prostgles-server 4.2.187 → 4.2.188

package/lib/Auth/AuthTypes.ts

@@ -1,27 +1,27 @@
 import { Express, NextFunction, Request, Response } from "express";
+import Mail from "nodemailer/lib/mailer";
+import type { AuthenticateOptions } from "passport";
+import type {
+  Profile as FacebookProfile,
+  StrategyOptions as FacebookStrategy,
+} from "passport-facebook";
+import type { Profile as GitHubProfile, StrategyOptions as GitHubStrategy } from "passport-github2";
+import type {
+  Profile as GoogleProfile,
+  StrategyOptions as GoogleStrategy,
+} from "passport-google-oauth20";
+import type { MicrosoftStrategyOptions } from "passport-microsoft";
 import {
   AnyObject,
-  EmailLoginResponse,
-  EmailRegisterResponse,
   FieldFilter,
   IdentityProvider,
+  AuthResponse,
   UserLike,
+  AuthRequest,
 } from "prostgles-types";
-import { DB } from "../Prostgles";
 import { DBOFullyTyped } from "../DBSchemaBuilder";
 import { PRGLIOSocket } from "../DboBuilder/DboBuilderTypes";
-import type { AuthenticateOptions } from "passport";
-import type {
-  StrategyOptions as GoogleStrategy,
-  Profile as GoogleProfile,
-} from "passport-google-oauth20";
-import type { StrategyOptions as GitHubStrategy, Profile as GitHubProfile } from "passport-github2";
-import type { MicrosoftStrategyOptions } from "passport-microsoft";
-import type {
-  StrategyOptions as FacebookStrategy,
-  Profile as FacebookProfile,
-} from "passport-facebook";
-import Mail from "nodemailer/lib/mailer";
+import { DB } from "../Prostgles";
 
 type Awaitable<T> = T | Promise<T>;
 
@@ -96,54 +96,55 @@ export type Email = {
 
 type EmailWithoutTo = Omit<Email, "to">;
 
-type EmailProvider =
+type MagicLinkAuthResponse =
+  | { response: AuthResponse.MagicLinkAuthFailure; email?: undefined }
+  | { response: AuthResponse.MagicLinkAuthSuccess; email: EmailWithoutTo };
+
+type PasswordRegisterResponse =
+  | { response: AuthResponse.PasswordRegisterFailure; email?: undefined }
+  | { response: AuthResponse.PasswordRegisterSuccess; email: EmailWithoutTo };
+
+export type EmailProvider =
   | {
       signupType: "withMagicLink";
-      onRegistered: (data: { username: string }) => Awaitable<EmailRegisterResponse>;
-      emailMagicLink: {
-        onSend: (data: {
-          email: string;
-          magicLinkPath: string;
-          clientInfo: LoginClientInfo;
-          req: ExpressReq;
-        }) => EmailWithoutTo | Promise<EmailWithoutTo>;
-        smtp: SMTPConfig;
-      };
+      onRegister: (data: {
+        email: string;
+        magicLinkUrlPath: string;
+        clientInfo: LoginClientInfo;
+        req: ExpressReq;
+      }) => Awaitable<MagicLinkAuthResponse>;
+      smtp: SMTPConfig;
     }
   | {
+      /**
+       * Users have to provide an email and a password.
+       * Account should be activated after email confirmation
+       */
       signupType: "withPassword";
-      onRegistered: (
-        data: { username: string; password: string },
-        clientInfo: LoginClientInfo
-      ) => Awaitable<EmailRegisterResponse>;
       /**
        * Defaults to 8
        */
       minPasswordLength?: number;
       /**
-       * If provided, the user will be required to confirm their email address
+       * Called when the user has registered
        */
-      emailConfirmation?: {
-        /**
-         * Called when the user has registered
-         */
-        onSend: (data: {
-          email: string;
-          password: string;
-          confirmationUrlPath: string;
-          clientInfo: LoginClientInfo;
-          req: ExpressReq;
-        }) => EmailWithoutTo | Promise<EmailWithoutTo>;
-        smtp: SMTPConfig;
-        /**
-         * Called after the user has clicked the URL to confirm their email address
-         */
-        onConfirmed: (data: {
-          confirmationCode: string;
-          clientInfo: LoginClientInfo;
-          req: ExpressReq;
-        }) => void | Promise<void>;
-      };
+      onRegister: (data: {
+        email: string;
+        password: string;
+        confirmationUrlPath: string;
+        clientInfo: LoginClientInfo;
+        req: ExpressReq;
+      }) => Awaitable<PasswordRegisterResponse>;
+      smtp: SMTPConfig;
+
+      /**
+       * Called after the user has clicked the URL to confirm their email address
+       */
+      onEmailConfirmation: (data: {
+        confirmationCode: string;
+        clientInfo: LoginClientInfo;
+        req: ExpressReq;
+      }) => void | Promise<void>;
     };
 
 export type AuthProviderUserData =
@@ -242,7 +243,7 @@ export type AuthResult<SU = SessionUser> =
   | {
       user?: undefined;
       clientUser?: undefined;
-      sid?: string;
+      sid?: string | undefined;
     }
   | undefined;
 
@@ -260,9 +261,14 @@ export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
   sidKeyName?: string;
 
   /**
-   * Response time rounding in milliseconds to prevent timing attacks on login. Login response time should always be a multiple of this value. Defaults to 500 milliseconds
+   * undefined sid is allowed to enable public users
    */
-  responseThrottle?: number;
+  getUser: (
+    sid: string | undefined,
+    dbo: DBOFullyTyped<S>,
+    db: DB,
+    client: AuthClientRequest & LoginClientInfo
+  ) => Awaitable<AuthResult<SUser>>;
 
   /**
    * Will setup auth routes
@@ -272,16 +278,6 @@ export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
    */
   expressConfig?: ExpressConfig<S, SUser>;
 
-  /**
-   * undefined sid is allowed to enable public users
-   */
-  getUser: (
-    sid: string | undefined,
-    dbo: DBOFullyTyped<S>,
-    db: DB,
-    client: AuthClientRequest & LoginClientInfo
-  ) => Awaitable<AuthResult<SUser>>;
-
   login?: (
     params: LoginParams,
     dbo: DBOFullyTyped<S>,
@@ -290,18 +286,35 @@ export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
   ) => Awaitable<LoginResponse>;
   logout?: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<any>;
 
+  /**
+   * Response time rounding in milliseconds to prevent timing attacks on login. Login response time should always be a multiple of this value. Defaults to 500 milliseconds
+   */
+  responseThrottle?: number;
+
   /**
    * If provided then session info will be saved on socket.__prglCache and reused from there
    */
   cacheSession?: {
-    getSession: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<BasicSession>;
+    getSession: (
+      sid: string | undefined,
+      dbo: DBOFullyTyped<S>,
+      db: DB
+    ) => Awaitable<BasicSession | undefined>;
   };
 };
 
-export type LoginResponse = BasicSession | Exclude<EmailLoginResponse, { success: true }>;
+export type LoginResponse =
+  | {
+      session: BasicSession;
+      response?: AuthResponse.PasswordLoginSuccess | AuthResponse.MagicLinkAuthSuccess;
+    }
+  | {
+      session?: undefined;
+      response: AuthResponse.PasswordLoginFailure | AuthResponse.MagicLinkAuthFailure;
+    };
 
 export type LoginParams =
-  | { type: "username"; username: string; password: string; [key: string]: any }
+  | ({ type: "username" } & AuthRequest.LoginData)
   | ({ type: "provider" } & AuthProviderUserData);
 
 type ExpressConfig<S, SUser extends SessionUser> = {
@@ -336,22 +349,25 @@ type ExpressConfig<S, SUser extends SessionUser> = {
    * Will be called after a GET request is authorised
    * This means that
    */
-  onGetRequestOK?: (req: ExpressReq, res: ExpressRes, params: AuthRequestParams<S, SUser>) => any;
+  onGetRequestOK?: (
+    req: ExpressReq,
+    res: ExpressRes,
+    params: AuthRequestParams<S, SUser>
+  ) => Awaitable<void>;
 
   /**
-   * If defined, will check the magic link id and log in the user and redirect to the returnUrl if set
+   * If defined, will enable GET /magic-link/:id route.
+   * Requests with valid magic link ids will be logged in and redirected to the returnUrl if set
    */
-  magicLinks?: {
-    /**
-     * Used in creating a session/logging in using a magic link
-     */
-    check: (
-      magicId: string,
-      dbo: DBOFullyTyped<S>,
-      db: DB,
-      client: LoginClientInfo
-    ) => Awaitable<BasicSession | undefined>;
-  };
+  onMagicLink?: (
+    magicId: string,
+    dbo: DBOFullyTyped<S>,
+    db: DB,
+    client: LoginClientInfo
+  ) => Awaitable<
+    | { session: BasicSession; response?: AuthResponse.MagicLinkAuthSuccess }
+    | { session?: undefined; response: AuthResponse.MagicLinkAuthFailure }
+  >;
 
   registrations?: AuthRegistrationConfig<S>;
 };

package/lib/Auth/authProviders/setEmailProvider.ts

@@ -0,0 +1,29 @@
+import e from "express";
+import { AUTH_ROUTES_AND_PARAMS, AuthHandler } from "../AuthHandler";
+import { getConfirmEmailRequestHandler } from "../endpoints/getConfirmEmailRequestHandler";
+import { getRegisterRequestHandler } from "../endpoints/getRegisterRequestHandler";
+import { getOrSetTransporter } from "../sendEmail";
+import { checkDmarc } from "../utils/checkDmarc";
+
+export async function setEmailProvider(this: AuthHandler, app: e.Express) {
+  const { email, websiteUrl } = this.opts.expressConfig?.registrations ?? {};
+  if (!email) return;
+  if (!websiteUrl) {
+    throw new Error("websiteUrl is required for email/magic-link registrations");
+  }
+  await checkDmarc(websiteUrl);
+
+  /**
+   * Setup nodemailer transporters
+   */
+  getOrSetTransporter(email.smtp);
+
+  app.post(
+    AUTH_ROUTES_AND_PARAMS.emailRegistration,
+    getRegisterRequestHandler({ email, websiteUrl })
+  );
+
+  if (email.signupType === "withPassword") {
+    app.get(AUTH_ROUTES_AND_PARAMS.confirmEmailExpressRoute, getConfirmEmailRequestHandler(email));
+  }
+}

package/lib/Auth/authProviders/setOAuthProviders.ts

@@ -0,0 +1,97 @@
+import * as passport from "passport";
+import { Strategy as FacebookStrategy } from "passport-facebook";
+import { Strategy as GitHubStrategy } from "passport-github2";
+import { Strategy as GoogleStrategy } from "passport-google-oauth20";
+import { Strategy as MicrosoftStrategy } from "passport-microsoft";
+import { getObjectEntries, isEmpty } from "prostgles-types";
+import { getErrorAsObject } from "../../DboBuilder/dboBuilderUtils";
+import { AUTH_ROUTES_AND_PARAMS, AuthHandler } from "../AuthHandler";
+import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
+import { AuthRegistrationConfig } from "../AuthTypes";
+import { upsertNamedExpressMiddleware } from "../setAuthProviders";
+import e from "express";
+
+export function setOAuthProviders(
+  this: AuthHandler,
+  app: e.Express,
+  registrations: AuthRegistrationConfig<void>
+) {
+  const { onProviderLoginFail, onProviderLoginStart, websiteUrl, OAuthProviders } = registrations;
+  if (!OAuthProviders || isEmpty(OAuthProviders)) {
+    return;
+  }
+
+  upsertNamedExpressMiddleware(app, passport.initialize(), "prostglesPassportMiddleware");
+
+  getObjectEntries(OAuthProviders).forEach(([providerName, providerConfig]) => {
+    if (!providerConfig?.clientID) {
+      return;
+    }
+
+    const { authOpts, ...config } = providerConfig;
+
+    const strategy =
+      providerName === "google" ? GoogleStrategy
+      : providerName === "github" ? GitHubStrategy
+      : providerName === "facebook" ? FacebookStrategy
+      : MicrosoftStrategy;
+    const callbackPath = `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}/callback`;
+    passport.use(
+      new (strategy as typeof GoogleStrategy)(
+        {
+          ...config,
+          callbackURL: `${websiteUrl}${callbackPath}`,
+        },
+        async (accessToken, refreshToken, profile, done) => {
+          // This callback is where you would normally store or retrieve user info from the database
+          return done(null, profile, { accessToken, refreshToken, profile });
+        }
+      )
+    );
+
+    app.get(
+      `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}`,
+      passport.authenticate(providerName, authOpts ?? {})
+    );
+
+    app.get(callbackPath, async (req, res) => {
+      try {
+        const clientInfo = getClientRequestIPsInfo({ httpReq: req });
+        const db = this.db;
+        const dbo = this.dbo as any;
+        const args = { provider: providerName, req, res, clientInfo, db, dbo };
+        const startCheck = await onProviderLoginStart?.(args);
+        if (startCheck && "error" in startCheck) {
+          res.status(500).json({ error: startCheck.error });
+          return;
+        }
+        passport.authenticate(
+          providerName,
+          {
+            session: false,
+            failureRedirect: "/login",
+            failWithError: true,
+          },
+          async (error: any, _profile: any, authInfo: any) => {
+            if (error) {
+              await onProviderLoginFail?.({ ...args, error });
+              res.status(500).json({
+                error: "Failed to login with provider",
+              });
+            } else {
+              this.loginThrottledAndSetCookie(req, res, {
+                type: "provider",
+                provider: providerName,
+                ...authInfo,
+              }).catch((e: any) => {
+                res.status(500).json(getErrorAsObject(e));
+              });
+            }
+          }
+        )(req, res);
+      } catch (_e) {
+        res.status(500).json({ error: "Something went wrong" });
+      }
+    });
+  });
+}

package/lib/Auth/endpoints/getConfirmEmailRequestHandler.ts

@@ -0,0 +1,39 @@
+import type { Request, Response } from "express";
+import { AuthResponse } from "prostgles-types";
+import { HTTP_FAIL_CODES } from "../AuthHandler";
+import { AuthRegistrationConfig } from "../AuthTypes";
+import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
+
+export const getConfirmEmailRequestHandler = (
+  emailAuthConfig: Extract<
+    Required<AuthRegistrationConfig<void>>["email"],
+    { signupType: "withPassword" }
+  >
+) => {
+  return async (
+    req: Request,
+    res: Response<
+      | AuthResponse.PasswordRegisterSuccess
+      | AuthResponse.PasswordRegisterFailure
+      | AuthResponse.AuthSuccess
+    >
+  ) => {
+    const { id } = req.params;
+    try {
+      if (!id || typeof id !== "string") {
+        return res.send({ success: false, code: "something-went-wrong", message: "Invalid code" });
+      }
+      const { httpReq, ...clientInfo } = getClientRequestIPsInfo({ httpReq: req });
+      await emailAuthConfig.onEmailConfirmation({
+        confirmationCode: id,
+        clientInfo,
+        req: httpReq,
+      });
+      res.json({ success: true, message: "Email confirmed" });
+    } catch (_e) {
+      res
+        .status(HTTP_FAIL_CODES.BAD_REQUEST)
+        .json({ success: false, code: "server-error", message: "Failed to confirm email" });
+    }
+  };
+};

package/lib/Auth/endpoints/getRegisterRequestHandler.ts

@@ -0,0 +1,83 @@
+import { RequestHandler, Response, Request } from "express";
+import { AuthResponse } from "prostgles-types";
+import { AUTH_ROUTES_AND_PARAMS, HTTP_FAIL_CODES } from "../AuthHandler";
+import type { AuthRegistrationConfig } from "../AuthTypes";
+import { sendEmail } from "../sendEmail";
+import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
+
+type ReturnType =
+  | AuthResponse.MagicLinkAuthFailure
+  | AuthResponse.MagicLinkAuthSuccess
+  | AuthResponse.PasswordRegisterFailure
+  | AuthResponse.PasswordRegisterSuccess;
+
+export const getRegisterRequestHandler = ({
+  email: emailAuthConfig,
+  websiteUrl,
+}: Required<Pick<AuthRegistrationConfig<void>, "email" | "websiteUrl">>) => {
+  const registerRequestHandler = async (req: Request, res: Response<ReturnType>) => {
+    const { username, password } = req.body;
+    const sendResponse = (response: ReturnType) => {
+      if (response.success) {
+        res.json(response);
+      } else {
+        res.status(HTTP_FAIL_CODES.BAD_REQUEST).json(response);
+      }
+    };
+    if (!username || typeof username !== "string") {
+      return sendResponse({ success: false, code: "username-missing" });
+    }
+    if (emailAuthConfig.signupType === "withPassword") {
+      const { minPasswordLength = 8 } = emailAuthConfig;
+      if (typeof password !== "string") {
+        return sendResponse({ success: false, code: "password-missing" });
+      } else if (password.length < minPasswordLength) {
+        return sendResponse({
+          success: false,
+          code: "weak-password",
+          message: `Password must be at least ${minPasswordLength} characters long`,
+        });
+      }
+    }
+    try {
+      const { httpReq, ...clientInfo } = getClientRequestIPsInfo({ httpReq: req });
+      const { smtp } = emailAuthConfig;
+      const registrationResult =
+        emailAuthConfig.signupType === "withPassword" ?
+          await emailAuthConfig.onRegister({
+            email: username,
+            password,
+            confirmationUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.confirmEmail}`,
+            clientInfo,
+            req: httpReq,
+          })
+        : await emailAuthConfig.onRegister({
+            email: username,
+            magicLinkUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.magicLinksRoute}`,
+            clientInfo,
+            req: httpReq,
+          });
+      if (!registrationResult.email) {
+        return sendResponse(registrationResult.response);
+      }
+
+      const emailMessage = { ...registrationResult.email, to: username };
+      await sendEmail(smtp, emailMessage);
+      return sendResponse({
+        ...registrationResult.response,
+        message:
+          emailAuthConfig.signupType === "withPassword" ?
+            `We've sent a confirmation email to ${emailMessage.to}. Please check your inbox (and your spam folder) for a message from us.`
+          : "Email sent",
+      });
+    } catch {
+      return sendResponse({
+        success: false,
+        code: "server-error",
+        message: "Failed to send email",
+      });
+    }
+  };
+
+  return registerRequestHandler;
+};

package/lib/Auth/setAuthProviders.ts

@@ -1,25 +1,16 @@
 import type e from "express";
 import { RequestHandler } from "express";
-import { Strategy as FacebookStrategy } from "passport-facebook";
-import { Strategy as GitHubStrategy } from "passport-github2";
-import { Strategy as GoogleStrategy } from "passport-google-oauth20";
-import { Strategy as MicrosoftStrategy } from "passport-microsoft";
 import { AuthSocketSchema, getObjectEntries, isEmpty } from "prostgles-types";
-import { getErrorAsObject } from "../DboBuilder/dboBuilderUtils";
 import { removeExpressRouteByName } from "../FileManager/FileManager";
-import {
-  AUTH_ROUTES_AND_PARAMS,
-  AuthHandler,
-  getLoginClientInfo,
-} from "./AuthHandler";
+import { AUTH_ROUTES_AND_PARAMS, AuthHandler } from "./AuthHandler";
 import { Auth } from "./AuthTypes";
-import { setEmailProvider } from "./setEmailProvider";
-import * as passport from "passport";
+import { setEmailProvider } from "./authProviders/setEmailProvider";
+import { setOAuthProviders } from "./authProviders/setOAuthProviders";
 
 export const upsertNamedExpressMiddleware = (
   app: e.Express,
   handler: RequestHandler,
-  name: string,
+  name: string
 ) => {
   const funcName = name;
   Object.defineProperty(handler, "name", { value: funcName });
@@ -29,110 +20,16 @@ export const upsertNamedExpressMiddleware = (
 
 export async function setAuthProviders(
   this: AuthHandler,
-  { registrations, app }: Required<Auth>["expressConfig"],
+  { registrations, app }: Required<Auth>["expressConfig"]
 ) {
   if (!registrations) return;
-  const {
-    onProviderLoginFail,
-    onProviderLoginStart,
-    websiteUrl,
-    OAuthProviders,
-  } = registrations;
 
   await setEmailProvider.bind(this)(app);
-
-  if (!OAuthProviders || isEmpty(OAuthProviders)) {
-    return;
-  }
-
-  upsertNamedExpressMiddleware(
-    app,
-    passport.initialize(),
-    "prostglesPassportMiddleware",
-  );
-
-  getObjectEntries(OAuthProviders).forEach(([providerName, providerConfig]) => {
-    if (!providerConfig?.clientID) {
-      return;
-    }
-
-    const { authOpts, ...config } = providerConfig;
-
-    const strategy =
-      providerName === "google"
-        ? GoogleStrategy
-        : providerName === "github"
-          ? GitHubStrategy
-          : providerName === "facebook"
-            ? FacebookStrategy
-            : providerName === "microsoft"
-              ? MicrosoftStrategy
-              : undefined;
-    const callbackPath = `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}/callback`;
-    passport.use(
-      new (strategy as typeof GoogleStrategy)(
-        {
-          ...config,
-          callbackURL: `${websiteUrl}${callbackPath}`,
-        },
-        async (accessToken, refreshToken, profile, done) => {
-          // This callback is where you would normally store or retrieve user info from the database
-          return done(null, profile, { accessToken, refreshToken, profile });
-        },
-      ),
-    );
-
-    app.get(
-      `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}`,
-      passport.authenticate(providerName, authOpts ?? {}),
-    );
-
-    app.get(callbackPath, async (req, res) => {
-      try {
-        const clientInfo = getLoginClientInfo({ httpReq: req });
-        const db = this.db;
-        const dbo = this.dbo as any;
-        const args = { provider: providerName, req, res, clientInfo, db, dbo };
-        const startCheck = await onProviderLoginStart?.(args);
-        if (startCheck && "error" in startCheck) {
-          res.status(500).json({ error: startCheck.error });
-          return;
-        }
-        passport.authenticate(
-          providerName,
-          {
-            session: false,
-            failureRedirect: "/login",
-            failWithError: true,
-          },
-          async (error: any, _profile: any, authInfo: any) => {
-            if (error) {
-              await onProviderLoginFail?.({ ...args, error });
-              res.status(500).json({
-                error: "Failed to login with provider",
-              });
-            } else {
-              this.loginThrottledAndSetCookie(req, res, {
-                type: "provider",
-                provider: providerName,
-                ...authInfo,
-              }).catch((e: any) => {
-                res.status(500).json(getErrorAsObject(e));
-              });
-            }
-          },
-        )(req, res);
-      } catch (_e) {
-        res.status(500).json({ error: "Something went wrong" });
-      }
-    });
-  });
+  await setOAuthProviders.bind(this)(app, registrations);
 }
 
-export function getProviders(
-  this: AuthHandler,
-): AuthSocketSchema["providers"] | undefined {
-  const { registrations } = this.opts?.expressConfig ?? {};
+export function getProviders(this: AuthHandler): AuthSocketSchema["providers"] | undefined {
+  const { registrations } = this.opts.expressConfig ?? {};
   if (!registrations) return undefined;
   const { OAuthProviders } = registrations;
   if (!OAuthProviders || isEmpty(OAuthProviders)) return undefined;