.data.access_token;
             next();
         } else {
@@ -55,7 +51,9 @@ async function refreshTokenMiddleware(req, res, next) {
         }
     } catch (error) {
         const statusCode = error.response?.status || 500;
-        res.status(statusCode).json({ error: error.response?.data?.error || 'Error refreshing token' });
+        const errorMessage = error.response?.data?.error || error.message || 'Error refreshing token';
+        console.error('Refresh token middleware error:', errorMessage);
+        res.status(statusCode).json({ error: errorMessage });
     }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.7.28",
+  "version": "1.7.30",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "private": false,
@@ -47,6 +47,7 @@
     "jest-mock-axios": "^4.7.3",
     "jsonwebtoken": "^9.0.2",
     "multer": "^1.4.5-lts.1",
+    "neverthrow": "^8.2.0",
     "nodemailer": "^6.9.7",
     "nodemailer-mailgun-transport": "^2.1.5",
     "querystring": "^0.2.1",
@@ -54,5 +55,6 @@
     "supertest": "^6.3.4",
     "test": "^3.3.0",
     "uuid": "^9.0.1"
-  }
+  },
+  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
 }

package/src/server/index.js CHANGED Viewed

@@ -55,6 +55,8 @@ class AuthMiddleware {
     this.userStyleSchema = userStyleSchema;
     this.themeSchema = themeSchema;
     this.router = Router();
+    // Track in-flight refresh requests to prevent race conditions
+    this.refreshLocks = new Map();
     this.initializeRoutes();
   }
@@ -171,7 +173,6 @@ class AuthMiddleware {
         user = await checkIfUserExists(account.accountId);
         if (!user) throw new Error('User not found');
       } catch (error) {
-        console.log('User not found 3');
         return res.status(403).json({error: error?.message || 'User not found'});
       }
@@ -179,7 +180,6 @@ class AuthMiddleware {
       res.redirect(formatRedirectUrl(this.options.appUrl));
     } catch (error) {
-      console.error('Error in callback:', error);
       res.status(500).send('Internal Server Error');
     }
   };
@@ -194,31 +194,58 @@ class AuthMiddleware {
       });
     }
-    try {
-      const response = await this.refreshTokens(refreshToken);
-      const { account, access, refresh } = response.data;
-      if (!account || !access || !refresh) {
-        return res
-          .status(401)
-          .json({ error: 'Invalid or expired refresh token' });
+    // Prevent concurrent refresh requests for the same token
+    const lockKey = refreshToken;
+    if (this.refreshLocks.has(lockKey)) {
+      // Wait for the in-flight request to complete
+      try {
+        const result = await this.refreshLocks.get(lockKey);
+        return res.status(200).json(result);
+      } catch (error) {
+        return res.status(401).json({ error: 'Failed to refresh token' });
       }
+    }
-      const user = await checkIfUserExists(account.accountId);
+    // Create a promise for this refresh operation
+    const refreshPromise = (async () => {
+      try {
+        const response = await this.refreshTokens(refreshToken);
+        const { account, access, refresh } = response.data;
-      const { returnTokens } = req.query;
-      if (returnTokens === 'true') {
-        return res.status(200).json({ account, user, access, refresh });
+        if (!account || !access || !refresh) {
+          throw new Error('Invalid or expired refresh token');
+        }
+        const user = await checkIfUserExists(account.accountId);
+        const { returnTokens } = req.query;
+        if (returnTokens === 'true') {
+          return { account, user, access, refresh };
+        }
+        setAuthCookies(
+          res,
+          { access, refresh },
+          account,
+          user,
+          this.options.appUrl
+        );
+        return { message: 'Token refreshed successfully' };
+      } finally {
+        // Clean up lock after 30 seconds
+        setTimeout(() => {
+          this.refreshLocks.delete(lockKey);
+        }, 30000);
       }
-      setAuthCookies(
-        res,
-        { access, refresh },
-        account,
-        user,
-        this.options.appUrl
-      );
+    })();
-      res.status(200).json({ message: 'Token refreshed successfully' });
+    // Store the promise so concurrent requests can await it
+    this.refreshLocks.set(lockKey, refreshPromise);
+    try {
+      const result = await refreshPromise;
+      res.status(200).json(result);
     } catch (error) {
       console.error('Error refreshing token:', error);
       res.status(401).json({ error: 'Failed to refresh token' });

package/src/server/middleware/verifyToken.js CHANGED Viewed

@@ -12,10 +12,14 @@ async function verifyJWT(token, secret = 'thisisasamplesecret') {
   try {
     return jwt.verify(token, secret);
   } catch (err) {
-    if (err.name === 'TokenExpiredError') {
-      const newTokenData = await callTokenEndpoint(token);
-      return newTokenData ? jwt.verify(newTokenData, secret) : null;
-    }
+    try{
+        if (err.name === 'TokenExpiredError') {
+          const newTokenData = await callTokenEndpoint(token);
+          return newTokenData ? jwt?.verify?.(newTokenData, secret) : null;
+        }
+      }catch(e){
+        return null
+      }
     return null;
   }
 }
@@ -96,7 +100,6 @@ const VerifyAccount = requiredPermissions => {
     try {
       const decoded = jwt.verify(accessToken, process.env.JWT_SECRET);
       if (!isValid(decoded, requiredPermissions)) {
-        console.log('Invalid permissions 1');
         return res.status(403).json({ error: 'Invalid permissions' });
       }
       tokenCache.set(accessToken, decoded);
@@ -114,7 +117,6 @@ const VerifyAccount = requiredPermissions => {
         );
         if (!isValid(userResponse.data, requiredPermissions)) {
-        console.log('Invalid permissions 2');
         return res.status(403).json({ error: 'Invalid permissions' });
         }