propro-utils 1.7.29 → 1.7.31

package/middlewares/access_token.js

@@ -42,7 +42,6 @@ const authValidation = (requiredPermissions = []) => {
         req.headers.authorization?.split(' ')[1];
 
       if (!accessToken) {
-        console.log('Access token is required');
         return res.status(403).json({ error: 'Access token is required' });
       }
 
@@ -66,7 +65,6 @@ const authValidation = (requiredPermissions = []) => {
       );
 
       if (!validPermissions) {
-        console.log('Invalid permissions');
         return res.status(403).json({ error: 'Invalid permissions' });
       }
 
@@ -77,14 +75,12 @@ const authValidation = (requiredPermissions = []) => {
         user = await checkIfUserExists(accountId);
         if (!user) throw new Error('User not found');
       } catch (error) {
-        console.log('User not found 1');
         return res.status(403).json({error: error?.message || 'User not found'});
       }
      
       req.user = user.id;
       next();
     } catch (error) {
-      console.log(error.message);
       if (error.response && error.response.status) {
         next(new Error(error.response.data.message));
       }

package/middlewares/account_info.js

@@ -1,11 +1,11 @@
-require('dotenv').config();
-const axios = require('axios');
-const { getOrSetCache } = require('../utils/redis');
-const { v4: uuidv4 } = require('uuid');
-const ServiceManager = require('../utils/serviceManager');
+require("dotenv").config();
+const axios = require("axios");
+const { getOrSetCache } = require("../utils/redis");
+const { v4: uuidv4 } = require("uuid");
+const ServiceManager = require("../utils/serviceManager");
 const defaultUserGlobalStyleShortcuts =
-  require('./defaultUserGlobalStyleShortcuts.json').defaultGlobalStyleShortcuts;
-const defaultFolders = require('./defaultFolders.json').defaultFolders;
+  require("./defaultUserGlobalStyleShortcuts.json").defaultGlobalStyleShortcuts;
+const defaultFolders = require("./defaultFolders.json").defaultFolders;
 
 /**
  * Retrieves the account profile data from the authentication server and caches it using Redis.
@@ -20,10 +20,10 @@ const defaultFolders = require('./defaultFolders.json').defaultFolders;
 const getAccountProfile = async (redisClient, userSchema, accountId) => {
   try {
     const accessToken =
-      req.cookies['x-access-token'] || req.headers.authorization?.split(' ')[1];
+      req.cookies["x-access-token"] || req.headers.authorization?.split(" ")[1];
 
     if (!accessToken) {
-      throw new Error('Access token is required');
+      throw new Error("Access token is required");
     }
 
     const fetchPermission = async () => {
@@ -49,7 +49,7 @@ const getAccountProfile = async (redisClient, userSchema, accountId) => {
     );
 
     if (!profileData) {
-      throw new Error('Invalid permissions');
+      throw new Error("Invalid permissions");
     }
 
     return profileData;
@@ -57,7 +57,7 @@ const getAccountProfile = async (redisClient, userSchema, accountId) => {
     if (error.response && error.response.status) {
       throw new Error(error.response.data.message);
     }
-    throw new Error('Error validating token');
+    throw new Error("Error validating token");
   }
 };
 
@@ -140,8 +140,8 @@ async function createUserGlobalStyles(userStyleSchema, accountId) {
  */
 async function createDefaultFolders(folderSchema, accountId) {
   try {
-    console.log('Creating default folders for user:', accountId);
-    const folderPromises = defaultFolders.map(folder =>
+    console.log("Creating default folders for user:", accountId);
+    const folderPromises = defaultFolders.map((folder) =>
       folderSchema.create({
         ...folder,
         user_id: accountId,
@@ -149,17 +149,17 @@ async function createDefaultFolders(folderSchema, accountId) {
     );
     return Promise.all(folderPromises);
   } catch (error) {
-    console.error('Error in createDefaultFolders:', error);
-    throw new Error('Failed to create default folders');
+    console.error("Error in createDefaultFolders:", error);
+    throw new Error("Failed to create default folders");
   }
 }
 
 const DEFAULT_THEME = {
   canvasBackground: '#1E1D1D',
   defaultItemWidth: 200,
-  defaultColor: '#ffffff',
-  fontSize: '16px',
-  name: 'Default Theme',
+  defaultColor: "#ffffff",
+  fontSize: "16px",
+  name: "Default Theme",
   isDefault: true,
 };
 
@@ -173,40 +173,40 @@ const DEFAULT_THEME = {
  */
 const checkIfUserExists = async accountId => {
   // Input validation
-  if (!accountId || typeof accountId !== 'string') {
-    console.warn('Invalid accountId provided:', accountId);
-    throw new Error('Invalid accountId provided');
+  if (!accountId || typeof accountId !== "string") {
+    console.warn("Invalid accountId provided:", accountId);
+    throw new Error("Invalid accountId provided");
   }
 
   try {
     const schemaResults = await Promise.all([
-      ServiceManager.getService('UserSchema'),
-      ServiceManager.getService('UserStyleSchema'),
-      ServiceManager.getService('FolderSchema'),
-      ServiceManager.getService('ThemeSchema'),
+      ServiceManager.getService("UserSchema"),
+      ServiceManager.getService("UserStyleSchema"),
+      ServiceManager.getService("FolderSchema"),
+      ServiceManager.getService("ThemeSchema"),
     ]);
 
     const [userSchema, userStyleSchema, folderSchema, themeSchema] =
       schemaResults;
 
     if (!userSchema) {
-      throw new Error('UserSchema service not available');
+      throw new Error("UserSchema service not available");
     }
 
     // Optional schemas warning
     if (!userStyleSchema) {
       console.warn(
-        'UserStyleSchema service not available - style features will be skipped'
+        "UserStyleSchema service not available - style features will be skipped"
       );
     }
     if (!folderSchema) {
       console.warn(
-        'FolderSchema service not available - folder features will be skipped'
+        "FolderSchema service not available - folder features will be skipped"
       );
     }
     if (!themeSchema) {
       console.warn(
-        'ThemeSchema service not available - theme features will be skipped'
+        "ThemeSchema service not available - theme features will be skipped"
       );
     }
 
@@ -219,7 +219,7 @@ const checkIfUserExists = async accountId => {
     if (user) {
       const updates = [];
 
-      // Handle userGlobalStyles
+      // Handle userGlobalStyles - check properly if styles exist in the database
       if (userStyleSchema) {
         // Consolidate any duplicate global styles
         await consolidateGlobalStyles(accountId);
@@ -231,19 +231,19 @@ const checkIfUserExists = async accountId => {
           (async () => {
             const existingFolders = await folderSchema
               .find({ user_id: user.id })
-              .select('name')
+              .select("name")
               .lean();
 
             const existingFolderNames = new Set(
-              existingFolders.map(f => f.name)
+              existingFolders.map((f) => f.name)
             );
             const foldersToCreate = defaultFolders.filter(
-              folder => !existingFolderNames.has(folder.name)
+              (folder) => !existingFolderNames.has(folder.name)
             );
 
             if (foldersToCreate.length > 0) {
               return folderSchema.insertMany(
-                foldersToCreate.map(folder => ({
+                foldersToCreate.map((folder) => ({
                   ...folder,
                   user_id: user.id,
                 }))
@@ -258,7 +258,7 @@ const checkIfUserExists = async accountId => {
         updates.push(
           (async () => {
             const defaultThemeExists = await themeSchema.exists({
-              name: 'Default Theme',
+              name: "Default Theme",
               accountId,
             });
 
@@ -283,11 +283,8 @@ const checkIfUserExists = async accountId => {
       // Wait for all updates to complete
       await Promise.all(updates);
 
-      // Return fresh user data after updates, excluding specified fields
-      return userSchema
-        .findOne({ accountId })
-        .select('-theme -folderList -userGlobalStyles -mapList')
-        .lean();
+      // Return fresh user data after updates
+      return userSchema.findOne({ accountId }).lean();
     }
 
     // Create new user with all associated data
@@ -298,7 +295,7 @@ const checkIfUserExists = async accountId => {
     let userGlobalStyles;
     if (userStyleSchema) {
       creationTasks.push(
-        createUserGlobalStyles(userStyleSchema, accountId).then(styles => {
+        createUserGlobalStyles(userStyleSchema, accountId).then((styles) => {
           userGlobalStyles = styles;
           return styles;
         })
@@ -316,8 +313,8 @@ const checkIfUserExists = async accountId => {
             userId,
             id: uuidv4(),
           })
-          .then(theme => {
-            console.log('Created theme:', theme);
+          .then((theme) => {
+            console.log("Created theme:", theme);
             defaultTheme = theme;
             return theme;
           })
@@ -346,7 +343,7 @@ const checkIfUserExists = async accountId => {
       .select('-theme -folderList -userGlobalStyles -mapList')
       .lean();
   } catch (error) {
-    console.error('Detailed error in checkIfUserExists:', {
+    console.error("Detailed error in checkIfUserExists:", {
       accountId,
       errorName: error.name,
       errorMessage: error.message,

package/middlewares/refresh_token.js

@@ -9,10 +9,9 @@ const refreshLimiter = rateLimit({
     message: 'Too many refresh requests from this IP, please try again after 15 minutes',
 });
 
-const refreshTokenCache = new Map();
-
 /**
  * Middleware to refresh access token using refresh token.
+ * Note: Cache removed to prevent stale token issues. Token rotation handles efficiency.
  *
  * @param {Object} req - The request object.
  * @param {Object} res - The response object.
@@ -29,11 +28,6 @@ async function refreshTokenMiddleware(req, res, next) {
         return res.status(400).json({ error: 'Invalid refresh token format' });
     }
 
-    if (refreshTokenCache.has(refreshToken)) {
-        req.newAccessToken = refreshTokenCache.get(refreshToken);
-        return next();
-    }
-
     try {
         const response = await axios.post(
             `${process.env.AUTH_URL}/oauth/token`,
@@ -43,11 +37,13 @@ async function refreshTokenMiddleware(req, res, next) {
                 client_id: process.env.CLIENT_ID,
                 client_secret: process.env.CLIENT_SECRET,
             }),
-            { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }
+            { 
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                timeout: 10000 // 10 second timeout
+            }
         );
 
         if (response.data && response.data.access_token) {
-            refreshTokenCache.set(refreshToken, response.data.access_token);
             req.newAccessToken = response.data.access_token;
             next();
         } else {
@@ -55,7 +51,9 @@ async function refreshTokenMiddleware(req, res, next) {
         }
     } catch (error) {
         const statusCode = error.response?.status || 500;
-        res.status(statusCode).json({ error: error.response?.data?.error || 'Error refreshing token' });
+        const errorMessage = error.response?.data?.error || error.message || 'Error refreshing token';
+        console.error('Refresh token middleware error:', errorMessage);
+        res.status(statusCode).json({ error: errorMessage });
     }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.7.29",
+  "version": "1.7.31",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "private": false,
@@ -47,6 +47,7 @@
     "jest-mock-axios": "^4.7.3",
     "jsonwebtoken": "^9.0.2",
     "multer": "^1.4.5-lts.1",
+    "neverthrow": "^8.2.0",
     "nodemailer": "^6.9.7",
     "nodemailer-mailgun-transport": "^2.1.5",
     "querystring": "^0.2.1",
@@ -54,5 +55,6 @@
     "supertest": "^6.3.4",
     "test": "^3.3.0",
     "uuid": "^9.0.1"
-  }
+  },
+  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
 }

package/src/server/index.js

@@ -55,6 +55,8 @@ class AuthMiddleware {
     this.userStyleSchema = userStyleSchema;
     this.themeSchema = themeSchema;
     this.router = Router();
+    // Track in-flight refresh requests to prevent race conditions
+    this.refreshLocks = new Map();
     this.initializeRoutes();
   }
 
@@ -171,7 +173,6 @@ class AuthMiddleware {
         user = await checkIfUserExists(account.accountId);
         if (!user) throw new Error('User not found');
       } catch (error) {
-        console.log('User not found 3');
         return res.status(403).json({error: error?.message || 'User not found'});
       }
 
@@ -179,7 +180,6 @@ class AuthMiddleware {
 
       res.redirect(formatRedirectUrl(this.options.appUrl));
     } catch (error) {
-      console.error('Error in callback:', error);
       res.status(500).send('Internal Server Error');
     }
   };
@@ -188,40 +188,94 @@ class AuthMiddleware {
     const refreshToken =
       req.cookies['x-refresh-token'] || req.headers['x-refresh-token'];
     if (!refreshToken) {
+      console.error('Refresh token missing in request');
       return res.status(401).json({
         redirectUrl: this.constructRedirectUrl(),
         error: 'No refresh token provided',
+        message: 'Authentication required. Please log in.',
       });
     }
 
-    try {
-      const response = await this.refreshTokens(refreshToken);
-      const { account, access, refresh } = response.data;
-
-      if (!account || !access || !refresh) {
-        return res
-          .status(401)
-          .json({ error: 'Invalid or expired refresh token' });
+    // Prevent concurrent refresh requests for the same token
+    const lockKey = refreshToken;
+    if (this.refreshLocks.has(lockKey)) {
+      // Wait for the in-flight request to complete
+      console.log('Waiting for in-flight refresh request to complete...');
+      try {
+        const result = await this.refreshLocks.get(lockKey);
+        console.log('Reusing result from in-flight refresh request');
+        return res.status(200).json(result);
+      } catch (error) {
+        console.error('In-flight refresh request failed:', error);
+        return res.status(401).json({ 
+          error: 'Failed to refresh token',
+          message: 'Session refresh failed. Please log in again.',
+        });
       }
+    }
 
-      const user = await checkIfUserExists(account.accountId);
+    // Create a promise for this refresh operation
+    const refreshPromise = (async () => {
+      console.log('Starting refresh token operation...');
+      const startTime = Date.now();
+      
+      try {
+        const response = await this.refreshTokens(refreshToken);
+        const { account, access, refresh } = response.data;
 
-      const { returnTokens } = req.query;
-      if (returnTokens === 'true') {
-        return res.status(200).json({ account, user, access, refresh });
+        if (!account || !access || !refresh) {
+          throw new Error('Invalid or expired refresh token');
+        }
+
+        console.log(`Token refresh successful for account: ${account.accountId}`);
+
+        const user = await checkIfUserExists(account.accountId);
+
+        const { returnTokens } = req.query;
+        if (returnTokens === 'true') {
+          console.log(`Refresh completed in ${Date.now() - startTime}ms (returning tokens)`);
+          return { account, user, access, refresh };
+        }
+        
+        setAuthCookies(
+          res,
+          { access, refresh },
+          account,
+          user,
+          this.options.appUrl
+        );
+
+        console.log(`Refresh completed in ${Date.now() - startTime}ms (cookies set)`);
+        return { 
+          message: 'Token refreshed successfully',
+          account: { accountId: account.accountId, email: account.email },
+        };
+      } catch (error) {
+        console.error(`Token refresh failed after ${Date.now() - startTime}ms:`, error.message);
+        throw error;
+      } finally {
+        // Clean up lock after 30 seconds
+        setTimeout(() => {
+          this.refreshLocks.delete(lockKey);
+          console.log('Refresh lock cleaned up');
+        }, 30000);
       }
-      setAuthCookies(
-        res,
-        { access, refresh },
-        account,
-        user,
-        this.options.appUrl
-      );
+    })();
+
+    // Store the promise so concurrent requests can await it
+    this.refreshLocks.set(lockKey, refreshPromise);
 
-      res.status(200).json({ message: 'Token refreshed successfully' });
+    try {
+      const result = await refreshPromise;
+      res.status(200).json(result);
     } catch (error) {
       console.error('Error refreshing token:', error);
-      res.status(401).json({ error: 'Failed to refresh token' });
+      const errorMessage = error?.response?.data?.message || error?.message || 'Failed to refresh token';
+      res.status(401).json({ 
+        error: 'Failed to refresh token',
+        message: errorMessage,
+        details: 'Your session could not be refreshed. Please log in again.',
+      });
     }
   };
 

package/src/server/middleware/verifyToken.js

@@ -12,10 +12,14 @@ async function verifyJWT(token, secret = 'thisisasamplesecret') {
   try {
     return jwt.verify(token, secret);
   } catch (err) {
-    if (err.name === 'TokenExpiredError') {
-      const newTokenData = await callTokenEndpoint(token);
-      return newTokenData ? jwt.verify(newTokenData, secret) : null;
-    }
+    try{
+        if (err.name === 'TokenExpiredError') {
+          const newTokenData = await callTokenEndpoint(token);
+          return newTokenData ? jwt?.verify?.(newTokenData, secret) : null;
+        }
+      }catch(e){
+        return null
+      }
     return null;
   }
 }
@@ -96,7 +100,6 @@ const VerifyAccount = requiredPermissions => {
     try {
       const decoded = jwt.verify(accessToken, process.env.JWT_SECRET);
       if (!isValid(decoded, requiredPermissions)) {
-        console.log('Invalid permissions 1');
         return res.status(403).json({ error: 'Invalid permissions' });
       }
       tokenCache.set(accessToken, decoded);
@@ -114,7 +117,6 @@ const VerifyAccount = requiredPermissions => {
         );
 
         if (!isValid(userResponse.data, requiredPermissions)) {
-        console.log('Invalid permissions 2');
         return res.status(403).json({ error: 'Invalid permissions' });
         }