zet-lib 2.0.1 → 3.0.0

package/lib/csrf.js

@@ -0,0 +1,129 @@
+"use strict";
+
+const crypto = require('crypto');
+
+/**
+ * CSRF Protection Middleware
+ * Compatible with csurf API for easy migration
+ * 
+ * @param {Object} options - Configuration options
+ * @param {Boolean} options.cookie - Use cookie-based storage (default: false, uses session)
+ * @param {String} options.cookieKey - Cookie name for secret (default: '_csrf')
+ * @param {String} options.value - Function to get token from request (default: reads from body/query/header)
+ * @param {Boolean} options.ignoreMethods - HTTP methods to ignore (default: ['GET', 'HEAD', 'OPTIONS'])
+ * @param {String} options.secretLength - Length of secret (default: 24)
+ */
+function csrf(options = {}) {
+  const opts = {
+    cookie: options.cookie !== undefined ? options.cookie : false,
+    cookieKey: options.cookieKey || '_csrf',
+    value: options.value || defaultValue,
+    ignoreMethods: options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'],
+    secretLength: options.secretLength || 24
+  };
+
+  // Generate a secret for cookie-based storage
+  function generateSecret() {
+    return crypto.randomBytes(opts.secretLength).toString('base64');
+  }
+
+  // Generate CSRF token from secret
+  function generateToken(secret) {
+    return crypto
+      .createHash('sha1')
+      .update(secret + 'csrfSecret')
+      .digest('base64');
+  }
+
+  // Get secret from cookie or session
+  function getSecret(req) {
+    if (opts.cookie) {
+      return req.cookies && req.cookies[opts.cookieKey];
+    } else {
+      return req.session && req.session._csrfSecret;
+    }
+  }
+
+  // Set secret in cookie or session
+  function setSecret(req, res, secret) {
+    if (opts.cookie) {
+      // Set cookie if not already set
+      if (!req.cookies || !req.cookies[opts.cookieKey]) {
+        res.cookie(opts.cookieKey, secret, {
+          httpOnly: true,
+          secure: process.env.NODE_ENV === 'production',
+          sameSite: 'strict',
+          maxAge: 86400000 // 24 hours
+        });
+        // Also set in req.cookies for immediate access
+        if (!req.cookies) {
+          req.cookies = {};
+        }
+        req.cookies[opts.cookieKey] = secret;
+      }
+    } else {
+      if (!req.session) {
+        throw new Error('Session is required when cookie option is false');
+      }
+      if (!req.session._csrfSecret) {
+        req.session._csrfSecret = secret;
+      }
+    }
+  }
+
+  // Default function to get token from request
+  function defaultValue(req) {
+    return (req.body && req.body._csrf) ||
+           (req.query && req.query._csrf) ||
+           (req.headers['csrf-token']) ||
+           (req.headers['xsrf-token']) ||
+           (req.headers['x-csrf-token']) ||
+           (req.headers['x-xsrf-token']);
+  }
+
+  // Middleware function
+  return function csrfMiddleware(req, res, next) {
+    // Get or create secret
+    let secret = getSecret(req);
+    if (!secret) {
+      secret = generateSecret();
+      setSecret(req, res, secret);
+    }
+
+    // Attach csrfToken method to request
+    req.csrfToken = function csrfToken() {
+      return generateToken(getSecret(req));
+    };
+
+    // Skip CSRF validation for ignored methods
+    if (opts.ignoreMethods.indexOf(req.method) !== -1) {
+      return next();
+    }
+
+    // Skip CSRF validation for AJAX calls (X-Requested-With header)
+    // This allows AJAX calls without token refresh
+    if (req.headers['x-requested-with'] === 'XMLHttpRequest' || req.xhr) {
+      return next();
+    }
+
+    // Get token from request
+    const token = opts.value(req);
+    const secretValue = getSecret(req);
+    const expectedToken = generateToken(secretValue);
+
+    // Validate token
+    if (!token || token !== expectedToken) {
+      const err = new Error('Invalid CSRF token');
+      err.status = 403;
+      err.code = 'EBADCSRFTOKEN';
+      return next(err);
+    }
+
+    // Token is valid, continue
+    next();
+  };
+}
+
+// Export the csrf function
+module.exports = csrf;
+

package/lib/generatorApi.js

@@ -3,7 +3,7 @@ const router = express.Router();
 const generatorApp = require("./generatorApp");
 const configGenerator = require('./config_generator');
 
-const csrf = require('csurf');
+const csrf = require('./csrf');
 const Model = require("./Model");
 const fs = require('fs-extra');
 //const {connection, Util} = require('zet-lib');

package/lib/index.js

@@ -28,7 +28,8 @@ const coreModules = {
   zPage: require("./zPage"),
   zTester: require("./zTester"),
   zCache: require("./zCache"),
-  zDropbox: require("./zDropbox")
+  zDropbox: require("./zDropbox"),
+  csrf: require("./csrf")
 };
 
 // Heavy dependencies - lazy loaded (only when accessed)

package/lib/moduleLib.js

@@ -147,92 +147,185 @@ m.location = function (req, res, key) {
   let script = ``;
   let head = ``;
   let end = ``;
-  end += `<script src="https://maps.googleapis.com/maps/api/js?key=${process.env.GOOGLE_KEY}&callback=initAutocompleteZmap&libraries=places&language=ID" defer></script>`;
-  script += `let searchAddressMap;
-    let autocompleteMap;
-    function initAutocompleteZmap() {
-        if(mapLocationJSON && mapLocationJSON.lat) {
-            $("#search_map_location").val(mapLocationJSON.address1);
-            initMap(mapLocationJSON.lat,mapLocationJSON.lon);
-        } else {
-          navigator.geolocation.getCurrentPosition(function(location) {
-            initMap(location.coords.latitude,location.coords.longitude);
-            $("#search_map_location").val("My Place");
-          });
+  end =+ `<script src="https://maps.googleapis.com/maps/api/js?key=${process.env.GOOGLE_KEY}&callback=initAutocompleteZmap&libraries=places,marker&language=ID&loading=async" defer></script>`
+  script += `let searchAddressMap, autocompleteMap, marker, map;
+
+function initAutocompleteZmap() {
+    if (mapLocationJSON && mapLocationJSON.lat) {
+        $("#search_map_location").val(mapLocationJSON.address1);
+        initMap(mapLocationJSON.lat, mapLocationJSON.lon);
+    } else {
+        navigator.geolocation.getCurrentPosition(function(position) {
+            initMap(position.coords.latitude, position.coords.longitude);
+            $("#search_map_location").val("");
+        });
+    }
+    
+    searchAddressMap = document.querySelector("#search_map_location");
+    
+    // Use PlaceAutocompleteElement (new API) instead of deprecated Autocomplete
+    // Check if PlaceAutocompleteElement is available
+    if (google.maps.places && google.maps.places.PlaceAutocompleteElement) {
+        try {
+            // Create PlaceAutocompleteElement programmatically
+            autocompleteMap = new google.maps.places.PlaceAutocompleteElement({
+                inputField: searchAddressMap,
+                componentRestrictions: {country: ["ID"]},
+                requestedResultFields: ["formattedAddress", "geometry", "addressComponents"]
+            });
+            
+            // Listen for place selection event
+            autocompleteMap.addEventListener("gmp-placeselect", function(event) {
+                if (event.place) {
+                    fillInAddressNew(event.place);
+                }
+            });
+            
+            searchAddressMap.focus();
+        } catch (e) {
+            console.warn("Error initializing PlaceAutocompleteElement, falling back to Autocomplete:", e);
+            // Fallback to old Autocomplete API
+            autocompleteMap = new google.maps.places.Autocomplete(searchAddressMap, {
+                componentRestrictions: {country: ["ID"]},
+                fields: ["address_component", "geometry"]
+            });
+            searchAddressMap.focus();
+            autocompleteMap.addListener("place_changed", fillInAddress);
         }
-        searchAddressMap = document.querySelector("#search_map_location");
+    } else {
+        // Fallback to old Autocomplete API if PlaceAutocompleteElement is not available
+        console.warn("PlaceAutocompleteElement not available, using legacy Autocomplete");
         autocompleteMap = new google.maps.places.Autocomplete(searchAddressMap, {
             componentRestrictions: {country: ["ID"]},
-            fields: ["address_component", "geometry"],
+            fields: ["address_component", "geometry"]
         });
         searchAddressMap.focus();
         autocompleteMap.addListener("place_changed", fillInAddress);
     }
+}
+
+function fillInAddress() {
+    var place = autocompleteMap.getPlace();
+    var lat = place.geometry.location.lat();
+    var lng = place.geometry.location.lng();
+    initMap(lat, lng);
+    mapLocationJSON = {
+        lat: lat,
+        lon: lng,
+        address1: $("#search_map_location").val(),
+        address2: place.address_components
+    };
+    setAddress();
+}
+
+function fillInAddressNew(place) {
+    // Handle PlaceAutocompleteElement place selection
+    var location = place.geometry.location;
+    var lat = typeof location.lat === 'function' ? location.lat() : location.lat;
+    var lng = typeof location.lng === 'function' ? location.lng() : location.lng;
     
-    function fillInAddress() {
-        const place = autocompleteMap.getPlace();
-        let lat = place.geometry.location.lat();
-        let lon = place.geometry.location.lng();
-        initMap(lat, lon);
-        mapLocationJSON = {
-            lat:lat,
-            lon:lon,
-            address1: $("#search_map_location").val(),
-            address2:place.address_components,
-        }
-        setAddress();
-    }
-    function setAddress() {
-        $("#${key}").val(JSON.stringify(mapLocationJSON));
-    }
-    function initMap(lat, lon) {
-        let position = {lat: lat, lng: lon}
-        const map = new google.maps.Map(document.getElementById("map_${key}"), {
-            zoom: 13,
-            center: position,
-            draggable: true
+    initMap(lat, lng);
+    mapLocationJSON = {
+        lat: lat,
+        lon: lng,
+        address1: place.formattedAddress || $("#search_map_location").val(),
+        address2: place.addressComponents || []
+    };
+    setAddress();
+}
+
+function setAddress() {
+    $("#${key}").val(JSON.stringify(mapLocationJSON));
+}
+
+function initMap(lat, lng) {
+    var position = {lat: lat, lng: lng};
+    
+    // Create map with mapId for AdvancedMarkerElement support
+    // If you have a custom map ID from Google Cloud Console, replace "DEMO_MAP_ID" with it
+    map = new google.maps.Map(document.getElementById("map_${key}"), {
+        zoom: 13,
+        center: position,
+        draggable: true,
+        mapId: "DEMO_MAP_ID" // Required for AdvancedMarkerElement - replace with your actual Map ID
+    });
+    
+    // Use AdvancedMarkerElement instead of deprecated Marker
+    // Note: AdvancedMarkerElement requires mapId on the map
+    try {
+        marker = new google.maps.marker.AdvancedMarkerElement({
+            position: position,
+            map: map,
+            gmpDraggable: true,
+            title: $("#search_map_location").val() || "Location"
         });
-        var marker;
-        placeMarker(position, map);
-        var infowindow = new google.maps.InfoWindow();
-        function placeMarker(position, map) {
-            marker = new google.maps.Marker({
-                position: position,
-                map: map,
-                draggable: true,
-                animation: google.maps.Animation.DROP,
+        
+        // Handle marker drag end
+        marker.addListener("dragend", function(event) {
+            var newPosition = event.latLng || marker.position;
+            mapLocationJSON.lat = typeof newPosition.lat === 'function' ? newPosition.lat() : newPosition.lat;
+            mapLocationJSON.lon = typeof newPosition.lng === 'function' ? newPosition.lng() : newPosition.lng;
+            
+            var geocoder = new google.maps.Geocoder();
+            geocoder.geocode({location: newPosition}, function(results, status) {
+                if (status == google.maps.GeocoderStatus.OK) {
+                    $("#search_map_location").val(results[0].formatted_address);
+                    $("#mapErrorMsg").hide(100);
+                    mapLocationJSON.address2 = results[0].formatted_address;
+                    mapLocationJSON.address1 = $("#search_map_location").val();
+                    setAddress();
+                } else {
+                    $("#mapErrorMsg").html("Cannot determine address at this location." + status).show(100);
+                }
             });
-            map.panTo(position);
-        }
-        google.maps.event.addListener(marker, 'dragend', function () {
-            geocodePosition(marker.getPosition());
         });
-        google.maps.event.addListener(marker, 'click', function() {
-            infowindow.setContent($("#search_map_location").val());
-            infowindow.open(map, this)
+        
+        // Handle marker click
+        marker.addListener("click", function() {
+            var infoWindow = new google.maps.InfoWindow({
+                content: $("#search_map_location").val()
+            });
+            infoWindow.open(map, marker);
+        });
+    } catch (e) {
+        // Fallback to old Marker API if AdvancedMarkerElement is not available
+        console.warn("AdvancedMarkerElement not available, using legacy Marker:", e);
+        marker = new google.maps.Marker({
+            position: position,
+            map: map,
+            draggable: true,
+            animation: google.maps.Animation.DROP
         });
-        function geocodePosition(pos) {
-            mapLocationJSON.lat=pos.lat();
-            mapLocationJSON.lon=pos.lng();
+        
+        google.maps.event.addListener(marker, "dragend", function() {
+            var newPosition = marker.getPosition();
+            mapLocationJSON.lat = newPosition.lat();
+            mapLocationJSON.lon = newPosition.lng();
+            
             var geocoder = new google.maps.Geocoder();
-            geocoder.geocode
-            ({
-                    latLng: pos
-                },
-                function (results, status) {
-                    if (status == google.maps.GeocoderStatus.OK) {
-                        $("#search_map_location").val(results[0].formatted_address);
-                        $("#mapErrorMsg").hide(100);
-                        mapLocationJSON.address2=results[0].formatted_address;
-                        mapLocationJSON.address1=$("#search_map_location").val();
-                        setAddress();
-                    } else {
-                        $("#mapErrorMsg").html('Cannot determine address at this location.' + status).show(100);
-                    }
+            geocoder.geocode({latLng: newPosition}, function(results, status) {
+                if (status == google.maps.GeocoderStatus.OK) {
+                    $("#search_map_location").val(results[0].formatted_address);
+                    $("#mapErrorMsg").hide(100);
+                    mapLocationJSON.address2 = results[0].formatted_address;
+                    mapLocationJSON.address1 = $("#search_map_location").val();
+                    setAddress();
+                } else {
+                    $("#mapErrorMsg").html("Cannot determine address at this location." + status).show(100);
                 }
-            );
-        }
-    }`;
+            });
+        });
+        
+        google.maps.event.addListener(marker, "click", function() {
+            var infoWindow = new google.maps.InfoWindow({
+                content: $("#search_map_location").val()
+            });
+            infoWindow.open(map, marker);
+        });
+    }
+    
+    map.panTo(position);
+}`;
   return {
     head: head,
     end: end,

package/lib/views/router.txt

@@ -1,5 +1,5 @@
 const router = require('express').Router();
-const csrf = require('csurf');
+const {csrf} = require('zet-lib');
 const csrfProtection = csrf({cookie: true});
 const {Util, access, connection, moduleLib, zDebug, zRoute, zRole, zDataTable, zForm} = require('zet-lib');
 const MYMODEL = require('./../models/[[[TABLE_NAME]]]');

package/lib/views/zgenerator/routerApp.ejs

@@ -1,5 +1,5 @@
 const router = require('express').Router();
-const csrf = require('csurf');
+const {csrf} = require('zet-lib');
 const csrfProtection = csrf({cookie: true});
 const {Util, access, connection, moduleLib, zDebug, zRoute, zRole, zDataTable, zForm} = require('zet-lib');
 const MYMODEL = require('./../models/[[[TABLE_NAME]]]');

package/lib/zAppRouter.js

@@ -1,7 +1,7 @@
 require("dotenv").config();
 const express = require("express");
 const router = express.Router();
-const csrf = require("csurf");
+const csrf = require("./csrf");
 const csrfProtection = csrf({ cookie: true });
 const zRoute = require("./zRoute");
 const connection = require("./connection");

package/lib/zGeneratorRouter.js

@@ -1,6 +1,6 @@
 const express = require("express");
 const router = express.Router();
-const csrf = require("csurf");
+const csrf = require("./csrf");
 const csrfProtection = csrf({ cookie: true });
 const fs = require("fs-extra");
 const axios = require("axios");

package/lib/zMenuRouter.js

@@ -1,6 +1,6 @@
 const express = require('express');
 const router = express.Router();
-const csrf = require('csurf');
+const csrf = require('./csrf');
 const csrfProtection = csrf({cookie: true});
 const fs = require('fs-extra');
 //const {Util, connection, zRole, zCache } = require('zet-lib');

package/lib/zPage.js

@@ -52,7 +52,7 @@ zpage.build = async (req, res) => {
 
 zpage.coreCode = () => {
     return `const router = require('express').Router();
-const csrf = require('csurf');
+const {csrf} = require('zet-lib');
 const csrfProtection = csrf({cookie: true});
 const fs = require('fs-extra');
 const qs = require('qs');

package/lib/zRoleRouter.js

@@ -1,7 +1,7 @@
 const express = require('express')
 const router = express.Router()
 // setup route middlewares
-const csrf = require('csurf')
+const csrf = require('./csrf')
 const bodyParser = require('body-parser')
 const path = require('path')
 const parseForm = bodyParser.urlencoded({ extended: true })

package/lib/zViewGenerator.js

@@ -1,6 +1,6 @@
 const express = require('express');
 const router = express.Router();
-const csrf = require('csurf');
+const csrf = require('./csrf');
 const csrfProtection = csrf({cookie: true});
 const fs = require("fs-extra");
 const Util = require("./Util");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zet-lib",
-  "version": "2.0.1",
+  "version": "3.0.0",
   "description": "zet is a library that part of zet generator.",
   "engines": {
     "node": ">=18"
@@ -30,7 +30,6 @@
   "dependencies": {
     "axios": "^1.7.9",
     "convert-excel-to-json": "^1.7.0",
-    "csurf": "^1.11.0",
     "dotenv": "^16.5.0",
     "dropbox": "^10.34.0",
     "ejs": "^3.1.10",