underpost 2.6.3 → 2.7.2

package/src/server/auth.js

@@ -1,204 +1,235 @@
-/**
- * Module for managing identity and authorization
- * @module src/server/auth.js
- * @namespace Auth
- */
-
-import dotenv from 'dotenv';
-import jwt from 'jsonwebtoken';
-import { loggerFactory } from './logger.js';
-import crypto from 'crypto';
-import { userRoleEnum } from '../api/user/user.model.js';
-import { validatePassword } from '../client/components/core/CommonJs.js';
-
-dotenv.config();
-
-const logger = loggerFactory(import.meta);
-
-/* The `const config` object is defining parameters related to the hashing process used for password
-security. Here's a breakdown of each property in the `config` object: */
-const config = {
-  hashBytes: 32,
-  saltBytes: 16,
-  iterations: 872791,
-  digest: 'sha512',
-};
-
-/**
- * @param {String} password - given password to hash
- * @returns {String} the hash corresponding to the password
- * @memberof Auth
- */
-function hashPassword(password) {
-  const { iterations, hashBytes, digest, saltBytes } = config;
-  const salt = crypto.randomBytes(saltBytes).toString('hex');
-  const hash = crypto.pbkdf2Sync(password, salt, iterations, hashBytes, digest).toString('hex');
-  return [salt, hash].join('$');
-}
-
-/**
- * @param {String} password - password to verify
- * @param {String} combined - a combined salt + hash returned by hashPassword function
- * @returns {Boolean} true if password correspond to the hash. False otherwise
- * @memberof Auth
- */
-function verifyPassword(password, combined) {
-  const { iterations, hashBytes, digest } = config;
-  const [salt, originalHash] = combined.split('$');
-  const hash = crypto.pbkdf2Sync(password, salt, iterations, hashBytes, digest).toString('hex');
-  return hash === originalHash;
-}
-
-// jwt middleware
-
-/**
- * The hashJWT function generates a JSON Web Token (JWT) with a specified payload and expiration time.
- * @param payload - The `payload` parameter in the `hashJWT` function is the data that you want to
- * encode into the JSON Web Token (JWT). It typically contains information about the user or any other
- * relevant data that you want to securely transmit.
- * @param expire - The `expire` parameter in the `hashJWT` function is used to specify the expiration
- * time for the JSON Web Token (JWT) being generated. If a value is provided for `expire`, it will be
- * used as the expiration time. If `expire` is not provided (i.e., it
- * @memberof Auth
- */
-const hashJWT = (payload, expire) =>
-  jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: expire !== undefined ? expire : `${process.env.EXPIRE}h` });
-
-/**
- * The function `verifyJWT` is used to verify a JSON Web Token (JWT) using a secret key stored in the
- * environment variables.
- * @param [token] - The `token` parameter is a JSON Web Token (JWT) that is passed to the `verifyJWT`
- * function for verification.
- * @memberof Auth
- */
-const verifyJWT = (token = '') => jwt.verify(token, process.env.JWT_SECRET);
-
-/**
- * The authMiddleware function checks and verifies the authorization token in the request headers
- * before allowing access to protected routes.
- * @param req - The `req` parameter in the `authMiddleware` function stands for the request object. It
- * contains information about the HTTP request made to the server, including headers, body, parameters,
- * and more. In this context, the function is extracting the authorization token from the request
- * headers to authenticate the user.
- * @param res - The `res` parameter in the `authMiddleware` function is the response object that
- * represents the HTTP response that an Express.js server sends when it receives an HTTP request. It is
- * used to send a response back to the client with status codes, headers, and data.
- * @param next - The `next` parameter in the `authMiddleware` function is a callback function that is
- * used to pass control to the next middleware function in the stack. When called, it invokes the next
- * middleware function in the chain. This is a common pattern in Express.js middleware functions to
- * move to the next middleware
- * @returns {Object} The `req.auth` included JWT payload in request authorization
- * @memberof Auth
- */
-const authMiddleware = (req, res, next) => {
-  try {
-    const authHeader = String(req.headers['authorization'] || req.headers['Authorization'] || '');
-    if (authHeader.startsWith('Bearer ')) {
-      const token = authHeader.substring(7, authHeader.length);
-      const payload = verifyJWT(token);
-      req.auth = payload;
-      return next();
-    }
-    return res.status(401).json({
-      status: 'error',
-      message: 'unauthorized: invalid token',
-    });
-  } catch (error) {
-    logger.error(error, error.stack);
-    return res.status(400).json({
-      status: 'error',
-      message: error.message,
-    });
-  }
-};
-
-/**
- * The `adminGuard` function checks if the user has admin role permission and returns an error message
- * if not.
- * @param req - The `req` parameter typically represents the HTTP request object in Node.js. It
- * contains information about the incoming request such as the request headers, parameters, body, and
- * more. In the context of your `adminGuard` function, `req` is the request object that is being passed
- * to the middleware
- * @param res - The `res` parameter in the `adminGuard` function is the response object in Express.js.
- * It is used to send a response back to the client making the HTTP request.
- * @param next - The `next` parameter in the `adminGuard` function is a callback function that is used
- * to pass control to the next middleware function in the stack. When called, it executes the next
- * middleware function. If there are no more middleware functions in the stack, it will proceed to the
- * route handler.
- * @returns The `adminGuard` function is returning either a 403 status with an error message if the
- * user role is not 'admin', or it is calling the `next()` function to proceed to the next middleware
- * if the user role is 'admin'. If an error occurs during the process, it will log the error and return
- * a 400 status with the error message.
- * @memberof Auth
- */
-const adminGuard = (req, res, next) => {
-  try {
-    if (!(userRoleEnum.indexOf(req.auth.user.role) === userRoleEnum.indexOf('admin')))
-      return res.status(403).json({ status: 'error', message: 'Insufficient permission' });
-    return next();
-  } catch (error) {
-    logger.error(error, error.stack);
-    return res.status(400).json({
-      status: 'error',
-      message: error.message,
-    });
-  }
-};
-
-/**
- * The function `moderatorGuard` checks if the user's role is at least a moderator and handles errors
- * accordingly.
- * @param req - The `req` parameter in the `moderatorGuard` function typically represents the HTTP
- * request object, which contains information about the incoming request such as headers, parameters,
- * body, etc. It is commonly used to access data sent from the client to the server.
- * @param res - The `res` parameter in the `moderatorGuard` function is the response object in
- * Express.js. It is used to send a response back to the client making the HTTP request.
- * @param next - The `next` parameter in the `moderatorGuard` function is a callback function that is
- * used to pass control to the next middleware function in the stack. When called, it will execute the
- * next middleware function. In the context of Express.js middleware, `next` is typically called to
- * move to
- * @returns In the `moderatorGuard` function, if the user's role is not a moderator or higher, a 403
- * status with an error message "Insufficient permission" is returned. If there is an error during the
- * process, a 400 status with the error message is returned. If everything is successful, the `next()`
- * function is called to proceed to the next middleware in the chain.
- * @memberof Auth
- */
-const moderatorGuard = (req, res, next) => {
-  try {
-    if (!(userRoleEnum.indexOf(req.auth.user.role) <= userRoleEnum.indexOf('moderator')))
-      return res.status(403).json({ status: 'error', message: 'Insufficient permission' });
-    return next();
-  } catch (error) {
-    logger.error(error, error.stack);
-    return res.status(400).json({
-      status: 'error',
-      message: error.message,
-    });
-  }
-};
-
-const validatePasswordMiddleware = (req, password) => {
-  let errors = [];
-  if (req.body && 'password' in req.body) errors = validatePassword(req.body.password);
-  if (errors.length > 0)
-    return {
-      status: 'error',
-      message:
-        'Password, ' + errors.map((e, i) => (i > 0 ? ', ' : '') + (e[req.lang] ? e[req.lang] : e['en'])).join(''),
-    };
-  else
-    return {
-      status: 'success',
-    };
-};
-
-export {
-  authMiddleware,
-  hashPassword,
-  verifyPassword,
-  hashJWT,
-  adminGuard,
-  moderatorGuard,
-  verifyJWT,
-  validatePasswordMiddleware,
-};
+/**
+ * Module for managing identity and authorization
+ * @module src/server/auth.js
+ * @namespace Auth
+ */
+
+import dotenv from 'dotenv';
+import jwt from 'jsonwebtoken';
+import { loggerFactory } from './logger.js';
+import crypto from 'crypto';
+import { userRoleEnum } from '../api/user/user.model.js';
+import { validatePassword } from '../client/components/core/CommonJs.js';
+
+dotenv.config();
+
+const logger = loggerFactory(import.meta);
+
+/* The `const config` object is defining parameters related to the hashing process used for password
+security. Here's a breakdown of each property in the `config` object: */
+const config = {
+  hashBytes: 32,
+  saltBytes: 16,
+  iterations: 872791,
+  digest: 'sha512',
+};
+
+/**
+ * @param {String} password - given password to hash
+ * @returns {String} the hash corresponding to the password
+ * @memberof Auth
+ */
+function hashPassword(password) {
+  const { iterations, hashBytes, digest, saltBytes } = config;
+  const salt = crypto.randomBytes(saltBytes).toString('hex');
+  const hash = crypto.pbkdf2Sync(password, salt, iterations, hashBytes, digest).toString('hex');
+  return [salt, hash].join('$');
+}
+
+/**
+ * @param {String} password - password to verify
+ * @param {String} combined - a combined salt + hash returned by hashPassword function
+ * @returns {Boolean} true if password correspond to the hash. False otherwise
+ * @memberof Auth
+ */
+function verifyPassword(password, combined) {
+  const { iterations, hashBytes, digest } = config;
+  const [salt, originalHash] = combined.split('$');
+  const hash = crypto.pbkdf2Sync(password, salt, iterations, hashBytes, digest).toString('hex');
+  return hash === originalHash;
+}
+
+// jwt middleware
+
+/**
+ * The hashJWT function generates a JSON Web Token (JWT) with a specified payload and expiration time.
+ * @param payload - The `payload` parameter in the `hashJWT` function is the data that you want to
+ * encode into the JSON Web Token (JWT). It typically contains information about the user or any other
+ * relevant data that you want to securely transmit.
+ * @param expire - The `expire` parameter in the `hashJWT` function is used to specify the expiration
+ * time for the JSON Web Token (JWT) being generated. If a value is provided for `expire`, it will be
+ * used as the expiration time. If `expire` is not provided (i.e., it
+ * @memberof Auth
+ */
+const hashJWT = (payload, expire) =>
+  jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: expire !== undefined ? expire : `${process.env.EXPIRE}h` });
+
+/**
+ * The function `verifyJWT` is used to verify a JSON Web Token (JWT) using a secret key stored in the
+ * environment variables.
+ * @param token - The `token` parameter is a JSON Web Token (JWT) that is passed to the `verifyJWT`
+ * function for verification.
+ * @memberof Auth
+ */
+const verifyJWT = (token = '') => jwt.verify(token, process.env.JWT_SECRET);
+
+/**
+ * The function `getBearerToken` extracts and returns the Bearer token from the Authorization header in
+ * a request object.
+ * @param req - The `req` parameter in the `getBearerToken` function is typically an object
+ * representing the HTTP request. It is commonly used in Node.js applications with frameworks like
+ * Express.js. The `req` object contains information about the incoming HTTP request, including
+ * headers, body, parameters, and more. In
+ * @returns {String} The function `getBearerToken` is returning the Bearer token extracted from the
+ * Authorization header in the request object. If the Authorization header starts with 'Bearer ', it
+ * will return the token portion of the header (excluding 'Bearer ').
+ * @memberof Auth
+ */
+const getBearerToken = (req) => {
+  const authHeader = String(req.headers['authorization'] || req.headers['Authorization'] || '');
+  if (authHeader.startsWith('Bearer ')) return authHeader.substring(7, authHeader.length);
+  return '';
+};
+
+/**
+ * The function `getPayloadJWT` extracts and verifies a JWT payload from a request using a bearer
+ * token.
+ * @param req - The `req` parameter is typically used in web development to represent the HTTP request
+ * object. It contains information about the incoming request, such as headers, parameters, and body
+ * data. In this context, it seems like the `getPayloadJWT` function is designed to extract and verify
+ * a JWT token from
+ * @returns {Object} The JWT payload from a request using a bearer
+ * @memberof Auth
+ */
+const getPayloadJWT = (req) => verifyJWT(getBearerToken(req));
+
+/**
+ * The authMiddleware function checks and verifies the authorization token in the request headers
+ * before allowing access to protected routes.
+ * @param req - The `req` parameter in the `authMiddleware` function stands for the request object. It
+ * contains information about the HTTP request made to the server, including headers, body, parameters,
+ * and more. In this context, the function is extracting the authorization token from the request
+ * headers to authenticate the user.
+ * @param res - The `res` parameter in the `authMiddleware` function is the response object that
+ * represents the HTTP response that an Express.js server sends when it receives an HTTP request. It is
+ * used to send a response back to the client with status codes, headers, and data.
+ * @param next - The `next` parameter in the `authMiddleware` function is a callback function that is
+ * used to pass control to the next middleware function in the stack. When called, it invokes the next
+ * middleware function in the chain. This is a common pattern in Express.js middleware functions to
+ * move to the next middleware
+ * @returns {Object} The `req.auth` included JWT payload in request authorization
+ * @memberof Auth
+ */
+const authMiddleware = (req, res, next) => {
+  try {
+    const token = getBearerToken(req);
+    if (token) {
+      const payload = verifyJWT(token);
+      req.auth = payload;
+      return next();
+    } else
+      return res.status(401).json({
+        status: 'error',
+        message: 'unauthorized: invalid token',
+      });
+  } catch (error) {
+    logger.error(error, error.stack);
+    return res.status(400).json({
+      status: 'error',
+      message: error.message,
+    });
+  }
+};
+
+/**
+ * The `adminGuard` function checks if the user has admin role permission and returns an error message
+ * if not.
+ * @param req - The `req` parameter typically represents the HTTP request object in Node.js. It
+ * contains information about the incoming request such as the request headers, parameters, body, and
+ * more. In the context of your `adminGuard` function, `req` is the request object that is being passed
+ * to the middleware
+ * @param res - The `res` parameter in the `adminGuard` function is the response object in Express.js.
+ * It is used to send a response back to the client making the HTTP request.
+ * @param next - The `next` parameter in the `adminGuard` function is a callback function that is used
+ * to pass control to the next middleware function in the stack. When called, it executes the next
+ * middleware function. If there are no more middleware functions in the stack, it will proceed to the
+ * route handler.
+ * @returns The `adminGuard` function is returning either a 403 status with an error message if the
+ * user role is not 'admin', or it is calling the `next()` function to proceed to the next middleware
+ * if the user role is 'admin'. If an error occurs during the process, it will log the error and return
+ * a 400 status with the error message.
+ * @memberof Auth
+ */
+const adminGuard = (req, res, next) => {
+  try {
+    if (!(userRoleEnum.indexOf(req.auth.user.role) === userRoleEnum.indexOf('admin')))
+      return res.status(403).json({ status: 'error', message: 'Insufficient permission' });
+    return next();
+  } catch (error) {
+    logger.error(error, error.stack);
+    return res.status(400).json({
+      status: 'error',
+      message: error.message,
+    });
+  }
+};
+
+/**
+ * The function `moderatorGuard` checks if the user's role is at least a moderator and handles errors
+ * accordingly.
+ * @param req - The `req` parameter in the `moderatorGuard` function typically represents the HTTP
+ * request object, which contains information about the incoming request such as headers, parameters,
+ * body, etc. It is commonly used to access data sent from the client to the server.
+ * @param res - The `res` parameter in the `moderatorGuard` function is the response object in
+ * Express.js. It is used to send a response back to the client making the HTTP request.
+ * @param next - The `next` parameter in the `moderatorGuard` function is a callback function that is
+ * used to pass control to the next middleware function in the stack. When called, it will execute the
+ * next middleware function. In the context of Express.js middleware, `next` is typically called to
+ * move to
+ * @returns In the `moderatorGuard` function, if the user's role is not a moderator or higher, a 403
+ * status with an error message "Insufficient permission" is returned. If there is an error during the
+ * process, a 400 status with the error message is returned. If everything is successful, the `next()`
+ * function is called to proceed to the next middleware in the chain.
+ * @memberof Auth
+ */
+const moderatorGuard = (req, res, next) => {
+  try {
+    if (!(userRoleEnum.indexOf(req.auth.user.role) <= userRoleEnum.indexOf('moderator')))
+      return res.status(403).json({ status: 'error', message: 'Insufficient permission' });
+    return next();
+  } catch (error) {
+    logger.error(error, error.stack);
+    return res.status(400).json({
+      status: 'error',
+      message: error.message,
+    });
+  }
+};
+
+const validatePasswordMiddleware = (req, password) => {
+  let errors = [];
+  if (req.body && 'password' in req.body) errors = validatePassword(req.body.password);
+  if (errors.length > 0)
+    return {
+      status: 'error',
+      message:
+        'Password, ' + errors.map((e, i) => (i > 0 ? ', ' : '') + (e[req.lang] ? e[req.lang] : e['en'])).join(''),
+    };
+  else
+    return {
+      status: 'success',
+    };
+};
+
+export {
+  authMiddleware,
+  hashPassword,
+  verifyPassword,
+  hashJWT,
+  adminGuard,
+  moderatorGuard,
+  verifyJWT,
+  validatePasswordMiddleware,
+  getBearerToken,
+  getPayloadJWT,
+};

package/src/server/backup.js

@@ -1,84 +1,101 @@
-import fs from 'fs-extra';
-import { loggerFactory } from './logger.js';
-import { shellExec } from './process.js';
-import { getDataDeploy } from './conf.js';
-
-const logger = loggerFactory(import.meta);
-
-const BackUpManagement = {
-  Init: async function () {
-    await this.Callback();
-    setInterval(async () => {
-      await this.Callback();
-    }, 1000 * 60 * 60); // hourly interval
-  },
-  Callback: async function () {
-    const privateCronConfPath = `./engine-private/conf/${process.argv[2]}/conf.cron.json`;
-
-    const confCronPath = fs.existsSync(privateCronConfPath) ? privateCronConfPath : './conf/conf.cron.json';
-
-    const { backups } = JSON.parse(fs.readFileSync(confCronPath, 'utf8'));
-
-    if (!backups) return;
-
-    const currentDate = new Date().getTime();
-
-    if (!fs.existsSync('./engine-private/cron-backups'))
-      fs.mkdirSync('./engine-private/cron-backups', { recursive: true });
-
-    for (const deployGroupData of backups) {
-      const { deployGroupId } = deployGroupData;
-      const dataDeploy = getDataDeploy({ deployGroupId });
-
-      for (const deployObj of dataDeploy) {
-        const { deployId } = deployObj;
-
-        const confServer = JSON.parse(
-          fs.existsSync(`./engine-private/replica/${deployId}/conf.server.json`)
-            ? fs.readFileSync(`./engine-private/replica/${deployId}/conf.server.json`, 'utf8')
-            : fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8'),
-        );
-
-        for (const host of Object.keys(confServer))
-          for (const path of Object.keys(confServer[host])) {
-            // retention policy
-            let { db, backupFrequency, maxBackupRetention } = confServer[host][path];
-
-            if (!db) continue;
-
-            if (!backupFrequency) backupFrequency = 'daily';
-            if (!maxBackupRetention) maxBackupRetention = 5;
-
-            const backUpPath = `./engine-private/cron-backups/${host}${path.replace(/\\/g, '/').replace(`/`, '-')}`;
-            if (!fs.existsSync(backUpPath)) fs.mkdirSync(`${backUpPath}`, { recursive: true });
-            // .isDirectory()
-            const files = await fs.readdir(backUpPath, { withFileTypes: true });
-
-            const currentBackupsDirs = files
-              .map((fileObj) => parseInt(fileObj.name))
-              .sort((a, b) => a - b)
-              .reverse();
-
-            switch (backupFrequency) {
-              case 'daily':
-
-              default:
-                if (currentBackupsDirs[0] && currentDate - currentBackupsDirs[0] <= 1000 * 60 * 60 * 24) continue;
-                break;
-            }
-
-            for (const retentionPath of currentBackupsDirs.filter((t, i) => i >= maxBackupRetention + 1)) {
-              const removePathRetention = `${backUpPath}/${retentionPath}`;
-              fs.removeSync(removePathRetention);
-            }
-
-            fs.mkdirSync(`${backUpPath}/${currentDate}`, { recursive: true });
-
-            shellExec(`node bin/db ${host}${path} export ${deployId} ${backUpPath}/${currentDate}`);
-          }
-      }
-    }
-  },
-};
-
-export { BackUpManagement };
+import fs from 'fs-extra';
+import { loggerFactory } from './logger.js';
+import { shellCd, shellExec } from './process.js';
+import { getCronBackUpFolder, getDataDeploy } from './conf.js';
+import cron from 'node-cron';
+
+const logger = loggerFactory(import.meta);
+
+const BackUpManagement = {
+  Init: async function () {
+    await BackUpManagement.Callback();
+
+    // Schedule the sending process to run every day at 1 am
+    cron.schedule(
+      '0 1 * * *',
+      async () => {
+        await BackUpManagement.Callback();
+      },
+      {
+        scheduled: true,
+        timezone: process.env.TIME_ZONE || 'America/New_York',
+      },
+    );
+  },
+  Callback: async function () {
+    const privateCronConfPath = `./engine-private/conf/${process.argv[2]}/conf.cron.json`;
+
+    const confCronPath = fs.existsSync(privateCronConfPath) ? privateCronConfPath : './conf/conf.cron.json';
+
+    const { backups } = JSON.parse(fs.readFileSync(confCronPath, 'utf8'));
+
+    if (!backups) return;
+
+    const currentDate = new Date().getTime();
+
+    if (!fs.existsSync('./engine-private/cron-backups'))
+      fs.mkdirSync('./engine-private/cron-backups', { recursive: true });
+
+    for (const deployGroupData of backups) {
+      const { deployGroupId } = deployGroupData;
+      const dataDeploy = getDataDeploy({ deployGroupId });
+
+      for (const deployObj of dataDeploy) {
+        const { deployId, replicaHost } = deployObj;
+
+        if (replicaHost) continue;
+
+        const confServer = JSON.parse(
+          fs.existsSync(`./engine-private/replica/${deployId}/conf.server.json`)
+            ? fs.readFileSync(`./engine-private/replica/${deployId}/conf.server.json`, 'utf8')
+            : fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8'),
+        );
+
+        for (const host of Object.keys(confServer))
+          for (const path of Object.keys(confServer[host])) {
+            // retention policy
+            let { db, backupFrequency, maxBackupRetention, singleReplica } = confServer[host][path];
+
+            if (!db || singleReplica) continue;
+
+            if (!backupFrequency) backupFrequency = 'daily';
+            if (!maxBackupRetention) maxBackupRetention = 5;
+
+            const backUpPath = `${process.cwd()}/engine-private/cron-backups/${getCronBackUpFolder(host, path)}`;
+            if (!fs.existsSync(backUpPath)) fs.mkdirSync(`${backUpPath}`, { recursive: true });
+            // .isDirectory()
+            const files = await fs.readdir(backUpPath, { withFileTypes: true });
+
+            const currentBackupsDirs = files
+              .map((fileObj) => parseInt(fileObj.name))
+              .sort((a, b) => a - b)
+              .reverse();
+
+            switch (backupFrequency) {
+              case 'daily':
+
+              default:
+                if (currentBackupsDirs[0] && currentDate - currentBackupsDirs[0] <= 1000 * 60 * 60 * 24) continue;
+                break;
+            }
+
+            for (const retentionPath of currentBackupsDirs.filter((t, i) => i >= maxBackupRetention + 1)) {
+              const removePathRetention = `${backUpPath}/${retentionPath}`;
+              fs.removeSync(removePathRetention);
+            }
+
+            fs.mkdirSync(`${backUpPath}/${currentDate}`, { recursive: true });
+
+            shellExec(`node bin/db ${host}${path} export ${deployId} ${backUpPath}/${currentDate}`);
+          }
+      }
+    }
+    shellCd(`./engine-private`);
+    shellExec(`git pull origin master`);
+    shellExec(`git add . && git commit -m "backup ${new Date().toLocaleDateString()}"`);
+    shellExec(`git push origin master`);
+    shellCd(`..`);
+  },
+};
+
+export { BackUpManagement };