prostgles-server 4.2.269 → 4.2.271

package/lib/Auth/AuthHandler.ts

@@ -1,16 +1,8 @@
-import { AnyObject, AuthResponse, CHANNELS } from "prostgles-types";
+import { AnyObject, CHANNELS } from "prostgles-types";
 import { PRGLIOSocket } from "../DboBuilder/DboBuilder";
-import { DBOFullyTyped } from "../DBSchemaBuilder";
 import { removeExpressRoute } from "../FileManager/FileManager";
 import { DB, DBHandlerServer, Prostgles } from "../Prostgles";
-import {
-  AuthClientRequest,
-  AuthConfig,
-  AuthResult,
-  AuthResultWithSID,
-  BasicSession,
-  ExpressReq,
-} from "./AuthTypes";
+import { AuthClientRequest, AuthConfig, AuthResult, BasicSession, ExpressReq } from "./AuthTypes";
 import { LoginResponseHandler } from "./endpoints/setLoginRequestHandler";
 import { getClientAuth } from "./getClientAuth";
 import { login } from "./login";
@@ -18,7 +10,8 @@ import { setupAuthRoutes } from "./setupAuthRoutes";
 import { getClientRequestIPsInfo } from "./utils/getClientRequestIPsInfo";
 import { getReturnUrl } from "./utils/getReturnUrl";
 import { getSidAndUserFromRequest } from "./utils/getSidAndUserFromRequest";
-import { throttledAuthCall } from "./utils/throttledReject";
+import { getUserOrError } from "./utils/getUserOrError";
+import { handleGetUserThrottled } from "./utils/handleGetUser";
 
 export { getClientRequestIPsInfo };
 export const HTTP_FAIL_CODES = {
@@ -130,51 +123,8 @@ export class AuthHandler {
     const successURL = getReturnUrl(req) || "/";
     res.redirect(successURL);
   };
-
-  getUserOrError = async (localParams: AuthClientRequest): Promise<AuthResultWithSID> => {
-    const sid = this.getSID(localParams);
-    if (!sid) return { sid };
-
-    const isError = (
-      dataOrError: any
-    ): dataOrError is AuthResponse.AuthFailure["code"] | AuthResponse.AuthFailure => {
-      return Boolean(typeof dataOrError === "string" || (dataOrError && "success" in dataOrError));
-    };
-    try {
-      const userOrErrorCode = await throttledAuthCall(async () => {
-        return this.opts.getUser(
-          this.validateSid(sid),
-          this.dbo as DBOFullyTyped,
-          this.db,
-          getClientRequestIPsInfo(localParams),
-          localParams
-        );
-      }, 50);
-
-      if (isError(userOrErrorCode)) {
-        const error: AuthResponse.AuthFailure | undefined =
-          typeof userOrErrorCode === "string" ?
-            { success: false, code: userOrErrorCode }
-          : userOrErrorCode;
-
-        return {
-          sid,
-          error,
-        };
-      }
-      if (sid && userOrErrorCode?.user) {
-        return { sid, ...userOrErrorCode };
-      }
-      return {
-        sid,
-      };
-    } catch (_err) {
-      return {
-        sid,
-        error: { success: false, code: "server-error" },
-      };
-    }
-  };
+  handleGetUser = handleGetUserThrottled.bind(this);
+  getUserOrError = getUserOrError.bind(this);
 
   init = setupAuthRoutes.bind(this);
 
@@ -210,7 +160,7 @@ export class AuthHandler {
    *  - query params
    * Based on sidKeyName from auth
    */
-  getSID(maybeClientReq: AuthClientRequest | undefined): string | undefined {
+  getValidatedSid(maybeClientReq: AuthClientRequest | undefined): string | undefined {
     if (!maybeClientReq) return undefined;
     const { sidKeyName } = this;
     if (maybeClientReq.socket) {
@@ -225,18 +175,20 @@ export class AuthHandler {
         rawSid = cookie[sidKeyName];
       }
       return this.validateSid(rawSid);
-    } else {
-      const [tokenType, base64Token] =
-        maybeClientReq.httpReq.headers.authorization?.split(" ") ?? [];
-      let bearerSid: string | undefined;
-      if (tokenType && base64Token) {
-        if (tokenType.trim() !== "Bearer") {
-          throw "Only Bearer Authorization header allowed";
-        }
-        bearerSid = Buffer.from(base64Token, "base64").toString();
+    }
+
+    const [tokenType, base64Token] = maybeClientReq.httpReq.headers.authorization?.split(" ") ?? [];
+    let bearerSid: string | undefined;
+    if (tokenType && base64Token) {
+      if (tokenType.trim() !== "Bearer") {
+        throw "Only Bearer Authorization header allowed";
       }
-      return this.validateSid(bearerSid ?? maybeClientReq.httpReq.cookies?.[sidKeyName]);
+      bearerSid = Buffer.from(base64Token, "base64").toString();
     }
+    return this.validateSid(
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      bearerSid ?? (maybeClientReq.httpReq.cookies?.[sidKeyName] as string | undefined)
+    );
   }
 
   /**
@@ -245,7 +197,7 @@ export class AuthHandler {
   getSIDNoError = (clientReq: AuthClientRequest | undefined): string | undefined => {
     if (!clientReq) return undefined;
     try {
-      return this.getSID(clientReq);
+      return this.getValidatedSid(clientReq);
     } catch {
       return undefined;
     }
@@ -284,14 +236,11 @@ export class AuthHandler {
   getClientAuth = getClientAuth.bind(this);
 }
 
-export const matchesRoute = (shorterRoute: string | undefined, longerRoute: string) => {
-  return (
-    shorterRoute &&
-    longerRoute &&
-    (shorterRoute === longerRoute ||
-      (longerRoute.startsWith(shorterRoute) &&
-        ["/", "?", "#"].includes(longerRoute[shorterRoute.length] ?? "")))
-  );
+export const matchesRoute = (baseRoute: string | undefined, fullRoute: string) => {
+  if (!baseRoute || !fullRoute) return false;
+  if (baseRoute === fullRoute) return true;
+  const nextChar = fullRoute[baseRoute.length] ?? "";
+  return fullRoute.startsWith(baseRoute) && ["/", "?", "#"].includes(nextChar);
 };
 
 const parseCookieStr = (cookie_str: string | undefined): Record<string, string> => {

package/lib/Auth/AuthTypes.ts

@@ -273,7 +273,15 @@ export type AuthResult<SU = SessionUser> =
 export type AuthResultOrError<SU = SessionUser> =
   | AuthResponse.AuthFailure
   | AuthResponse.AuthFailure["code"]
-  | AuthResult<SU>;
+  | AuthResult<SU>
+  | {
+      type: "new-session";
+
+      /**
+       * If provided must login the user. Used for passwordless admin and public users
+       */
+      session: BasicSession;
+    };
 
 export type AuthRequestParams<S, SUser extends SessionUser> = {
   db: DB;

package/lib/Auth/endpoints/setCatchAllRequestHandler.ts

@@ -38,8 +38,8 @@ export function setCatchAllRequestHandler(this: AuthHandler, app: e.Express) {
        */
       if (this.isUserRoute(req.path)) {
         /* Check auth. Redirect to login if unauthorized */
-        const u = await isLoggedInUser();
-        if (!u) {
+        const isLoggedIn = await isLoggedInUser();
+        if (!isLoggedIn) {
           res.redirect(
             `${AUTH_ROUTES_AND_PARAMS.login}?returnURL=${encodeURIComponent(req.originalUrl)}`
           );

package/lib/Auth/getClientAuth.ts

@@ -14,10 +14,16 @@ export async function getClientAuth(
   clientReq: AuthClientRequest
 ): Promise<{ auth: AuthSocketSchema; userData: AuthResultWithSID }> {
   let pathGuard = false;
-  if (
-    this.opts.loginSignupConfig?.publicRoutes &&
-    !this.opts.loginSignupConfig.disableSocketAuthGuard
-  ) {
+  const {
+    loginWithOAuth,
+    signupWithEmail: signupWithEmailAndPassword,
+    localLoginMode,
+    login,
+    publicRoutes,
+    disableSocketAuthGuard,
+  } = this.opts.loginSignupConfig ?? {};
+
+  if (publicRoutes && !disableSocketAuthGuard) {
     pathGuard = true;
 
     /**
@@ -64,12 +70,6 @@ export async function getClientAuth(
   }
 
   const userData = await this.getSidAndUserFromRequest(clientReq);
-  const {
-    loginWithOAuth,
-    signupWithEmail: signupWithEmailAndPassword,
-    localLoginMode,
-    login,
-  } = this.opts.loginSignupConfig ?? {};
 
   const auth: AuthSocketSchema = {
     providers: getOAuthProviders(loginWithOAuth),

package/lib/Auth/setupAuthRoutes.ts

@@ -49,7 +49,8 @@ export function setupAuthRoutes(this: AuthHandler) {
       );
 
       if (errorInfo) {
-        res.status(HTTP_FAIL_CODES.BAD_REQUEST).json(errorInfo);
+        const { error, httpCode } = errorInfo;
+        res.status(httpCode).json({ error });
         return;
       }
       next();

package/lib/Auth/utils/getSidAndUserFromRequest.ts

@@ -6,6 +6,7 @@ import { throttledAuthCall } from "./throttledReject";
 /**
  * For a given sid return the user data if available using the auth handler's getUser method.
  * Use socket session cache if configured in Auth
+ * Used in Publish Parser and AuthHandler
  */
 export async function getSidAndUserFromRequest(
   this: AuthHandler,
@@ -16,7 +17,7 @@ export async function getSidAndUserFromRequest(
    */
   const getSessionForCaching = this.opts.cacheSession?.getSession;
   if (clientReq.socket && getSessionForCaching && clientReq.socket.__prglCache) {
-    const { session, ...userData } = clientReq.socket.__prglCache;
+    const { session, userData } = clientReq.socket.__prglCache;
     const isValid = this.isNonExpiredSocketSession(clientReq.socket, session);
     if (isValid) {
       return {
@@ -33,40 +34,46 @@ export async function getSidAndUserFromRequest(
    * Get sid from request and fetch user data
    */
   const authStart = Date.now();
-  const result = await throttledAuthCall(async () => {
-    const { getUser } = this.opts;
+  // const result = await throttledAuthCall(async () => {
+  //   const clientInfoOrErr = await this.opts.getUser(
+  //     this.getValidatedSid(clientReq),
+  //     this.dbo as DBOFullyTyped,
+  //     this.db,
+  //     getClientRequestIPsInfo(clientReq),
+  //     clientReq
+  //   );
+  //   if (clientInfoOrErr && (typeof clientInfoOrErr === "string" || "success" in clientInfoOrErr))
+  //     throw clientInfoOrErr;
+  //   const clientInfo = clientInfoOrErr;
 
-    const sid = this.getSID(clientReq);
-    const clientInfoOrErr =
-      !sid ? undefined : (
-        await getUser(
-          sid,
-          this.dbo as DBOFullyTyped,
-          this.db,
-          getClientRequestIPsInfo(clientReq),
-          clientReq
-        )
-      );
-    if (clientInfoOrErr && (typeof clientInfoOrErr === "string" || "success" in clientInfoOrErr))
-      throw clientInfoOrErr;
-    const clientInfo = clientInfoOrErr;
-    if (getSessionForCaching && clientReq.socket && sid) {
-      const session = await getSessionForCaching(sid, this.dbo as DBOFullyTyped, this.db);
-      if (session && session.expires && clientInfo?.user) {
-        clientReq.socket.__prglCache = {
-          ...clientInfo,
-          session,
-        };
-      }
-    }
+  //   if (clientInfo && "type" in clientInfo) {
+  //     if (!("httpReq" in clientReq) || !clientReq.httpReq) throw "httpReq missing";
+  //     const { httpReq, res } = clientReq;
+  //     this.setCookieAndGoToReturnURLIFSet(clientInfo.session, { req: httpReq, res });
+  //     return;
+  //   }
 
-    if (clientInfo?.user && sid) {
-      return { sid, ...clientInfo };
-    }
+  //   const sid = this.getValidatedSid(clientReq);
+  //   if (getSessionForCaching && clientReq.socket && sid) {
+  //     const session = await getSessionForCaching(sid, this.dbo as DBOFullyTyped, this.db);
+  //     if (session && session.expires && clientInfo?.user) {
+  //       clientReq.socket.__prglCache = {
+  //         userData: clientInfo,
+  //         session,
+  //       };
+  //     }
+  //   }
 
-    return { sid, preferredLogin: !clientInfo?.user ? clientInfo?.preferredLogin : undefined };
-  }, 100);
+  //   if (clientInfo?.user && sid) {
+  //     return { sid, ...clientInfo };
+  //   }
 
+  //   return { sid, preferredLogin: !clientInfo?.user ? clientInfo?.preferredLogin : undefined };
+  // }, 100);
+  const result = await this.handleGetUser(clientReq);
+  if (result.error) {
+    throw result.error;
+  }
   await this.prostgles.opts.onLog?.({
     type: "auth",
     command: "getClientInfo",

package/lib/Auth/utils/getUserOrError.ts

@@ -0,0 +1,56 @@
+import { AuthResponse } from "prostgles-types";
+import { DBOFullyTyped } from "../../DBSchemaBuilder";
+import type { AuthHandler } from "../AuthHandler";
+import { AuthClientRequest, AuthResultWithSID } from "../AuthTypes";
+import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
+import { isAuthError } from "./handleGetUser";
+import { throttledAuthCall } from "./throttledReject";
+
+/**
+ * Used by:
+ *  - setCatchAllRequestHandler
+ *  - loginSignupConfig.use
+ */
+export async function getUserOrError(
+  this: AuthHandler,
+  clientReq: AuthClientRequest
+): Promise<AuthResultWithSID> {
+  // const sid = this.getValidatedSid(clientReq);
+  // if (!sid) return { sid };
+
+  try {
+    // const userOrErrorCode = await throttledAuthCall(async () => {
+    //   return this.opts.getUser(
+    //     this.validateSid(sid),
+    //     this.dbo as DBOFullyTyped,
+    //     this.db,
+    //     getClientRequestIPsInfo(clientReq),
+    //     clientReq
+    //   );
+    // }, 50);
+
+    // if (isAuthError(userOrErrorCode)) {
+    //   const error: AuthResponse.AuthFailure | undefined =
+    //     typeof userOrErrorCode === "string" ?
+    //       { success: false, code: userOrErrorCode }
+    //     : userOrErrorCode;
+
+    //   return {
+    //     sid,
+    //     error,
+    //   };
+    // }
+    // if (sid && userOrErrorCode?.user) {
+    //   return { sid, ...userOrErrorCode };
+    // }
+    // return {
+    //   sid,
+    // };
+    return this.handleGetUser(clientReq);
+  } catch (_err) {
+    return {
+      sid: this.getValidatedSid(clientReq),
+      error: { success: false, code: "server-error" },
+    };
+  }
+}

package/lib/Auth/utils/handleGetUser.ts

@@ -0,0 +1,67 @@
+import type { DBOFullyTyped } from "../../DBSchemaBuilder";
+import { tout } from "../../PubSubManager/initPubSubManager";
+import { getClientRequestIPsInfo, type AuthHandler } from "../AuthHandler";
+import type { AuthClientRequest, AuthResultOrError, AuthResultWithSID } from "../AuthTypes";
+import { throttledAuthCall } from "./throttledReject";
+import { AuthResponse, isObject } from "prostgles-types";
+
+export async function handleGetUserThrottled(
+  this: AuthHandler,
+  clientReq: AuthClientRequest
+): Promise<AuthResultWithSID> {
+  const getSessionForCaching = this.opts.cacheSession?.getSession;
+  const result = await throttledAuthCall(async () => {
+    const clientInfoOrErr = await this.opts.getUser(
+      this.getValidatedSid(clientReq),
+      this.dbo as DBOFullyTyped,
+      this.db,
+      getClientRequestIPsInfo(clientReq),
+      clientReq
+    );
+    if (isAuthError(clientInfoOrErr)) {
+      return {
+        error:
+          isObject(clientInfoOrErr) ? clientInfoOrErr : { success: false, code: clientInfoOrErr },
+        sid: this.getValidatedSid(clientReq),
+      } satisfies AuthResultWithSID;
+    }
+    const clientInfo = clientInfoOrErr;
+
+    if (clientInfo && "type" in clientInfo) {
+      if (!("httpReq" in clientReq) || !clientReq.httpReq)
+        throw "httpReq missing. new-session not implemented for sockets.";
+      const { httpReq, res } = clientReq;
+      this.setCookieAndGoToReturnURLIFSet(clientInfo.session, { req: httpReq, res });
+      /** Wait for refresh */
+      await tout(200);
+      return {
+        error: { success: false, code: "something-went-wrong" },
+        sid: this.getValidatedSid(clientReq),
+      } satisfies AuthResultWithSID;
+    }
+
+    const sid = this.getValidatedSid(clientReq);
+    if (getSessionForCaching && clientReq.socket && sid) {
+      const session = await getSessionForCaching(sid, this.dbo as DBOFullyTyped, this.db);
+      if (session && session.expires && clientInfo?.user) {
+        clientReq.socket.__prglCache = {
+          userData: clientInfo,
+          session,
+        };
+      }
+    }
+
+    if (clientInfo?.user && sid) {
+      return { sid, ...clientInfo };
+    }
+
+    return { sid, preferredLogin: !clientInfo?.user ? clientInfo?.preferredLogin : undefined };
+  }, 100);
+  return result;
+}
+
+export const isAuthError = (
+  dataOrError: AuthResultOrError
+): dataOrError is AuthResponse.AuthFailure["code"] | AuthResponse.AuthFailure => {
+  return Boolean(typeof dataOrError === "string" || (dataOrError && "success" in dataOrError));
+};

package/lib/DboBuilder/DboBuilderTypes.ts

@@ -168,7 +168,8 @@ export type PRGLIOSocket = {
   };
 
   /** Used for session caching */
-  __prglCache?: SessionUser & {
+  __prglCache?: {
+    userData: Omit<SessionUser, "session">;
     session: BasicSession;
   };
 

package/lib/Prostgles.ts

@@ -32,6 +32,7 @@ import {
   CHANNELS,
   ClientSchema,
   SQLRequest,
+  includes,
   isObject,
   omitKeys,
   tryCatchV2,

package/lib/PublishParser/PublishParser.ts

@@ -159,13 +159,14 @@ export class PublishParser {
       }
     }
 
-    if (tableRule[rtm.rule]) {
-      return tableRule;
-    } else
+    if (!tableRule[rtm.rule]) {
       throw {
         stack: ["getValidatedRequestRule()"],
         message: `Invalid or disallowed command: ${tableName}.${command}`,
       };
+    }
+
+    return tableRule;
   }
 
   async getTableRules(