prostgles-server 4.2.159 → 4.2.161

package/dist/Auth/setEmailProvider.js

@@ -68,9 +68,9 @@ async function setEmailProvider(app) {
 }
 exports.setEmailProvider = setEmailProvider;
 const checkDmarc = async (websiteUrl) => {
-    const { host } = new URL(websiteUrl);
+    const { host, hostname } = new URL(websiteUrl);
     const ignoredHosts = ["localhost", "127.0.0.1"];
-    if (!host || ignoredHosts.includes(host)) {
+    if (!hostname || ignoredHosts.includes(hostname)) {
         return;
     }
     const dmarc = await node_dns_1.promises.resolveTxt(`_dmarc.${host}`);

package/dist/Auth/setEmailProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"setEmailProvider.js","sourceRoot":"","sources":["../../lib/Auth/setEmailProvider.ts"],"names":[],"mappings":";;;AACA,+CAAoE;AAEpE,2CAAwC;AACxC,uCAAoC;AAE7B,KAAK,UAAU,gBAAgB,CAAoB,GAAc;IAEtE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,aAAa,IAAI,EAAE,CAAC;IAC5E,IAAG,CAAC,KAAK;QAAE,OAAO;IAClB,IAAG,UAAU,EAAC,CAAC;QACb,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,oCAAsB,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC9D,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QACxC,IAAI,eAAe,GAAG,EAAE,CAAC;QACzB,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAC,CAAC;YAC/B,eAAe,GAAG,kBAAkB,CAAC;QACvC,CAAC;QACD,IAAG,KAAK,CAAC,UAAU,KAAK,cAAc,EAAC,CAAC;YACtC,MAAM,EAAE,iBAAiB,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC;YACxC,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAC,CAAC;gBAC/B,eAAe,GAAG,kBAAkB,CAAC;YACvC,CAAC;iBAAM,IAAG,QAAQ,CAAC,MAAM,GAAG,iBAAiB,EAAC,CAAC;gBAC7C,eAAe,GAAG,6BAA6B,iBAAiB,kBAAkB,CAAC;YACrF,CAAC;QACH,CAAC;QACD,IAAG,eAAe,EAAC,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,IAAI,YAA8D,CAAC;YACnE,IAAG,KAAK,CAAC,UAAU,KAAK,cAAc,EAAC,CAAC;gBACtC,IAAG,KAAK,CAAC,iBAAiB,EAAC,CAAC;oBAC1B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,iBAAiB,CAAC;oBACjD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,UAAU,GAAG,oCAAsB,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;oBAC9H,YAAY,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;gBACjE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;gBACjC,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,UAAU,GAAG,oCAAsB,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;gBAC1I,YAAY,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;YACtF,CAAC;YAED,IAAG,YAAY,EAAC,CAAC;gBACf,MAAM,IAAA,qBAAS,EAAC,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;gBACzD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAG,KAAK,CAAC,UAAU,KAAK,cAAc,IAAI,KAAK,CAAC,iBAAiB,EAAC,CAAC;QACjE,GAAG,CAAC,GAAG,CAAC,oCAAsB,CAAC,wBAAwB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC1E,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,iBAAiB,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC,CAAC;gBACrE,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,EAAE,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AA5DD,4CA4DC;AAED,MAAM,UAAU,GAAG,KAAK,EAAE,UAAkB,EAAE,EAAE;IAC9C,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,YAAY,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;IAC/C,IAAG,CAAC,IAAI,IAAI,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAC,CAAC;QACvC,OAAO;IACT,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,mBAAQ,CAAC,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/B,IACE,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC;QAC/B,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,EACzE,CAAC;QACA,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;IACpC,CAAC;AACH,CAAC,CAAA"}
+{"version":3,"file":"setEmailProvider.js","sourceRoot":"","sources":["../../lib/Auth/setEmailProvider.ts"],"names":[],"mappings":";;;AACA,+CAAoE;AAEpE,2CAAwC;AACxC,uCAAoC;AAE7B,KAAK,UAAU,gBAAgB,CAAoB,GAAc;IAEtE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,aAAa,IAAI,EAAE,CAAC;IAC5E,IAAG,CAAC,KAAK;QAAE,OAAO;IAClB,IAAG,UAAU,EAAC,CAAC;QACb,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,oCAAsB,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC9D,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QACxC,IAAI,eAAe,GAAG,EAAE,CAAC;QACzB,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAC,CAAC;YAC/B,eAAe,GAAG,kBAAkB,CAAC;QACvC,CAAC;QACD,IAAG,KAAK,CAAC,UAAU,KAAK,cAAc,EAAC,CAAC;YACtC,MAAM,EAAE,iBAAiB,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC;YACxC,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAC,CAAC;gBAC/B,eAAe,GAAG,kBAAkB,CAAC;YACvC,CAAC;iBAAM,IAAG,QAAQ,CAAC,MAAM,GAAG,iBAAiB,EAAC,CAAC;gBAC7C,eAAe,GAAG,6BAA6B,iBAAiB,kBAAkB,CAAC;YACrF,CAAC;QACH,CAAC;QACD,IAAG,eAAe,EAAC,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,IAAI,YAA8D,CAAC;YACnE,IAAG,KAAK,CAAC,UAAU,KAAK,cAAc,EAAC,CAAC;gBACtC,IAAG,KAAK,CAAC,iBAAiB,EAAC,CAAC;oBAC1B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,iBAAiB,CAAC;oBACjD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,UAAU,GAAG,oCAAsB,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;oBAC9H,YAAY,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;gBACjE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;gBACjC,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,UAAU,GAAG,oCAAsB,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;gBAC1I,YAAY,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;YACtF,CAAC;YAED,IAAG,YAAY,EAAC,CAAC;gBACf,MAAM,IAAA,qBAAS,EAAC,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;gBACzD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAG,KAAK,CAAC,UAAU,KAAK,cAAc,IAAI,KAAK,CAAC,iBAAiB,EAAC,CAAC;QACjE,GAAG,CAAC,GAAG,CAAC,oCAAsB,CAAC,wBAAwB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC1E,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,iBAAiB,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC,CAAC;gBACrE,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,EAAE,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AA5DD,4CA4DC;AAED,MAAM,UAAU,GAAG,KAAK,EAAE,UAAkB,EAAE,EAAE;IAC9C,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;IAC/C,IAAG,CAAC,QAAQ,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,mBAAQ,CAAC,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/B,IACE,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC;QAC/B,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC,EACzE,CAAC;QACA,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;IACpC,CAAC;AACH,CAAC,CAAA"}

package/lib/Auth/AuthHandler.ts

@@ -0,0 +1,436 @@
+import { AnyObject, AuthGuardLocation, AuthGuardLocationResponse, CHANNELS, AuthSocketSchema } from "prostgles-types";
+import { LocalParams, PRGLIOSocket } from "../DboBuilder/DboBuilder";
+import { DBOFullyTyped } from "../DBSchemaBuilder";
+import { removeExpressRoute } from "../FileManager/FileManager";
+import { DB, DBHandlerServer, Prostgles } from "../Prostgles";
+import { Auth, AuthClientRequest, AuthResult, BasicSession, ExpressReq, ExpressRes, LoginClientInfo, LoginParams } from "./AuthTypes"
+import { getSafeReturnURL } from "./getSafeReturnURL";
+import { setupAuthRoutes } from "./setupAuthRoutes";
+import { getProviders } from "./setAuthProviders";
+
+export const HTTPCODES = { 
+  AUTH_ERROR: 401,
+  NOT_FOUND: 404,
+  BAD_REQUEST: 400,
+  INTERNAL_SERVER_ERROR: 500,
+};
+
+export const getLoginClientInfo = (req: AuthClientRequest): AuthClientRequest & LoginClientInfo => {
+  if("httpReq" in req){
+    const ip_address = req.httpReq.ip;
+    if(!ip_address) throw new Error("ip_address missing from req.httpReq");
+    const user_agent = req.httpReq.headers["user-agent"];
+    return { 
+      ...req, 
+      ip_address,
+      ip_address_remote: req.httpReq.connection.remoteAddress,
+      x_real_ip: req.httpReq.headers['x-real-ip'] as any,
+      user_agent,
+    };
+  } else {
+    return {
+      ...req,
+      ip_address: req.socket.handshake.address,
+      ip_address_remote: req.socket.request.connection.remoteAddress,
+      x_real_ip: req.socket.handshake.headers?.["x-real-ip"],
+      user_agent: req.socket.handshake.headers?.['user-agent'],
+    }
+  }
+}
+
+export const AUTH_ROUTES_AND_PARAMS = {
+  login: "/login",
+  loginWithProvider: "/auth",
+  emailSignup: "/register",
+  returnUrlParamName: "returnURL",
+  sidKeyName: "session_id",
+  logoutGetPath: "/logout",
+  magicLinksRoute: "/magic-link",
+  magicLinksExpressRoute: "/magic-link/:id",
+  confirmEmail: "/confirm-email",
+  confirmEmailExpressRoute: "/confirm-email/:id",
+  catchAll: "*",
+} as const;
+
+export class AuthHandler {
+  protected prostgles: Prostgles;
+  protected opts?: Auth;
+  dbo: DBHandlerServer;
+  db: DB;
+
+  constructor(prostgles: Prostgles) {
+    this.prostgles = prostgles;
+    this.opts = prostgles.opts.auth as any;
+    if(!prostgles.dbo || !prostgles.db) throw "dbo or db missing";
+    this.dbo = prostgles.dbo;
+    this.db = prostgles.db;
+  }
+
+  get sidKeyName() {
+    return this.opts?.sidKeyName ?? AUTH_ROUTES_AND_PARAMS.sidKeyName;
+  }
+
+  validateSid = (sid: string | undefined) => {
+    if (!sid) return undefined;
+    if (typeof sid !== "string") throw "sid missing or not a string";
+    return sid;
+  }
+
+  matchesRoute = (route: string | undefined, clientFullRoute: string) => {
+    return route && clientFullRoute && (
+      route === clientFullRoute ||
+      clientFullRoute.startsWith(route) && ["/", "?", "#"].includes(clientFullRoute[route.length] ?? "")
+    )
+  }
+
+  isUserRoute = (pathname: string) => {
+    const { login, logoutGetPath, magicLinksRoute, loginWithProvider } = AUTH_ROUTES_AND_PARAMS;
+    const pubRoutes = [
+      ...this.opts?.expressConfig?.publicRoutes || [],
+      login, logoutGetPath, magicLinksRoute, loginWithProvider,
+    ].filter(publicRoute => publicRoute);
+
+    return !pubRoutes.some(publicRoute => {
+      return this.matchesRoute(publicRoute, pathname);
+    });
+  }
+
+  setCookieAndGoToReturnURLIFSet = (cookie: { sid: string; expires: number; }, r: { req: ExpressReq; res: ExpressRes }) => {
+    const { sid, expires } = cookie;
+    const { res, req } = r;
+    if (sid) {
+      const maxAgeOneDay = 60 * 60 * 24; // 24 hours;
+      type CD = { maxAge: number } | { expires: Date }
+      let cookieDuration: CD = {
+        maxAge: maxAgeOneDay
+      }
+      if(expires && Number.isFinite(expires) && !isNaN(+ new Date(expires))){
+        // const maxAge = (+new Date(expires)) - Date.now();
+        cookieDuration = { expires: new Date(expires) };
+        const days = (+cookieDuration.expires - Date.now())/(24 * 60 * 60e3);
+        if(days >= 400){
+          console.warn(`Cookie expiration is higher than the Chrome 400 day limit: ${days}days`)
+        }
+      }
+      
+      const cookieOpts = { 
+        ...cookieDuration, 
+        httpOnly: true, // The cookie only accessible by the web server
+        //signed: true // Indicates if the cookie should be signed
+        secure: true, 
+        sameSite: "strict" as const, 
+        ...(this.opts?.expressConfig?.cookieOptions || {}) 
+      };
+      const cookieData = sid;
+      res.cookie(this.sidKeyName, cookieData, cookieOpts);
+      const successURL = this.getReturnUrl(req) || "/";
+      res.redirect(successURL);
+
+    } else {
+      throw ("no user or session")
+    }
+  }
+
+  getUser = async (clientReq: { httpReq: ExpressReq; }): Promise<AuthResult> => {
+    if(!this.opts?.getUser) {
+      throw "this.opts.getUser missing";
+    }
+    const sid = clientReq.httpReq?.cookies?.[this.sidKeyName];
+    if (!sid) return undefined;
+
+    try {
+      return this.throttledFunc(async () => {
+        return this.opts!.getUser(this.validateSid(sid), this.dbo as any, this.db, getLoginClientInfo(clientReq));
+      }, 50)
+    } catch (err) {
+      console.error(err);
+    }
+    return undefined;
+  }
+
+  init = setupAuthRoutes.bind(this);
+
+  getReturnUrl = (req: ExpressReq) => {
+    const { returnUrlParamName } = AUTH_ROUTES_AND_PARAMS;
+    if (returnUrlParamName && req?.query?.[returnUrlParamName]) {
+      const returnURL = decodeURIComponent(req?.query?.[returnUrlParamName] as string);
+      
+      return getSafeReturnURL(returnURL, returnUrlParamName);
+    }
+    return null;
+  }
+
+  destroy = () => {
+    const app = this.opts?.expressConfig?.app;
+    const { login, logoutGetPath, magicLinksExpressRoute, catchAll, loginWithProvider, emailSignup, magicLinksRoute, confirmEmail, confirmEmailExpressRoute } = AUTH_ROUTES_AND_PARAMS;
+    removeExpressRoute(app, [login, logoutGetPath, magicLinksExpressRoute, catchAll, loginWithProvider, emailSignup, magicLinksRoute, confirmEmail, confirmEmailExpressRoute]);
+  }
+
+  throttledFunc = <T>(func: () => Promise<T>, throttle = 500): Promise<T> => {
+
+    return new Promise(async (resolve, reject) => {
+
+      let result: any, error: any, finished = false;
+
+      /**
+       * Throttle reject response times to prevent timing attacks
+       */
+      const interval = setInterval(() => {
+        if (finished) {
+          clearInterval(interval);
+          if (error) {
+            reject(error);
+          } else {
+            resolve(result)
+          }
+        }
+      }, throttle);
+
+
+      try {
+        result = await func();
+        resolve(result);
+        clearInterval(interval);
+      } catch (err) {
+        console.log(err)
+        error = err;
+      }
+
+      finished = true;
+    })
+  }
+
+  loginThrottled = async (params: LoginParams, client: LoginClientInfo): Promise<BasicSession> => {
+    if (!this.opts?.login) throw "Auth login config missing";
+    const { responseThrottle = 500 } = this.opts;
+
+    return this.throttledFunc(async () => {
+      const result = await this.opts?.login?.(params, this.dbo as DBOFullyTyped, this.db, client);
+      const err = {
+        msg: "Bad login result type. \nExpecting: undefined | null | { sid: string; expires: number } but got: " + JSON.stringify(result) 
+      }
+      
+      if(!result) throw err;
+      if(result && (typeof result.sid !== "string" || typeof result.expires !== "number") || !result && ![undefined, null].includes(result)) {
+        throw err
+      }
+      if(result && result.expires < Date.now()){
+        throw { msg: "auth.login() is returning an expired session. Can only login with a session.expires greater than Date.now()" }
+      }
+
+      return result;
+    }, responseThrottle);
+
+  };
+
+  loginThrottledAndSetCookie = async (req: ExpressReq, res: ExpressRes, loginParams: LoginParams) => {
+    const start = Date.now();
+    const { sid, expires } = await this.loginThrottled(loginParams, getLoginClientInfo({ httpReq: req })) || {};
+    await this.prostgles.opts.onLog?.({
+      type: "auth",
+      command: "login",
+      duration: Date.now() - start,
+      sid,
+      socketId: undefined,
+    });
+    
+    if (sid) {
+
+      this.setCookieAndGoToReturnURLIFSet({ sid, expires }, { req, res });
+
+    } else {
+      throw ("Internal error: no user or session")
+    }
+  }
+
+
+  /**
+   * Will return first sid value found in:
+   *  Bearer header 
+   *  http cookie 
+   *  query params
+   * Based on sid names in auth
+   */
+  getSID(localParams: LocalParams): string | undefined {
+    if (!this.opts) return undefined;
+
+    if (!localParams) return undefined;
+    const { sidKeyName } = this;
+    if (localParams.socket) {
+      const { handshake } = localParams.socket;
+      const querySid = handshake?.auth?.[sidKeyName] || handshake?.query?.[sidKeyName];
+      let rawSid = querySid;
+      if (!rawSid) {
+        const cookie_str = localParams.socket?.handshake?.headers?.cookie;
+        const cookie = parseCookieStr(cookie_str);
+        rawSid = cookie[sidKeyName];
+      }
+      return this.validateSid(rawSid);
+
+    } else if (localParams.httpReq) {
+      const [tokenType, base64Token] = localParams.httpReq.headers.authorization?.split(' ') ?? [];
+      let bearerSid: string | undefined;
+      if(tokenType && base64Token){
+        if(tokenType.trim() !== "Bearer"){
+          throw "Only Bearer Authorization header allowed";
+        }
+        bearerSid = Buffer.from(base64Token, 'base64').toString();
+      }
+      return this.validateSid(bearerSid ?? localParams.httpReq?.cookies?.[sidKeyName]);
+
+    } else throw "socket OR httpReq missing from localParams";
+
+    function parseCookieStr(cookie_str: string | undefined): any {
+      if (!cookie_str || typeof cookie_str !== "string") {
+        return {}
+      }
+
+      return cookie_str.replace(/\s/g, '')
+        .split(";")
+        .reduce<AnyObject>((prev, current) => {
+          const [name, value] = current.split('=');
+          prev[name!] = value;
+          return prev;
+        }, {});
+    }
+  }
+
+  /**
+   * Used for logging
+   */
+  getSIDNoError = (localParams: LocalParams | undefined): string | undefined => {
+    if(!localParams) return undefined;
+    try {
+      return this.getSID(localParams);
+    } catch {
+      return undefined;
+    }
+  }
+
+  async getClientInfo(localParams: Pick<LocalParams, "socket" | "httpReq">): Promise<AuthResult> {
+    if (!this.opts) return {};
+
+    const getSession = this.opts.cacheSession?.getSession;
+    const isSocket = "socket" in localParams;
+    if(isSocket){
+      if(getSession && localParams.socket?.__prglCache){
+        const { session, user, clientUser } = localParams.socket.__prglCache;
+        const isValid = this.isValidSocketSession(localParams.socket, session)
+        if(isValid){
+  
+          return {
+            sid: session.sid,
+            user, 
+            clientUser,
+          }
+        } else return {
+          sid: session.sid
+        };
+      } 
+    }
+
+    const authStart = Date.now();
+    const res = await this.throttledFunc(async () => {
+
+      const { getUser } = this.opts ?? {};
+
+      if (getUser && localParams && (localParams.httpReq || localParams.socket)) {
+        const sid = this.getSID(localParams);
+        const clientReq = localParams.httpReq? { httpReq: localParams.httpReq } : { socket: localParams.socket! };
+        let user, clientUser;
+        if(sid){
+          const res = await getUser(sid, this.dbo as any, this.db, getLoginClientInfo(clientReq)) as any;
+          user = res?.user;
+          clientUser = res?.clientUser;
+        }
+        if(getSession && isSocket){
+          const session = await getSession(sid, this.dbo as any, this.db)
+          if(session?.expires && user && clientUser && localParams.socket){
+            localParams.socket.__prglCache = { 
+              session,
+              user, 
+              clientUser,
+            }
+          }
+        }
+        if(sid) {
+          return { sid, user, clientUser }
+        }
+      }
+  
+      return {};
+    }, 5);
+
+    await this.prostgles.opts.onLog?.({ 
+      type: "auth", 
+      command: "getClientInfo", 
+      duration: Date.now() - authStart,
+      sid: res.sid,
+      socketId: localParams.socket?.id,
+    });
+    return res;
+  }
+
+  isValidSocketSession = (socket: PRGLIOSocket, session: BasicSession): boolean => {
+    const hasExpired = Boolean(session && session.expires <= Date.now())
+    if(this.opts?.expressConfig?.publicRoutes && !this.opts.expressConfig?.disableSocketAuthGuard){
+      const error = "Session has expired";
+      if(hasExpired){
+        if(session.onExpiration === "redirect")
+        socket.emit(CHANNELS.AUTHGUARD, { 
+          shouldReload: session.onExpiration === "redirect",
+          error
+        });
+        throw error;
+      }
+    }
+    return Boolean(session && !hasExpired);
+  }
+
+  getClientAuth = async (clientReq: Pick<LocalParams, "socket" | "httpReq">): Promise<{ auth: AuthSocketSchema; userData: AuthResult; }> => {
+
+    let pathGuard = false;
+    if (this.opts?.expressConfig?.publicRoutes && !this.opts.expressConfig?.disableSocketAuthGuard) {
+
+      pathGuard = true;
+
+      if("socket" in clientReq && clientReq.socket){
+        const { socket } = clientReq;
+        socket.removeAllListeners(CHANNELS.AUTHGUARD)
+        socket.on(CHANNELS.AUTHGUARD, async (params: AuthGuardLocation, cb = (_err: any, _res?: AuthGuardLocationResponse) => { /** EMPTY */ }) => {
+  
+          try {
+  
+            const { pathname, origin } = typeof params === "string" ? JSON.parse(params) : (params || {});
+            if (pathname && typeof pathname !== "string") {
+              console.warn("Invalid pathname provided for AuthGuardLocation: ", pathname);
+            }
+            
+            /** These origins  */
+            const IGNORED_API_ORIGINS = ["file://"]
+            if (!IGNORED_API_ORIGINS.includes(origin) && pathname && typeof pathname === "string" && this.isUserRoute(pathname) && !(await this.getClientInfo({ socket }))?.user) {
+              cb(null, { shouldReload: true });
+            } else {
+              cb(null, { shouldReload: false });
+            }
+  
+          } catch (err) {
+            console.error("AUTHGUARD err: ", err);
+            cb(err)
+          }
+        });
+
+      }
+    }
+
+    const userData = await this.getClientInfo(clientReq);
+    const auth: AuthSocketSchema = {
+      providers: getProviders.bind(this)(),
+      register: this.opts?.expressConfig?.registrations?.email && { type: this.opts?.expressConfig?.registrations?.email.signupType, url: AUTH_ROUTES_AND_PARAMS.emailSignup },
+      user: userData?.clientUser,
+      loginType: this.opts?.expressConfig?.registrations?.email?.signupType,
+      pathGuard,
+    };
+    return { auth, userData };
+  }
+}