prostgles-server 4.2.157 → 4.2.159

package/lib/Auth/AuthTypes.ts

@@ -1,285 +0,0 @@
-import { Express, NextFunction, Request, Response } from "express";
-import { AnyObject, FieldFilter, IdentityProvider, UserLike } from "prostgles-types";
-import { DB } from "../Prostgles";
-import { DBOFullyTyped } from "../DBSchemaBuilder";
-import { PRGLIOSocket } from "../DboBuilder/DboBuilderTypes";
-import type { AuthenticateOptions } from "passport";
-import type { StrategyOptions as GoogleStrategy, Profile as GoogleProfile } from "passport-google-oauth20";
-import type { StrategyOptions as GitHubStrategy, Profile as GitHubProfile } from "passport-github2";
-import type { MicrosoftStrategyOptions } from "passport-microsoft";
-import type { StrategyOptions as FacebookStrategy, Profile as FacebookProfile } from "passport-facebook";
-import Mail from "nodemailer/lib/mailer";
-
-type Awaitable<T> = T | Promise<T>;
-
-export type ExpressReq = Request;
-export type ExpressRes = Response;
-
-export type LoginClientInfo = {
-  ip_address: string;
-  ip_address_remote: string | undefined;
-  x_real_ip: string | undefined;
-  user_agent: string | undefined;
-};
-
-export type BasicSession = {
-
-  /** Must be hard to bruteforce */
-  sid: string;
-
-  /** UNIX millisecond timestamp */
-  expires: number;
-
-  /** On expired */
-  onExpiration: "redirect" | "show_error";
-};
-export type AuthClientRequest = { socket: PRGLIOSocket } | { httpReq: ExpressReq };
-
-type ThirdPartyProviders = {
-  facebook?: Pick<FacebookStrategy, "clientID" | "clientSecret"> & {
-    authOpts?: AuthenticateOptions;
-  };
-  google?: Pick<GoogleStrategy, "clientID" | "clientSecret"> & {
-    authOpts?: AuthenticateOptions;
-  };
-  github?: Pick<GitHubStrategy, "clientID" | "clientSecret"> & {
-    authOpts?: AuthenticateOptions;
-  };
-  microsoft?: Pick<MicrosoftStrategyOptions, "clientID" | "clientSecret"> & {
-    authOpts?: AuthenticateOptions;
-  };
-};
-
-export type SMTPConfig = {
-  type: "smtp";
-  host: string;
-  port: number;
-  secure: boolean;
-  user: string;
-  pass: string;
-} | {
-  type: "aws-ses";
-  region: string;
-  accessKeyId: string;
-  secretAccessKey: string;
-  /**
-   * Sending rate per second
-   * Defaults to 1
-   */
-  sendingRate?: number;
-}
-
-export type Email = {
-  from: string;
-  to: string;
-  subject: string;
-  html: string;
-  text?: string;
-  attachments?: { filename: string; content: string; }[] | Mail.Attachment[];
-}
-
-type EmailWithoutTo = Omit<Email, "to">;
-
-type EmailProvider = 
-| {
-  signupType: "withMagicLink";
-  onRegistered: (data: { username: string; }) => void | Promise<void>;
-  emailMagicLink:  {
-    onSend: (data: { email: string; magicLinkPath: string; }) => EmailWithoutTo | Promise<EmailWithoutTo>;
-    smtp: SMTPConfig;
-  };
-} 
-| {
-  signupType: "withPassword";
-  onRegistered: (data: { username: string; password: string; }) => void | Promise<void>;
-  /**
-   * Defaults to 8
-   */
-  minPasswordLength: number;
-  /**
-   * If provided, the user will be required to confirm their email address
-   */
-  emailConfirmation?: {
-    onSend: (data: { email: string; confirmationUrlPath: string; }) => EmailWithoutTo | Promise<EmailWithoutTo>;
-    smtp: SMTPConfig;
-    onConfirmed: (data: { confirmationUrlPath: string; }) => void | Promise<void>;
-  };
-};
-
-export type AuthProviderUserData = 
-| {
-  provider: "google";
-  profile: GoogleProfile;
-  accessToken: string; 
-  refreshToken: string;
-}
-| {
-  provider: "github";
-  profile: GitHubProfile;
-  accessToken: string; 
-  refreshToken: string;
-}
-| {
-  provider: "facebook";
-  profile: FacebookProfile;
-  accessToken: string; 
-  refreshToken: string;
-}
-| {
-  provider: "microsoft";
-  profile: any;
-  accessToken: string; 
-  refreshToken: string;
-}
-
-export type RegistrationData = 
-| {
-  provider: "email";
-  profile: {
-    username: string;
-    password: string;
-  }
-} 
-| AuthProviderUserData;
-
-export type AuthRegistrationConfig<S> = {
-  email?: EmailProvider;
-
-  OAuthProviders?: ThirdPartyProviders;
-
-  /**
-   * Required for social login callback
-   */
-  websiteUrl: string;
-
-  /**
-   * Do something with the registered user
-   */
-  onRegister: (data: RegistrationData) => void | Promise<any>;
-
-  /**
-   * Used to stop abuse
-   */
-  onProviderLoginStart: (data: { provider: IdentityProvider; dbo: DBOFullyTyped<S>, db: DB; req: ExpressReq, res: ExpressRes; clientInfo: LoginClientInfo }) => Promise<{ error: string; } | { ok: true; }>;
-
-  /**
-   * Used to identify abuse
-   */
-  onProviderLoginFail: (data: { provider: IdentityProvider; error: any; dbo: DBOFullyTyped<S>, db: DB; req: ExpressReq, res: ExpressRes; clientInfo: LoginClientInfo }) => void | Promise<void>;
-};
-
-export type SessionUser<ServerUser extends UserLike = UserLike, ClientUser extends UserLike = UserLike> = {
-  /** 
-   * This user will be available in all serverside prostgles options
-   * id and type values will be available in the prostgles.user session variable in postgres
-   * */
-  user: ServerUser;
-  /**
-   * Controls which fields from user are available in postgres session variable
-   */
-  sessionFields?: FieldFilter<ServerUser>;
-  /**
-   * User data sent to the authenticated client
-   */
-  clientUser: ClientUser;
-}
-
-export type AuthResult<SU = SessionUser> = SU & { sid: string; } | {
-  user?: undefined; 
-  clientUser?: undefined; 
-  sid?: string;
-} | undefined;
-
-export type AuthRequestParams<S, SUser extends SessionUser> = { db: DB, dbo: DBOFullyTyped<S>; getUser: () => Promise<AuthResult<SUser>> }
-
-export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
-  /**
-   * Name of the cookie or socket hadnshake query param that represents the session id. 
-   * Defaults to "session_id"
-   */
-  sidKeyName?: string;
-
-  /**
-   * Response time rounding in milliseconds to prevent timing attacks on login. Login response time should always be a multiple of this value. Defaults to 500 milliseconds
-   */
-  responseThrottle?: number;
-
-  /**
-   * Will setup auth routes 
-   *  /login
-   *  /logout
-   *  /magic-link/:id
-   */
-  expressConfig?: {
-
-    /**
-     * Express app instance. If provided Prostgles will attempt to set sidKeyName to user cookie
-     */
-    app: Express;
-
-    /**
-     * Options used in setting the cookie after a successful login
-     */
-    cookieOptions?: AnyObject;
-
-    /**
-     * False by default. If false and userRoutes are provided then the socket will request window.location.reload if the current url is on a user route.
-     */
-    disableSocketAuthGuard?: boolean;
-
-    /**
-     * If provided, any client requests to NOT these routes (or their subroutes) will be redirected to loginRoute (if logged in) and then redirected back to the initial route after logging in
-     * If logged in the user is allowed to access these routes
-     */
-    publicRoutes?: string[];
-
-    /**
-     * Will attach a app.use listener and will expose getUser
-     * Used for blocking access
-     */
-    use?: (args: { req: ExpressReq; res: ExpressRes, next: NextFunction } & AuthRequestParams<S, SUser>) => void | Promise<void>;
-
-    /**
-     * Will be called after a GET request is authorised
-     * This means that 
-     */
-    onGetRequestOK?: (
-      req: ExpressReq, 
-      res: ExpressRes, 
-      params: AuthRequestParams<S, SUser>
-    ) => any;
-
-    /**
-     * If defined, will check the magic link id and log in the user and redirect to the returnUrl if set
-     */
-    magicLinks?: {
-
-      /**
-       * Used in creating a session/logging in using a magic link
-       */
-      check: (magicId: string, dbo: DBOFullyTyped<S>, db: DB, client: LoginClientInfo) => Awaitable<BasicSession | undefined>;
-    }
-
-    registrations?: AuthRegistrationConfig<S>;
-  }
-
-  /**
-   * undefined sid is allowed to enable public users
-   */
-  getUser: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB, client: AuthClientRequest & LoginClientInfo) => Awaitable<AuthResult<SUser>>;
-
-  login?: (params: LoginParams, dbo: DBOFullyTyped<S>, db: DB, client: LoginClientInfo) => Awaitable<BasicSession> | BasicSession;
-  logout?: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<any>;
-
-  /**
-   * If provided then session info will be saved on socket.__prglCache and reused from there
-   */
-  cacheSession?: {
-    getSession: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<BasicSession>
-  }
-}
-
-
-export type LoginParams = 
-| { type: "username"; username: string; password: string; [key: string]: any }
-| ({ type: "provider"; } & AuthProviderUserData)

package/lib/Auth/getSafeReturnURL.ts

@@ -1,35 +0,0 @@
-export const getSafeReturnURL = (returnURL: string, returnUrlParamName: string, quiet = false) => {
-  /** Dissalow redirect to other domains */
-  if(returnURL) {
-    const allowedOrigin = "https://localhost";
-    const { origin, pathname, search, searchParams } = new URL(returnURL, allowedOrigin);
-    if(
-      origin !== allowedOrigin ||
-      returnURL !== `${pathname}${search}` ||
-      searchParams.get(returnUrlParamName)
-    ){
-      if(!quiet){
-        console.error(`Unsafe returnUrl: ${returnURL}. Redirecting to /`);
-      }
-      return "/";
-    }
-
-    return returnURL;
-  }
-}
-
-const issue = ([
-  ["https://localhost", "/"],
-  ["//localhost.bad.com", "/"],
-  ["//localhost.com", "/"],
-  ["/localhost/com", "/localhost/com"],
-  ["/localhost/com?here=there", "/localhost/com?here=there"],
-  ["/localhost/com?returnUrl=there", "/"],
-  ["//http://localhost.com", "/"],
-  ["//abc.com", "/"],
-  ["///abc.com", "/"],
-] as const).find(([returnURL, expected]) => getSafeReturnURL(returnURL, "returnUrl", true) !== expected);
-
-if(issue){
-  throw new Error(`getSafeReturnURL failed for ${issue[0]}. Expected: ${issue[1]}`);
-}

package/lib/Auth/sendEmail.ts

@@ -1,83 +0,0 @@
-import { Email, SMTPConfig } from "./AuthTypes";
-import nodemailer from "nodemailer";
-import aws from "@aws-sdk/client-ses";
-import SESTransport from "nodemailer/lib/ses-transport";
-
-type SESTransporter =  nodemailer.Transporter<SESTransport.SentMessageInfo, SESTransport.Options>;
-type SMTPTransporter = nodemailer.Transporter<nodemailer.SentMessageInfo, nodemailer.TransportOptions>;
-type Transporter = SESTransporter | SMTPTransporter;
-
-const transporterCache: Map<string, Transporter> = new Map();
-
-/**
- * Allows sending emails using nodemailer default config or AWS SES
- * https://www.nodemailer.com/transports/ses/
- */
-export const sendEmail = (smptConfig: SMTPConfig, email: Email) => {
-  const configStr = JSON.stringify(smptConfig);
-  const transporter = transporterCache.get(configStr) ?? getTransporter(smptConfig);
-  if(!transporterCache.has(configStr)){
-    transporterCache.set(configStr, transporter);
-  }
-
-  return send(transporter, email);
-}
-
-const getTransporter = (smptConfig: SMTPConfig) => {
-  let transporter: Transporter | undefined;
-  if(smptConfig.type === "aws-ses"){
-    const { 
-      region, 
-      accessKeyId, 
-      secretAccessKey,
-      /**
-       * max 1 messages/second
-       */
-      sendingRate = 1 
-    } = smptConfig;
-    const ses = new aws.SES({
-      apiVersion: "2010-12-01",
-      region,
-      credentials: {
-        accessKeyId,
-        secretAccessKey
-      }
-    });
-
-    transporter = nodemailer.createTransport({
-      SES: { ses, aws },
-      maxConnections: 1,
-      sendingRate 
-    });
-
-  } else {
-    const { user, pass, host, port, secure } = smptConfig;
-    transporter = nodemailer.createTransport({
-      host,
-      port,
-      secure,
-      auth: { user, pass }
-    });
-  }
-
-  return transporter;
-}
-
-const send = (transporter: Transporter, email: Email) => {
-  return new Promise((resolve, reject) => {
-    transporter.once('idle', () => {
-      if (transporter.isIdle()) {
-        transporter.sendMail(
-          email,
-          (err, info) => {
-            if(err){
-              reject(err);
-            } else {
-              resolve(info);
-            }
-          }
-        );
-      }
-    });
-  });
-};

package/lib/Auth/setAuthProviders.ts

@@ -1,129 +0,0 @@
-import type e from "express";
-import { RequestHandler } from "express";
-import { Strategy as FacebookStrategy } from "passport-facebook";
-import { Strategy as GitHubStrategy } from "passport-github2";
-import { Strategy as GoogleStrategy } from "passport-google-oauth20";
-import { Strategy as MicrosoftStrategy } from "passport-microsoft";
-import { AuthSocketSchema, getObjectEntries, isEmpty } from "prostgles-types";
-import { getErrorAsObject } from "../DboBuilder/dboBuilderUtils";
-import { removeExpressRouteByName } from "../FileManager/FileManager";
-import { AUTH_ROUTES_AND_PARAMS, AuthHandler, getLoginClientInfo } from "./AuthHandler";
-import { Auth } from './AuthTypes';
-import { setEmailProvider } from "./setEmailProvider";
-/** For some reason normal import is undefined */
-const passport = require("passport") as typeof import("passport");
-
-export const upsertNamedExpressMiddleware = (app: e.Express, handler: RequestHandler, name: string) => {
-  const funcName = name;
-  Object.defineProperty(handler, "name", { value: funcName });
-  removeExpressRouteByName(app, name);
-  app.use(handler);
-}
-
-export function setAuthProviders (this: AuthHandler, { registrations, app }: Required<Auth>["expressConfig"]) {
-  if(!registrations) return;
-  const { onRegister, onProviderLoginFail, onProviderLoginStart, websiteUrl, OAuthProviders } = registrations;
-
-  setEmailProvider.bind(this)(app);
-
-  if(!OAuthProviders || isEmpty(OAuthProviders)){
-    return;
-  }
-
-  upsertNamedExpressMiddleware(app, passport.initialize(), "prostglesPassportMiddleware");
-
-  getObjectEntries(OAuthProviders).forEach(([providerName, providerConfig]) => {
-
-    if(!providerConfig?.clientID){
-      return;
-    }
-
-    const { authOpts, ...config } = providerConfig;
-    
-    const strategy = providerName === "google" ? GoogleStrategy :
-      providerName === "github" ? GitHubStrategy :
-      providerName === "facebook" ? FacebookStrategy :
-      providerName === "microsoft" ? MicrosoftStrategy : 
-      undefined
-    ;
-
-    const callbackPath = `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}/callback`;
-    passport.use(
-      new (strategy as typeof GoogleStrategy)(
-        {
-          ...config,
-          callbackURL: `${websiteUrl}${callbackPath}`,
-        },
-        async (accessToken, refreshToken, profile, done) => {
-          // This callback is where you would normally store or retrieve user info from the database
-          await onRegister({ provider: providerName as "google", accessToken, refreshToken, profile });
-          return done(null, profile, { accessToken, refreshToken, profile });
-        }
-      )
-    );
-
-    app.get(`${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}`,
-      passport.authenticate(providerName, authOpts ?? {})
-    );
-
-    app.get(
-      callbackPath,
-      async (req, res) => {
-        try {
-          const clientInfo = getLoginClientInfo({ httpReq: req });
-          const db = this.db;
-          const dbo = this.dbo as any;
-          const args = { provider: providerName, req, res, clientInfo, db, dbo };
-          const startCheck = await onProviderLoginStart(args);
-          if("error" in startCheck){
-            res.status(500).json({ error: startCheck.error });
-            return;
-          }
-          passport.authenticate(
-            providerName, 
-            {
-              session: false, 
-              failureRedirect: "/login",
-              failWithError: true,
-            },
-            async (error: any, _profile: any, authInfo: any) => {
-              if(error){
-                await onProviderLoginFail({ ...args, error });
-                res.status(500).json({
-                  error: "Failed to login with provider",
-                });
-              } else {
-                this.loginThrottledAndSetCookie(req, res, { type: "provider", provider: providerName, ...authInfo })
-                .catch((e: any) => {
-                  res.status(500).json(getErrorAsObject(e));
-                });
-              }
-            } 
-          )(req, res);
-
-        } catch (_e) {
-          res.status(500).json({ error: "Something went wrong" });
-        }
-      }
-    );
-
-  });
-}
-
-export function getProviders(this: AuthHandler): AuthSocketSchema["providers"] | undefined {
-  const { registrations } = this.opts?.expressConfig ?? {}
-  if(!registrations) return undefined;
-  const {  OAuthProviders } = registrations;
-  if(!OAuthProviders || isEmpty(OAuthProviders)) return undefined;
- 
-  const result: AuthSocketSchema["providers"] = {}
-  getObjectEntries(OAuthProviders).forEach(([providerName, config]) => {
-    if(config?.clientID){
-      result[providerName] = {
-        url: `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}`,
-      }
-    }
-  });
-
-  return result;
-}

package/lib/Auth/setEmailProvider.ts

@@ -1,63 +0,0 @@
-import e from "express";
-import { AUTH_ROUTES_AND_PARAMS, AuthHandler } from "./AuthHandler";
-import { Email, SMTPConfig } from "./AuthTypes";
-import { sendEmail } from "./sendEmail";
-
-export function setEmailProvider(this: AuthHandler, app: e.Express) {
-  
-  const { email, websiteUrl } = this.opts?.expressConfig?.registrations ?? {};
-  if(!email) return;
-
-  app.post(AUTH_ROUTES_AND_PARAMS.emailSignup, async (req, res) => {
-    const { username, password } = req.body;
-    let validationError = "";
-    if(typeof username !== "string"){
-      validationError = "Invalid username";
-    }
-    if(email.signupType === "withPassword"){
-      const { minPasswordLength = 8 } = email;
-      if(typeof password !== "string"){
-        validationError = "Invalid password";
-      } else if(password.length < minPasswordLength){
-        validationError = `Password must be at least ${minPasswordLength} characters long`;
-      }
-    }
-    if(validationError){
-      res.status(400).json({ error: validationError });
-      return;
-    }
-    try {
-      let emailMessage: undefined | { message: Email; smtp: SMTPConfig };
-      if(email.signupType === "withPassword"){
-        if(email.emailConfirmation){
-          const { onSend, smtp } = email.emailConfirmation;
-          const message = await onSend({ email: username, confirmationUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.confirmEmail}` });
-          emailMessage = { message: { ...message, to: username }, smtp };
-        }
-      } else {
-        const { emailMagicLink } = email;
-        const message = await emailMagicLink.onSend({ email: username, magicLinkPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.magicLinksRoute}` });
-        emailMessage = { message: { ...message, to: username }, smtp: emailMagicLink.smtp };
-      }
-
-      if(emailMessage){
-        await sendEmail(emailMessage.smtp, emailMessage.message);
-        res.json({ msg: "Email sent" });
-      }
-    } catch {
-      res.status(500).json({ error: "Failed to send email" });
-    }
-  });
-
-  if(email.signupType === "withPassword" && email.emailConfirmation){
-    app.get(AUTH_ROUTES_AND_PARAMS.confirmEmailExpressRoute, async (req, res) => {
-      const { id } = req.params ?? {};
-      try {
-        await email.emailConfirmation?.onConfirmed({ confirmationUrlPath: id });
-        res.json({ msg: "Email confirmed" });
-      } catch (_e) {
-        res.status(500).json({ error: "Failed to confirm email" });
-      }
-    });
-  }
-}