session-sync-auth-site 0.2.0

package/README.md

@@ -0,0 +1,123 @@
+# Setup
+
+Run `node ./node_modules/session-sync-auth-site/src/createDBTables.js [mysql_connection_string] [user_table_name] [session_table_name]`
+
+Example: `node ./node_modules/session-sync-auth-site/src/createDBTables.js mysql://root@localhost/SessionSyncAuthSite users sessions`
+
+You may add on more fields to the user and session tables, if you like.
+
+# Simple backend usage
+
+```js
+const express = require('express')
+const app = express()
+const cors = require('cors')
+const bodyParser = require('body-parser')
+
+const { authenticate, setUpSessionSyncAuthRoutes } = require('session-sync-auth-site')
+
+app.use(cors())
+app.use(bodyParser.json())
+
+app.use(authenticate({
+  // either `connectionObj` or `connectionStr` is required
+  connectionObj: {
+    host,
+    user,
+    password,
+    database,
+    port,
+  },
+}))
+
+setUpSessionSyncAuthRoutes({
+  app,
+  siteId,
+  authDomain,
+  jwtSecret,
+})
+```
+
+## Exhaustive options for authenticate with default values
+
+```js
+app.use(authenticate({
+  // either `connectionObj` or `connectionStr` required
+  connectionObj: {
+    host,
+    user,
+    password,
+    database,
+    port,
+  },
+  userTableName: 'users',
+  sessionTableName: 'sessions',
+  userTableColNameMap: {
+    // Example:
+    // updated_at: 'updatedAt',
+  },
+  sessionTableColNameMap: {},
+}))
+```
+
+## Exhaustive options for setUpSessionSyncAuthRoutes with default values
+
+```js
+setUpSessionSyncAuthRoutes({
+  app,  // required
+  siteId,  // required
+  authDomain,  // required
+  jwtSecret,  // required
+  protocol: 'https',
+  paths: {
+    getUser: '/get-user',
+    logIn: '/log-in',
+    logOut: '/log-out',
+    authSync: '/auth-sync',
+  },
+  languageColType: '639-3',  // OPTIONS: '639-1', '639-3', 'IETF'
+})
+```
+
+# Frontend usage
+
+```html
+<html>
+  <head>
+    <script src="[private_url]/sessionSyncAuthFrontend.js"></script>
+
+    <script>
+
+      window.sessionSyncAuth.init({
+        defaultOrigin: 'https://my-backend-domain.com',
+        callbacks: {
+          canceledLogin: ({ origin }) => {},
+          successfulLogin: ({ origin, accessToken }) => {},
+          successfulLogout: ({ origin }) => {},
+          unnecessaryLogout: ({ origin }) => {},
+          error: ({ errorMessage }) => {},
+        },
+      })
+
+      // To change the default origin...
+      // window.sessionSyncAuth.setDefaultOrigin('https://my-backend-domain.com')
+
+    </script>
+  <head>
+
+  <body>
+
+    <!-- All functions below can also take a single options parameter with an `origin` key. -->
+
+    <button onclick="javascript:window.sessionSyncAuth.getAccessToken()">Get Access Token</button>
+
+    <button onclick="javascript:window.sessionSyncAuth.logIn()">Log in</button>
+
+    <button onclick="javascript:window.sessionSyncAuth.getUser()">Get user</button>
+
+    <button onclick="javascript:window.sessionSyncAuth.logOut()">Log out</button>
+
+  </body>
+
+</html>
+```

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "session-sync-auth-site",
+  "version": "0.2.0",
+  "main": "src/index.js",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/educational-resources-and-services/session-sync-auth-site.git"
+  },
+  "author": "Andy Hubert",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/educational-resources-and-services/session-sync-auth-site/issues"
+  },
+  "homepage": "https://github.com/educational-resources-and-services/session-sync-auth-site#readme",
+  "engines": {
+    "node": ">=10"
+  },
+  "scripts": {
+    "dev": "npm run go-dev -s",
+    "go-dev": "concurrently -k 'node ./test/dummySite.js 3001' 'node ./test/dummySite.js 3002 dummy1' 'node ./test/dummySite.js 3003 dummy2'",
+    "dev-with-staging-auth": "npm run go-dev-with-staging-auth -s",
+    "go-dev-with-staging-auth": "concurrently -k 'node ./test/dummySite.js 3001' 'node ./test/dummySite.js 3002 dummy1 auth.staging.resourcingeducation.com' 'node ./test/dummySite.js 3003 dummy2 auth.staging.resourcingeducation.com'",
+    "dev-with-production-auth": "npm run go-dev-with-production-auth -s",
+    "go-dev-with-production-auth": "concurrently -k 'node ./test/dummySite.js 3001' 'node ./test/dummySite.js 3002 dummy1 auth.resourcingeducation.com' 'node ./test/dummySite.js 3003 dummy2 auth.resourcingeducation.com'",
+    "setup": "npm run go-setup -s",
+    "go-setup": "npm run go-setup-dummy1 && npm run go-setup-dummy2",
+    "go-setup-dummy1": "node ./src/createDBTables.js mysql://root@localhost/SessionSyncAuthSite dummy1_users dummy1_sessions",
+    "go-setup-dummy2": "node ./src/createDBTables.js mysql://root@localhost/SessionSyncAuthSite dummy2_users dummy2_sessions",
+    "confirm": "read -p 'Are you sure? ' -n 1 -r && echo '\n' && [[ $REPLY =~ ^[Yy]$ ]]",
+    "update-patch": "npm run go-update-patch -s",
+    "update-major": "npm run go-update-major -s",
+    "update-minor": "npm run go-update-minor -s",
+    "go-update-patch": "echo '-------------------------------------------\nUpdate version (PATCH) and deploy to npm...\n-------------------------------------------\n' && npm run confirm && npm i && npm version patch && npm run publish-to-npm",
+    "go-update-minor": "echo '-------------------------------------------\nUpdate version (MINOR) and deploy to npm...\n-------------------------------------------\n' && npm run confirm && npm i && npm version minor && npm run publish-to-npm",
+    "go-update-major": "echo '-------------------------------------------\nUpdate version (MAJOR) and deploy to npm...\n-------------------------------------------\n' && npm run confirm && npm i && npm version major && npm run publish-to-npm",
+    "publish-to-npm": "npm publish --access public && echo '\nSUCCESS!\n'"
+  },
+  "peerDependencies": {
+    "express": ">= 4"
+  },
+  "devDependencies": {
+    "body-parser": "^1.19.0",
+    "concurrently": "^6.0.2",
+    "cors": "^2.8.5",
+    "express": "^4.17.1"
+  },
+  "dependencies": {
+    "connection-string": "^4.3.2",
+    "jsonwebtoken": "^8.5.1",
+    "mysql": "^2.18.1"
+  }
+}

package/src/authenticate.js

@@ -0,0 +1,75 @@
+const setUpConnection = require('./setUpConnection')
+
+const authenticate = ({
+  userTableName='users',
+  sessionTableName='sessions',
+  userTableColNameMap={},
+  sessionTableColNameMap={},
+  ...connectionInfo  // connectionObj or connectionStr
+}) => (
+  async (req, res, next) => {
+
+    userTableName = userTableName.replace(/`/g, '')
+    sessionTableName = sessionTableName.replace(/`/g, '')
+
+    req.sessionSyncAuthSiteOptions = {
+      userTableName,
+      sessionTableName,
+      userTableColNameMap,
+      sessionTableColNameMap,
+    }
+
+    // Connect to DB if not already connected
+    if(!global.sessionSyncAuthSiteConnection) {
+      console.log('Establishing DB connection for session-sync-auth-site...')
+      setUpConnection(connectionInfo)
+      console.log('...DB connection established for session-sync-auth-site.')
+    }
+
+    const accessToken = req.headers['x-access-token'] || req.query.accessToken
+
+    if(!accessToken) return next()
+
+    const userTableId = (userTableColNameMap.id || 'id').replace(/`/g, '')
+    const sessionTableCreatedAt = (sessionTableColNameMap.created_at || 'created_at').replace(/`/g, '')
+    const sessionTableUserId = (sessionTableColNameMap.user_id || 'user_id').replace(/`/g, '')
+    const sessionTableAccessToken = (sessionTableColNameMap.access_token || 'access_token').replace(/`/g, '')
+
+    req.user = (await global.sessionSyncAuthSiteConnection.asyncQuery(
+      `
+
+        SELECT
+          u.*,
+          s.\`${sessionTableCreatedAt}\` AS session_created_at
+
+        FROM \`${userTableName}\` AS u
+          LEFT JOIN \`${sessionTableName}\` AS s ON (u.\`${userTableId}\` = s.\`${sessionTableUserId}\`)
+
+        WHERE
+          s.\`${sessionTableAccessToken}\` = :accessToken
+
+        LIMIT 1
+
+      `,
+      {
+        accessToken,
+      },
+    ))[0]
+
+    // Convert DateTime columns into ms timestamp
+    const dateTimeCols = [
+      userTableColNameMap.created_at || 'created_at',
+      userTableColNameMap.updated_at || 'updated_at',
+      'session_created_at',
+    ]
+    Object.keys(req.user || {}).forEach(key => {
+      if(dateTimeCols.includes(key)) {
+        req.user[key] = (new Date(req.user[key])).getTime()
+      }
+    })
+
+    next()
+  }
+)
+
+module.exports = authenticate

package/src/createDBTables.js

@@ -0,0 +1,97 @@
+const setUpConnection = require('./setUpConnection')
+
+;(async () => {
+
+  try {
+
+    let [
+      connectionStr,
+      userTableName=`users`,
+      sessionTableName=`sessions`,
+      x,
+    ] = process.argv.slice(2)
+
+    userTableName = userTableName.replace(/`/g, '')
+    sessionTableName = sessionTableName.replace(/`/g, '')
+  
+    if(connectionStr === undefined) {
+      throw new Error(`NO_PARAMS`)
+    }
+
+    if(userTableName === undefined || sessionTableName === undefined || x !== undefined) {
+      throw new Error(`BAD_PARAMS`)
+    }
+
+    setUpConnection({ connectionStr })
+
+    await global.sessionSyncAuthSiteConnection.asyncQuery(
+      `
+
+        CREATE TABLE \`${userTableName}\` (
+          \`id\` int NOT NULL,
+          \`name\` varchar(255),
+          \`email\` varchar(255),
+          \`image\` varchar(255),
+          \`language\` varchar(25),
+          \`created_at\` datetime(3) NOT NULL,
+          \`updated_at\` datetime(3) NOT NULL,
+          PRIMARY KEY (\`id\`),
+          UNIQUE KEY \`email\` (\`email\`)
+        ) CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+        CREATE TABLE \`${sessionTableName}\` (
+          \`id\` int NOT NULL AUTO_INCREMENT,
+          \`user_id\` int NOT NULL,
+          \`access_token\` varchar(255) NOT NULL,
+          \`created_at\` datetime(3) NOT NULL,
+          PRIMARY KEY (\`id\`),
+          UNIQUE KEY \`access_token\` (\`access_token\`)
+        ) CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+      `,
+      {},
+    )
+
+    console.log(``)
+    console.log(`Tables ${userTableName} and ${sessionTableName} created.`)
+    console.log(``)
+    console.log(`Note: The user table may be extended with other columns so long as they are nullable.`)
+    console.log(``)
+
+  } catch(err) {
+
+    const logSyntax = () => {
+      console.log(`Syntax: \`npm run create-db-tables connectionStr [userTableName] [sessionTableName]\`\n`)
+      console.log(`Example #1: \`npm run create-db-tables mysql://user:pass@host/db\``)
+      console.log(`Example #2: \`npm run create-db-tables mysql://user:pass@host/db users sessions\``)
+      console.log(``)
+    }
+
+    switch(err.message.split(',')[0]) {
+
+      case `NO_PARAMS`: {
+        logSyntax()
+        break
+      }
+
+      case `BAD_PARAMS`: {
+        console.log(`\n-----------------------`)
+        console.log(`ERROR: Bad parameters.`)
+        console.log(`-----------------------\n`)
+        logSyntax()
+        break
+      }
+
+      default: {
+        console.log(`\n-----------------------`)
+        console.log(`\nERROR: ${err.message}\n`)
+        console.log(`-----------------------\n`)
+        logSyntax()
+      }
+
+    }
+  }
+
+  process.exit()
+
+})()

package/src/index.js

@@ -0,0 +1,7 @@
+const authenticate = require('./authenticate')
+const setUpSessionSyncAuthRoutes = require('./setUpSessionSyncAuthRoutes')
+
+module.exports = {
+  authenticate,
+  setUpSessionSyncAuthRoutes,
+}

package/src/iso639-3To1.js

@@ -0,0 +1,190 @@
+// Converted from https://github.com/wooorm/iso-639-3/blob/main/iso6393-to-1.js
+
+const iso6393To1 = {
+  aar: 'aa',
+  abk: 'ab',
+  afr: 'af',
+  aka: 'ak',
+  amh: 'am',
+  ara: 'ar',
+  arg: 'an',
+  asm: 'as',
+  ava: 'av',
+  ave: 'ae',
+  aym: 'ay',
+  aze: 'az',
+  bak: 'ba',
+  bam: 'bm',
+  bel: 'be',
+  ben: 'bn',
+  bis: 'bi',
+  bod: 'bo',
+  bos: 'bs',
+  bre: 'br',
+  bul: 'bg',
+  cat: 'ca',
+  ces: 'cs',
+  cha: 'ch',
+  che: 'ce',
+  chu: 'cu',
+  chv: 'cv',
+  cor: 'kw',
+  cos: 'co',
+  cre: 'cr',
+  cym: 'cy',
+  dan: 'da',
+  deu: 'de',
+  div: 'dv',
+  dzo: 'dz',
+  ell: 'el',
+  eng: 'en',
+  epo: 'eo',
+  est: 'et',
+  eus: 'eu',
+  ewe: 'ee',
+  fao: 'fo',
+  fas: 'fa',
+  fij: 'fj',
+  fin: 'fi',
+  fra: 'fr',
+  fry: 'fy',
+  ful: 'ff',
+  gla: 'gd',
+  gle: 'ga',
+  glg: 'gl',
+  glv: 'gv',
+  grn: 'gn',
+  guj: 'gu',
+  hat: 'ht',
+  hau: 'ha',
+  hbs: 'sh',
+  heb: 'he',
+  her: 'hz',
+  hin: 'hi',
+  hmo: 'ho',
+  hrv: 'hr',
+  hun: 'hu',
+  hye: 'hy',
+  ibo: 'ig',
+  ido: 'io',
+  iii: 'ii',
+  iku: 'iu',
+  ile: 'ie',
+  ina: 'ia',
+  ind: 'id',
+  ipk: 'ik',
+  isl: 'is',
+  ita: 'it',
+  jav: 'jv',
+  jpn: 'ja',
+  kal: 'kl',
+  kan: 'kn',
+  kas: 'ks',
+  kat: 'ka',
+  kau: 'kr',
+  kaz: 'kk',
+  khm: 'km',
+  kik: 'ki',
+  kin: 'rw',
+  kir: 'ky',
+  kom: 'kv',
+  kon: 'kg',
+  kor: 'ko',
+  kua: 'kj',
+  kur: 'ku',
+  lao: 'lo',
+  lat: 'la',
+  lav: 'lv',
+  lim: 'li',
+  lin: 'ln',
+  lit: 'lt',
+  ltz: 'lb',
+  lub: 'lu',
+  lug: 'lg',
+  mah: 'mh',
+  mal: 'ml',
+  mar: 'mr',
+  mkd: 'mk',
+  mlg: 'mg',
+  mlt: 'mt',
+  mon: 'mn',
+  mri: 'mi',
+  msa: 'ms',
+  mya: 'my',
+  nau: 'na',
+  nav: 'nv',
+  nbl: 'nr',
+  nde: 'nd',
+  ndo: 'ng',
+  nep: 'ne',
+  nld: 'nl',
+  nno: 'nn',
+  nob: 'nb',
+  nor: 'no',
+  nya: 'ny',
+  oci: 'oc',
+  oji: 'oj',
+  ori: 'or',
+  orm: 'om',
+  oss: 'os',
+  pan: 'pa',
+  pli: 'pi',
+  pol: 'pl',
+  por: 'pt',
+  pus: 'ps',
+  que: 'qu',
+  roh: 'rm',
+  ron: 'ro',
+  run: 'rn',
+  rus: 'ru',
+  sag: 'sg',
+  san: 'sa',
+  sin: 'si',
+  slk: 'sk',
+  slv: 'sl',
+  sme: 'se',
+  smo: 'sm',
+  sna: 'sn',
+  snd: 'sd',
+  som: 'so',
+  sot: 'st',
+  spa: 'es',
+  sqi: 'sq',
+  srd: 'sc',
+  srp: 'sr',
+  ssw: 'ss',
+  sun: 'su',
+  swa: 'sw',
+  swe: 'sv',
+  tah: 'ty',
+  tam: 'ta',
+  tat: 'tt',
+  tel: 'te',
+  tgk: 'tg',
+  tgl: 'tl',
+  tha: 'th',
+  tir: 'ti',
+  ton: 'to',
+  tsn: 'tn',
+  tso: 'ts',
+  tuk: 'tk',
+  tur: 'tr',
+  twi: 'tw',
+  uig: 'ug',
+  ukr: 'uk',
+  urd: 'ur',
+  uzb: 'uz',
+  ven: 've',
+  vie: 'vi',
+  vol: 'vo',
+  wln: 'wa',
+  wol: 'wo',
+  xho: 'xh',
+  yid: 'yi',
+  yor: 'yo',
+  zha: 'za',
+  zho: 'zh',
+  zul: 'zu'
+}
+
+module.exports = iso6393To1

package/src/sessionSyncAuthFrontend.js

@@ -0,0 +1,102 @@
+;(() => {
+
+  let defaultOrigin
+  const setDefaultOrigin = origin => {
+    defaultOrigin = origin
+  }
+
+  const getAccessToken = ({ origin=defaultOrigin }={}) => (
+    JSON.parse(localStorage.getItem('sessionSyncAuthAccessTokenByOrigin') || `{}`)[origin]
+  )
+
+  const getQueryStringAddOn = extraQueryParamsForCallbacks => {
+    let queryStringAddOn = ''
+
+    for(let key in extraQueryParamsForCallbacks) {
+      queryStringAddOn += `&${encodeURIComponent(key)}=${encodeURIComponent(extraQueryParamsForCallbacks[key])}`
+    }
+
+    return queryStringAddOn
+  }
+
+  const logIn = async ({ origin=defaultOrigin, extraQueryParamsForCallbacks }={}) => {
+    const cancelRedirectUrl = `${location.href.replace(/\?.*$/, '')}?action=canceledLogin&origin=${encodeURIComponent(origin)}${getQueryStringAddOn(extraQueryParamsForCallbacks)}`
+    const loggedInRedirectUrl = `${location.href.replace(/\?.*$/, '')}?action=successfulLogin&origin=${encodeURIComponent(origin)}&accessToken=ACCESS_TOKEN${getQueryStringAddOn(extraQueryParamsForCallbacks)}`
+
+    const queryString = `cancelRedirectUrl=${encodeURIComponent(cancelRedirectUrl)}&loggedInRedirectUrl=${encodeURIComponent(loggedInRedirectUrl)}`
+
+    window.location = `${origin}/log-in?${queryString}`
+  }
+
+  const getUser = async ({ origin=defaultOrigin }={}) => {
+    const response = await fetch(`${origin}/get-user`, {
+      headers: {
+        'x-access-token': getAccessToken(origin),
+      },
+    })
+
+    return await response.json()
+  }
+
+  const logOut = async ({ origin=defaultOrigin, extraQueryParamsForCallbacks }={}) => {
+    const redirectUrl = `${location.href.replace(/\?.*$/, '')}?action=successfulLogout&origin=${encodeURIComponent(origin)}${getQueryStringAddOn(extraQueryParamsForCallbacks)}`
+    const noLoginRedirectUrl = `${location.href.replace(/\?.*$/, '')}?action=unnecessaryLogout&origin=${encodeURIComponent(origin)}${getQueryStringAddOn(extraQueryParamsForCallbacks)}`
+    const accessToken = getAccessToken(origin)
+
+    const queryString = `redirectUrl=${encodeURIComponent(redirectUrl)}&noLoginRedirectUrl=${encodeURIComponent(noLoginRedirectUrl)}&accessToken=${encodeURIComponent(accessToken)}`
+
+    window.location = `${origin}/log-out?${queryString}`
+  }
+
+  const init = ({ defaultOrigin, callbacks }) => {
+
+    if(defaultOrigin) setDefaultOrigin(defaultOrigin)
+
+    const getParam = regex => decodeURIComponent((window.location.search.match(regex) || [])[1] || '') || null
+
+    const origin = getParam(/[?&]origin=([^&]*)/)
+    const accessToken = getParam(/[?&]accessToken=([^&]*)/)
+    const action = getParam(/[?&]action=([^&]*)/)
+    const errorMessage = getParam(/[?&]errorMessage=([^&]*)/)
+
+    if(origin) {
+      const sessionSyncAuthAccessTokenByOrigin = JSON.parse(localStorage.getItem('sessionSyncAuthAccessTokenByOrigin') || `{}`)
+      if(accessToken) {
+        sessionSyncAuthAccessTokenByOrigin[origin] = accessToken
+      } else if([ 'successfulLogout', 'unnecessaryLogout' ].includes(action)) {
+        delete sessionSyncAuthAccessTokenByOrigin[origin]
+      }
+      localStorage.setItem('sessionSyncAuthAccessTokenByOrigin', JSON.stringify(sessionSyncAuthAccessTokenByOrigin))
+    }
+
+    try {
+      callbacks[action] && callbacks[action]({ origin, accessToken, errorMessage })
+    } catch(err) {
+      console.error(err)
+    }
+
+    if(origin || accessToken || action || errorMessage) {
+      window.history.replaceState({}, null, `${location.href.replace(/\?.*$/, '')}${window.location.search.replace(/&?(?:origin|accessToken|action|errorMessage)=(?:[^&]*)/g, '').replace(/^\?$/, '')}`)
+    }
+
+  }
+
+  const sessionSyncAuth = {
+    getAccessToken,
+    logIn,
+    getUser,
+    logOut,
+    init,
+    setDefaultOrigin,
+  }
+
+  Object.freeze(sessionSyncAuth)
+  
+  Object.defineProperty(window, 'sessionSyncAuth', {
+    value: sessionSyncAuth,
+    writable : false,
+    enumerable : true,
+    configurable : false
+  })
+
+})();

package/src/setUpConnection.js

@@ -0,0 +1,44 @@
+const mysql = require('mysql')
+const SqlString = require('mysql/lib/protocol/SqlString')
+const { ConnectionString } = require('connection-string')
+const util = require('util')
+
+const setUpConnection = ({
+  connectionStr=`mysql://root@localhost/SessionSyncAuthSite`,
+  connectionObj,
+}={}) => {
+
+  connectionObj = connectionObj || new ConnectionString(connectionStr)
+
+  global.sessionSyncAuthSiteConnection = mysql.createConnection({
+    multipleStatements: true,
+    dateStrings: true,
+    charset : 'utf8mb4',
+    queryFormat: function (query, values) {
+      if(!values) return query
+
+      if(/\:(\w+)/.test(query)) {
+        return query.replace(/\:(\w+)/g, (txt, key) => {
+          if(values.hasOwnProperty(key)) {
+            return this.escape(values[key])
+          }
+          return txt
+        })
+
+      } else {
+        return SqlString.format(query, values, this.config.stringifyObjects, this.config.timezone)
+      }
+    },
+    // debug: true,
+    host: connectionObj.host || connectionObj.hosts[0].name,
+    user: connectionObj.user || connectionObj.username,
+    password: connectionObj.password,
+    database: connectionObj.database || connectionObj.path[0],
+    port: connectionObj.port,
+  })
+
+  global.sessionSyncAuthSiteConnection.asyncQuery = util.promisify(global.sessionSyncAuthSiteConnection.query).bind(global.sessionSyncAuthSiteConnection)
+
+}
+
+module.exports = setUpConnection

package/src/setUpSessionSyncAuthRoutes.js

@@ -0,0 +1,204 @@
+const jwt = require('jsonwebtoken')
+
+const iso6393To1 = require('./iso639-3To1')
+
+const setUpSessionSyncAuthRoutes = ({
+  app,
+  siteId,
+  authDomain,
+  jwtSecret,
+  protocol='https',
+  paths: {
+    getUser='/get-user',
+    logIn='/log-in',
+    logOut='/log-out',
+    authSync='/auth-sync',
+  }={},
+  languageColType='639-3',  // OPTIONS: '639-1', '639-3', 'IETF'
+}) => {
+
+  app.get(getUser, (req, res, next) => {
+    res.json({
+      status: req.user ? 'Logged in' : 'Not logged in',
+      user: req.user,
+    })
+  })
+
+  app.get(logIn, (req, res, next) => {
+    const { loggedInRedirectUrl, cancelRedirectUrl } = req.query
+
+    const jwtData = jwt.sign(
+      {
+        cancelRedirectUrl,
+        loggedInRedirectUrl,
+      },
+      jwtSecret,
+    )
+
+    res.redirect(`${protocol}://${authDomain}/login?siteId=${encodeURIComponent(siteId)}&jwtData=${encodeURIComponent(jwtData)}`)
+  })
+
+  app.get(logOut, (req, res, next) => {
+    const { redirectUrl, noLoginRedirectUrl } = req.query
+
+    if(!req.user) {
+      console.warn(`logout attemped with no login`)
+      return res.redirect(noLoginRedirectUrl || redirectUrl)
+    }
+
+    const jwtData = jwt.sign(
+      {
+        userId: req.user.id,
+        redirectUrl,
+      },
+      jwtSecret,
+    )
+
+    res.redirect(`${protocol}://${authDomain}/logout?siteId=${encodeURIComponent(siteId)}&jwtData=${encodeURIComponent(jwtData)}`)
+  })
+
+  app.post(authSync, async (req, res, next) => {
+    const { payload } = req.body
+
+    try {
+
+      if(!global.sessionSyncAuthSiteConnection) {
+        throw new Error('You must include the authenticate() middleware prior to calling setUpSessionSyncAuthRoutes.')
+      }
+    
+      const {
+        userTableName,
+        sessionTableName,
+        userTableColNameMap,
+        sessionTableColNameMap,
+      } = req.sessionSyncAuthSiteOptions
+    
+      const { users } = jwt.verify(payload, jwtSecret)
+
+      if(!users) throw "Invalid payload. Missing `payload.user`."
+      if(!(users instanceof Array)) throw "Invalid payload. `payload.users` must be an array."
+
+      const queries = []
+      const variables = {}
+
+      const getSnakeCaseOfKeys = (obj, allowedKeys) => {
+        const newObj = {}
+        Object.keys(obj).forEach(key => {
+          const snakeCaseKey = key.replace(/[A-Z]/g, val => `_${val.toLowerCase()}`)
+          if(allowedKeys.includes(snakeCaseKey)) {
+            newObj[snakeCaseKey] = obj[key]
+          }
+        })
+        return newObj
+      }
+
+      const mapKeys = (obj, table) => {
+        let colNameMap = {}
+        if(table === 'user') colNameMap = userTableColNameMap
+        if(table === 'session') colNameMap = sessionTableColNameMap
+
+        for(let defaultCol in colNameMap) {
+          obj[colNameMap[defaultCol]] = obj[defaultCol]
+          delete obj[defaultCol]
+        }
+      }
+
+      const convertMsTimestampsToDateTimeStrings = obj => {
+        Object.keys(obj).forEach(key => {
+          if(/At$/.test(key)) {
+            obj[key] = new Date(obj[key]).toISOString().replace(/T/, ' ').replace(/Z/, '')
+          }
+        })
+      }
+
+      users.forEach(user => {
+        const { id, sessions, createdAt, updatedAt } = user
+
+        if(!id) throw "Invalid payload. Item in `payload.users` missing `id` key."
+        if(!sessions) throw "Invalid payload. Item in `payload.users` missing `sessions` key."
+        if(!(sessions instanceof Array)) throw "Invalid payload. `payload.users[].sessions` must be an array."
+        if(!createdAt) throw "Invalid payload. Item in `payload.users` missing `createdAt` key."
+        if(!updatedAt) throw "Invalid payload. Item in `payload.users` missing `updatedAt` key."
+
+        convertMsTimestampsToDateTimeStrings(user)
+
+        // add/update the user
+
+        variables[`user__${id}`] = getSnakeCaseOfKeys(
+          user,
+          [ 'id', 'email', 'name', 'image', 'language', 'created_at', 'updated_at' ],
+        )
+
+        if(languageColType !== 'IETF') {
+          variables[`user__${id}`].language = variables[`user__${id}`].language.split('-')[0]
+        }
+
+        if(languageColType === '639-1') {
+          variables[`user__${id}`].language = iso6393To1[variables[`user__${id}`].language] || 'en'
+        }
+
+        mapKeys(variables[`user__${id}`], 'user')
+
+        queries.push(`
+          INSERT INTO \`${userTableName}\` SET :user__${id}
+          ON DUPLICATE KEY UPDATE :user__${id}
+        `)
+
+        // add the sessions
+
+        sessions.forEach(session => {
+          const { accessToken, createdAt } = session
+
+          if(!accessToken) throw "Invalid payload. Item in `payload.users[].sessions` missing `accessToken` key."
+          if(!createdAt) throw "Invalid payload. Item in `payload.users[].sessions` missing `createdAt` key."
+
+          convertMsTimestampsToDateTimeStrings(session)
+
+          variables[`session__${accessToken}`] = {
+            ...getSnakeCaseOfKeys(
+              session,
+              [ 'created_at', 'access_token' ],
+            ),
+            user_id: id,
+          }
+          mapKeys(variables[`session__${accessToken}`], 'session')
+
+          queries.push(`
+            INSERT IGNORE INTO \`${sessionTableName}\` SET :session__${accessToken}
+          `)
+
+        })
+
+        // delete old sessions
+
+        variables[`userId__${id}`] = id
+        variables[`accessTokens__${id}`] = [
+          'dummy_token',  // so the SQL is still valid even if there are no sessions
+          ...sessions.map(({ accessToken }) => accessToken),
+        ]
+
+        queries.push(`
+          DELETE FROM \`${sessionTableName}\`
+          WHERE \`${(sessionTableColNameMap.user_id || `user_id`).replace(/`/g, '')}\` = :userId__${id}
+            AND \`${(sessionTableColNameMap.access_token || `access_token`).replace(/`/g, '')}\` NOT IN (:accessTokens__${id})
+        `)
+
+      })
+
+      await global.sessionSyncAuthSiteConnection.asyncQuery(
+        queries.join(';'),
+        variables,
+      )
+
+      res.json({ success: true })
+
+    } catch(err) {
+      console.log('Bad call to sync_api_endpoint', err)
+      res.status(400).send(`Invalid payload.`)
+    }
+
+  })
+
+}
+
+module.exports = setUpSessionSyncAuthRoutes

package/test/app.html

@@ -0,0 +1,82 @@
+<!DOCTYPE html>
+
+<html>
+
+  <head>
+    <script src="/sessionSyncAuthFrontend.js"></script>
+
+    <script>
+
+      window.sessionSyncAuth.init({
+        defaultOrigin: 'http://localhost:3002',
+        callbacks: {
+          canceledLogin: ({ origin }) => alert(`Canceled login to ${origin}`),
+          successfulLogin: ({ origin }) => alert(`Successful login to ${origin}`),
+          successfulLogout: ({ origin }) => alert(`Successful logout from ${origin}`),
+          unnecessaryLogout: ({ origin }) => alert(`Unnecessary logout from ${origin}`),
+          error: ({ errorMessage }) => alert(`ERROR: ${errorMessage}`),
+        },
+      })
+
+      const showAccessTokens = () => {
+        alert(localStorage.getItem('sessionSyncAuthAccessTokenByOrigin'))
+      }
+
+      const getUser = async options => {
+        const json = await window.sessionSyncAuth.getUser(options)
+        console.log(json)
+        alert(JSON.stringify(json, true))
+      }
+
+    </script>
+  </head>
+
+  <body>
+
+    <div>
+      <button
+        onclick="javascript:showAccessTokens();"
+      >
+        Show local access tokens
+      </button>
+    </div>
+
+    <div>
+      <button
+        onclick="javascript:window.sessionSyncAuth.logIn();"
+      >
+        Log in on 3002
+      </button>
+      <button
+        onclick="javascript:getUser();"
+      >
+        Get user on 3002
+      </button>
+      <button
+        onclick="javascript:window.sessionSyncAuth.logOut();"
+      >
+        Log out on 3002
+      </button>
+    </div>
+
+    <div>
+      <button
+        onclick="javascript:window.sessionSyncAuth.logIn({ origin: 'http://localhost:3003' });"
+      >
+        Log in on 3003
+      </button>
+      <button
+        onclick="javascript:getUser({ origin: 'http://localhost:3003' });"
+      >
+        Get user on 3003
+      </button>
+      <button
+        onclick="javascript:window.sessionSyncAuth.logOut({ origin: 'http://localhost:3003' });"
+      >
+        Log out on 3003
+      </button>
+    </div>
+
+  </body>
+
+</html>

package/test/dummySite.js

@@ -0,0 +1,115 @@
+'use strict'
+
+const express = require('express')
+const app = express()
+const cors = require('cors')
+const bodyParser = require('body-parser')
+
+const authenticate = require('../src/authenticate')
+const setUpSessionSyncAuthRoutes = require('../src/setUpSessionSyncAuthRoutes')
+
+try {
+
+  const [
+    port,
+    dbPrefix,
+    authDomain,
+    x,
+  ] = process.argv.slice(2)
+
+  if(port === undefined) {
+    throw new Error(`NO_PARAMS`)
+  }
+
+  if(x !== undefined) {
+    throw new Error(`BAD_PARAMS`)
+  }
+
+  // Middleware
+
+  app.use(cors())
+
+  if(dbPrefix) {
+    app.use(bodyParser.json())
+    app.use(authenticate({
+      // connectionObj or connectionStr required for all but localhost testing
+      userTableName: `${dbPrefix}_users`,
+      sessionTableName: `${dbPrefix}_sessions`,
+    }))
+  }
+
+  // API
+
+  if(!dbPrefix) {
+
+    app.get('/', (req, res, next) => {
+      res.sendFile('app.html', {root: __dirname })
+    })
+
+    app.get('/sessionSyncAuthFrontend.js', (req, res, next) => {
+      res.sendFile('sessionSyncAuthFrontend.js', {root: `${__dirname}/../src` })
+    })
+
+  }
+
+  if(dbPrefix) {
+    setUpSessionSyncAuthRoutes({
+      app,
+      siteId: port,
+      authDomain: authDomain || `localhost:3005`,
+      jwtSecret: `secret:${port}`,
+      protocol: authDomain ? `https` : `http`,
+      languageColType: '639-1',
+    })
+  }
+
+  // Error handler
+  app.use((err, req, res, next) => {
+    console.error(err)
+    res.status(500).send('Internal Serverless Error')
+  })
+
+  // Local listener
+  app.listen(port, (err) => {
+    if (err) throw err
+    console.log(`> Ready on http://localhost:${port}`)
+  })
+
+} catch(err) {
+
+  const logSyntax = () => {
+    console.log(`Syntax: \`npm run dev [port] [dbPrefix] [authDomain]\`\n`)
+    console.log(`Example #1: \`npm run 3002 db1\``)
+    console.log(`Example #2: \`npm run 3003 db2 auth.staging.resourcingeducation.com\``)
+    console.log(``)
+  }
+
+  switch(err.message.split(',')[0]) {
+
+    case `NO_PARAMS`: {
+      logSyntax()
+      break
+    }
+
+    case `BAD_PARAMS`: {
+      console.log(`\n-----------------------`)
+      console.log(`ERROR: Bad parameters.`)
+      console.log(`-----------------------\n`)
+      logSyntax()
+      break
+    }
+
+    default: {
+      console.log(`\n-----------------------`)
+      console.log(`\nERROR: ${err.message}\n`)
+      console.log(`-----------------------\n`)
+      logSyntax()
+    }
+
+  }
+
+  process.exit()
+
+}
+
+module.exports = app