npm - stackkit - Versions diffs - 0.2.7 → 0.2.9 - Mend

stackkit 0.2.7 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/modules/auth/better-auth/files/express/middlewares/authorize.ts CHANGED Viewed

@@ -1,54 +1,134 @@
+import { Role, UserStatus } from "@prisma/client";
 import { NextFunction, Request, Response } from "express";
-import { auth } from "../../modules/auth/auth";
+import status from "http-status";
+import { envVars } from "../../config/env";
+import { prisma } from "../../database/prisma";
+import { AppError } from "../errors/app-error";
+import { cookieUtils } from "../utils/cookie";
+import { jwtUtils } from "../utils/jwt";
-export enum UserRole {
-    USER = "USER",
-    ADMIN = "ADMIN"
-}
-const authorize = (...roles: UserRole[]) => {
-  return async (req: Request, res: Response, next: NextFunction) => {
+export const authorize =
+  (...authRoles: Role[]) =>
+  async (req: Request, res: Response, next: NextFunction) => {
     try {
-      // get user session
-      const session = await auth?.api.getSession({
-        headers: req.headers as any,
-      });
-      if (!session) {
-        return res.status(401).json({
-          success: false,
-          message: "You are not authorized!",
-        });
+      //Session Token Verification
+      const sessionToken = cookieUtils.getCookie(
+        req,
+        "better-auth.session_token",
+      );
+      if (!sessionToken) {
+        throw new Error("Unauthorized access! No session token provided.");
       }
-      if (!session.user.emailVerified) {
-        return res.status(403).json({
-          success: false,
-          message: "Email verification required. Please verify your email!",
+      if (sessionToken) {
+        const sessionExists = await prisma.session.findFirst({
+          where: {
+            token: sessionToken,
+            expiresAt: {
+              gt: new Date(),
+            },
+          },
+          include: {
+            user: true,
+          },
         });
+        if (sessionExists && sessionExists.user) {
+          const user = sessionExists.user;
+          const now = new Date();
+          const expiresAt = new Date(sessionExists.expiresAt);
+          const createdAt = new Date(sessionExists.createdAt);
+          const sessionLifeTime = expiresAt.getTime() - createdAt.getTime();
+          const timeRemaining = expiresAt.getTime() - now.getTime();
+          const percentRemaining = (timeRemaining / sessionLifeTime) * 100;
+          if (percentRemaining < 20) {
+            res.setHeader("X-Session-Refresh", "true");
+            res.setHeader("X-Session-Expires-At", expiresAt.toISOString());
+            res.setHeader("X-Time-Remaining", timeRemaining.toString());
+            console.log("Session Expiring Soon!!");
+          }
+          if (
+            user.status === UserStatus.BLOCKED ||
+            user.status === UserStatus.DELETED
+          ) {
+            throw new AppError(
+              status.UNAUTHORIZED,
+              "Unauthorized access! User is not active.",
+            );
+          }
+          if (user.isDeleted) {
+            throw new AppError(
+              status.UNAUTHORIZED,
+              "Unauthorized access! User is deleted.",
+            );
+          }
+          if (authRoles.length > 0 && !authRoles.includes(user.role)) {
+            throw new AppError(
+              status.FORBIDDEN,
+              "Forbidden access! You do not have permission to access this resource.",
+            );
+          }
+          req.user = {
+            id: user.id,
+            name: user.name,
+            email: user.email,
+            role: user.role,
+          };
+        }
+        const accessToken = cookieUtils.getCookie(req, "accessToken");
+        if (!accessToken) {
+          throw new AppError(
+            status.UNAUTHORIZED,
+            "Unauthorized access! No access token provided.",
+          );
+        }
       }
-      req.user = {
-        id: session.user.id,
-        email: session.user.email,
-        name: session.user.name,
-        role: session.user.role as string,
-        emailVerified: session.user.emailVerified,
-      };
-      if (roles.length && !roles.includes(req.user.role as UserRole)) {
-        return res.status(403).json({
-          success: false,
-          message:
-            "Forbidden! You don't have permission to access this resources!",
-        });
+      //Access Token Verification
+      const accessToken = cookieUtils.getCookie(req, "accessToken");
+      if (!accessToken) {
+        throw new AppError(
+          status.UNAUTHORIZED,
+          "Unauthorized access! No access token provided.",
+        );
+      }
+      const verifiedToken = jwtUtils.verifyToken(
+        accessToken,
+        envVars.ACCESS_TOKEN_SECRET,
+      );
+      if (!verifiedToken.success) {
+        throw new AppError(
+          status.UNAUTHORIZED,
+          "Unauthorized access! Invalid access token.",
+        );
+      }
+      if (
+        authRoles.length > 0 &&
+        !authRoles.includes(verifiedToken.data!.role as Role)
+      ) {
+        throw new AppError(
+          status.FORBIDDEN,
+          "Forbidden access! You do not have permission to access this resource.",
+        );
       }
       next();
-    } catch (err) {
-      next(err);
+    } catch (error: unknown) {
+      next(error);
     }
   };
-};
-export default authorize;

package/modules/auth/better-auth/files/express/modules/auth/auth.controller.ts ADDED Viewed

@@ -0,0 +1,257 @@
+import { Request, Response } from "express";
+import status from "http-status";
+import { envVars } from "../../config/env";
+import { auth } from "../../lib/auth";
+import { AppError } from "../../shared/errors/app-error";
+import { catchAsync } from "../../shared/utils/catch-async";
+import { cookieUtils } from "../../shared/utils/cookie";
+import { sendResponse } from "../../shared/utils/send-response";
+import { tokenUtils } from "../../shared/utils/token";
+import { authService } from "./auth.service";
+const registerUser = catchAsync(async (req: Request, res: Response) => {
+  const payload = req.body;
+  const result = await authService.registerUser(payload);
+  const { accessToken, refreshToken, token, ...rest } = result;
+  tokenUtils.setAccessTokenCookie(res, accessToken);
+  tokenUtils.setRefreshTokenCookie(res, refreshToken);
+  tokenUtils.setBetterAuthSessionCookie(res, token as string);
+  sendResponse(res, {
+    status: status.CREATED,
+    success: true,
+    message: "User registered successfully",
+    data: {
+      token,
+      accessToken,
+      refreshToken,
+      ...rest,
+    },
+  });
+});
+const loginUser = catchAsync(
+    async (req: Request, res: Response) => {
+        const payload = req.body;
+        const result = await authService.loginUser(payload);
+        const { accessToken, refreshToken, token, ...rest } = result
+        tokenUtils.setAccessTokenCookie(res, accessToken);
+        tokenUtils.setRefreshTokenCookie(res, refreshToken);
+        tokenUtils.setBetterAuthSessionCookie(res, token);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "User logged in successfully",
+          data: {
+            token,
+            accessToken,
+            refreshToken,
+            ...rest,
+          },
+        });
+    }
+)
+const getMe = catchAsync(
+    async (req: Request, res: Response) => {
+        const user = req.user;
+        const result = await authService.getMe(user);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "User profile fetched successfully",
+          data: result,
+        });
+    }
+)
+const getNewToken = catchAsync(
+    async (req: Request, res: Response) => {
+        const refreshToken = req.cookies.refreshToken;
+        const betterAuthSessionToken = req.cookies["better-auth.session_token"];
+        if (!refreshToken) {
+            throw new AppError(status.UNAUTHORIZED, "Refresh token is missing");
+        }
+        const result = await authService.getNewToken(refreshToken, betterAuthSessionToken);
+        const { accessToken, refreshToken: newRefreshToken, sessionToken } = result;
+        tokenUtils.setAccessTokenCookie(res, accessToken);
+        tokenUtils.setRefreshTokenCookie(res, newRefreshToken);
+        tokenUtils.setBetterAuthSessionCookie(res, sessionToken);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "New tokens generated successfully",
+          data: {
+            accessToken,
+            refreshToken: newRefreshToken,
+            sessionToken,
+          },
+        });
+    }
+)
+const changePassword = catchAsync(
+    async (req: Request, res: Response) => {
+        const payload = req.body;
+        const betterAuthSessionToken = req.cookies["better-auth.session_token"];
+        const result = await authService.changePassword(payload, betterAuthSessionToken);
+        const { accessToken, refreshToken, token } = result;
+        tokenUtils.setAccessTokenCookie(res, accessToken);
+        tokenUtils.setRefreshTokenCookie(res, refreshToken);
+        tokenUtils.setBetterAuthSessionCookie(res, token as string);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "Password changed successfully",
+          data: result,
+        });
+    }
+)
+const logoutUser = catchAsync(
+    async (req: Request, res: Response) => {
+        const betterAuthSessionToken = req.cookies["better-auth.session_token"];
+        const result = await authService.logoutUser(betterAuthSessionToken);
+        cookieUtils.clearCookie(res, 'accessToken', {
+            httpOnly: true,
+            secure: true,
+            sameSite: "none",
+        });
+        cookieUtils.clearCookie(res, 'refreshToken', {
+            httpOnly: true,
+            secure: true,
+            sameSite: "none",
+        });
+        cookieUtils.clearCookie(res, 'better-auth.session_token', {
+            httpOnly: true,
+            secure: true,
+            sameSite: "none",
+        });
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "User logged out successfully",
+          data: result,
+        });
+    }
+)
+const verifyEmail = catchAsync(
+    async (req: Request, res: Response) => {
+        const { email, otp } = req.body;
+        await authService.verifyEmail(email, otp);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "Email verified successfully",
+        });
+    }
+)
+const forgetPassword = catchAsync(
+    async (req: Request, res: Response) => {
+        const { email } = req.body;
+        await authService.forgetPassword(email);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "Password reset OTP sent to email successfully",
+        });
+    }
+)
+const resetPassword = catchAsync(
+    async (req: Request, res: Response) => {
+        const { email, otp, newPassword } = req.body;
+        await authService.resetPassword(email, otp, newPassword);
+        sendResponse(res, {
+          status: status.OK,
+          success: true,
+          message: "Password reset successfully",
+        });
+    }
+)
+const googleLogin = catchAsync((req: Request, res: Response) => {
+    const redirectPath = req.query.redirect || "/dashboard";
+    const encodedRedirectPath = encodeURIComponent(redirectPath as string);
+    const callbackURL = `${envVars.BETTER_AUTH_URL}/api/v1/auth/google/success?redirect=${encodedRedirectPath}`;
+    res.render("googleRedirect", {
+        callbackURL : callbackURL,
+        betterAuthUrl : envVars.BETTER_AUTH_URL,
+    })
+})
+const googleLoginSuccess = catchAsync(async (req: Request, res: Response) => {
+    const redirectPath = req.query.redirect as string || "/dashboard";
+    const sessionToken = req.cookies["better-auth.session_token"];
+    if(!sessionToken){
+        return res.redirect(`${envVars.FRONTEND_URL}/login?error=oauth_failed`);
+    }
+    const session = await auth.api.getSession({
+        headers:{
+            "Cookie" : `better-auth.session_token=${sessionToken}`
+        }
+    })
+    if (!session) {
+        return res.redirect(`${envVars.FRONTEND_URL}/login?error=no_session_found`);
+    }
+    if(session && !session.user){
+        return res.redirect(`${envVars.FRONTEND_URL}/login?error=no_user_found`);
+    }
+    const result = await authService.googleLoginSuccess(session);
+    const {accessToken, refreshToken} = result;
+    tokenUtils.setAccessTokenCookie(res, accessToken);
+    tokenUtils.setRefreshTokenCookie(res, refreshToken);
+    const isValidRedirectPath = redirectPath.startsWith("/") && !redirectPath.startsWith("//");
+    const finalRedirectPath = isValidRedirectPath ? redirectPath : "/dashboard";
+    res.redirect(`${envVars.FRONTEND_URL}${finalRedirectPath}`);
+})
+const handleOAuthError = catchAsync((req: Request, res: Response) => {
+    const error = req.query.error as string || "oauth_failed";
+    res.redirect(`${envVars.FRONTEND_URL}/login?error=${error}`);
+})
+export const authController = {
+    registerUser,
+    loginUser,
+    getMe,
+    getNewToken,
+    changePassword,
+    logoutUser,
+    verifyEmail,
+    forgetPassword,
+    resetPassword,
+    googleLogin,
+    googleLoginSuccess,
+    handleOAuthError,
+};

package/modules/auth/better-auth/files/express/modules/auth/auth.interface.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { Role } from "@prisma/client";
+export interface ILoginUserPayload {
+    email: string;
+    password: string;
+}
+export interface IRegisterUserPayload {
+    name: string;
+    email: string;
+    password: string;
+}
+export interface IChangePasswordPayload {
+    currentPassword: string;
+    newPassword: string;
+}
+export interface IRequestUser {
+  id: string;
+  role: Role | string;
+  email: string;
+}

package/modules/auth/better-auth/files/express/modules/auth/auth.route.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { Role } from "@prisma/client";
+import { Router } from "express";
+import { authorize } from "../../shared/middlewares/authorize.middleware";
+import { authController } from "./auth.controller";
+const router = Router()
+router.post("/register", authController.registerUser)
+router.post("/login", authController.loginUser)
+router.get("/me", authorize(Role.ADMIN, Role.USER, Role.SUPER_ADMIN), authController.getMe)
+router.post("/refresh-token", authController.getNewToken)
+router.post("/change-password", authorize(Role.ADMIN, Role.USER, Role.SUPER_ADMIN), authController.changePassword)
+router.post("/logout", authorize(Role.ADMIN, Role.USER, Role.SUPER_ADMIN), authController.logoutUser)
+router.post("/verify-email", authController.verifyEmail)
+router.post("/forget-password", authController.forgetPassword)
+router.post("/reset-password", authController.resetPassword)
+router.get("/login/google", authController.googleLogin);
+router.get("/google/success", authController.googleLoginSuccess);
+router.get("/oauth/error", authController.handleOAuthError);
+export const authRoutes = router;