Added a typecheck to password field

BUGFIX: force a logout if refresh token is too old
Updated dependencies
2023-05-15 08:03:54 +10:00 · 2023-05-05 03:56:24 +10:00 · 2023-05-03 21:31:30 +10:00 · 2023-03-25 01:49:17 +11:00 · 2023-03-19 02:52:44 +11:00 · 2023-02-21 09:30:12 +11:00
14 changed files with 1439 additions and 9888 deletions
@@ -2,6 +2,7 @@ WEB_PROTOCOL=http
 WEB_ADDRESS=localhost
 WEB_RESET_ADDRESS=localhost/reset
 WEB_PORT=3200
 WEB_ORIGIN=http://localhost:3001
 DB_HOSTNAME=database
 DB_DATABASE=auth
@@ -1,23 +0,0 @@
 name: Node.js CI
 on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
 jobs:
  build:
    name: Run test suites
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [16.x]
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v2
      with:
        node-version: ${{ matrix.node-version }}
        cache: 'npm'
    - run: npm ci
    - run: npm run build --if-present
    - run: npm test
@@ -1,5 +1,5 @@
-FROM node:16
+FROM node:18-bullseye-slim
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production
@@ -1,4 +1,4 @@
-Copyright (c) 2021 Kayne Ruse, KR Game Studios
+Copyright (c) 2021-2023 Kayne Ruse, KR Game Studios
 This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
@@ -29,8 +29,9 @@ const question = (prompt, def = null) => {
 (async () => {
 	//project configuration
 	const appName = await question('App Name', 'auth');
-	const appWebOrigin = await question('Web Origin', `example.com`);
+	const appWebProtocol = await question('Web Protocol', 'https');
-	const appWebAddress = await question('Web Addr', `${appName}.${appWebOrigin}`);
+	const appWebAddress = await question('Web Addr', `${appName}.example.com`);
 	const appWebOrigin = await question('Web Origin', `${appWebProtocol}://example.com`); //TODO: clean these up properly
 	const postValidationHookArray = await question('Post Validation Hook Array', '');
 	const resetAddress = await question('Reset Addr', `example.com/reset`);
 	const appPort = await question('App Port', '3200');
@@ -70,7 +71,7 @@ services:
      - "traefik.http.routers.${appName}router.service=${appName}service@docker"
      - "traefik.http.services.${appName}service.loadbalancer.server.port=${appPort}"
    environment:
-      - WEB_PROTOCOL=https
+      - WEB_PROTOCOL=${appWebProtocol}
      - WEB_ORIGIN=${appWebOrigin}
      - WEB_ADDRESS=${appWebAddress}
      - HOOK_POST_VALIDATION_ARRAY=${postValidationHookArray}
@@ -132,7 +133,7 @@ networks:
 `;
 	const dockerfile = `
-FROM node:16
+FROM node:18-bullseye-slim
 WORKDIR "/app"
 COPY package*.json ./
 RUN npm install --production
@@ -1,13 +1,12 @@
 {
  "name": "auth-server",
-  "version": "1.6.1",
+  "version": "1.7.4",
  "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
  "main": "server/server.js",
  "scripts": {
    "start": "node server/server.js",
    "dev": "npm run watch:server",
-    "watch:server": "nodemon . --ext js,jsx,json --ignore 'node_modules/*'",
+    "watch:server": "nodemon . --ext js,jsx,json --ignore 'node_modules/*'"
    "test": "jest --coverage --collectCoverageFrom=server/**/*.{js,jsx}"
  },
  "repository": {
    "type": "git",
@@ -23,17 +22,16 @@
    "bcryptjs": "^2.4.3",
    "cookie-parser": "^1.4.6",
    "cors": "^2.8.5",
-    "dotenv": "^8.6.0",
+    "dotenv": "^16.0.3",
-    "express": "^4.17.1",
+    "express": "^4.18.2",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
-    "mariadb": "^2.5.4",
+    "mariadb": "^3.1.1",
-    "node-cron": "^2.0.3",
+    "node-cron": "^3.0.2",
-    "node-fetch": "^2.6.6",
+    "node-fetch": "^2.6.9",
-    "nodemailer": "^6.6.3",
+    "nodemailer": "^6.9.1",
-    "sequelize": "^6.6.5"
+    "sequelize": "^6.31.1"
  },
  "devDependencies": {
-    "jest": "^27.5.1",
+    "nodemon": "^2.0.22"
    "nodemon": "^2.0.12"
  }
 }
@@ -83,6 +83,10 @@ const validateDetails = async (body) => {
 		return 'Missing password';
 	}
 	if (typeof body.password != "string") {
 		return 'Invalid password';
 	}
 	if (body.password.length < 8) {
 		return 'Password too short';
 	}
@@ -13,7 +13,7 @@ app.use(express.json());
 app.use(cors({
 	credentials: true,
-	origin: [`${process.env.WEB_PROTOCOL}://${process.env.WEB_ORIGIN}`],
+	origin: [`${process.env.WEB_ORIGIN}`],
 	allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
 	exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
 }));
@@ -1,117 +0,0 @@
 describe('POST /auth/login', () => {
 	beforeEach(() => {
 		jest.resetModules();
 		//fix util with jest (used by bcrypt's compare)
 		jest.doMock('util', () => ({
 			promisify: f => async () => f()
 		}));
 		//mock out bcrypt
 		jest.doMock('bcryptjs', () => ({
 			genSalt: async amount => {
 				expect(amount).toBe(11);
 				return 'salt';
 			},
 			hash: async (password, salt) => {
 				expect(password).toBe('password');
 				return 'hashed-password';
 			},
 			compare: (lhs, rhs) => {
 				return lhs === rhs;
 			}
 		}));
 		//mock out jsonwebtoken
 		jest.doMock('jsonwebtoken', () => ({
 			sign: (content, secretAccess, opts) => {
 				return JSON.stringify(content);
 			},
 			verify: (token, secretAccess, callback) => {
 				return callback(null, JSON.parse(token));
 			},
 		}));
 		//mock out the sequelize library
 		jest.doMock('sequelize', () => {
 			return {
 				Op: {
 					//
 				}
 			}
 		});
 		//mock out the database object
 		jest.doMock('../../server/database', () => {
 			const mSequelize = {
 				authenticate: jest.fn(),
 				define: jest.fn(),
 			};
 			const actualSequelize = jest.requireActual('sequelize');
 			return { Sequelize: jest.fn(() => mSequelize), DataTypes: actualSequelize.DataTypes };			
 		});
 		//mock out the database models
 		jest.doMock('../../server/database/models', () => ({
 			accounts: {
 				findOne: async (config) => { //can't find any (signup state)
 					expect(config?.where?.email).toBe('email@example.com');
 					return {
 						index: 0,
 						email: config?.where?.email,
 						username: 'username',
 						type: 'alpha',
 						admin: false,
 						mod: false,
 					};
 				},
 				update: async (values, config) => {
 					//Do nothing
 				}
 			},
 			tokens: {
 				create: async (record) => {
 					//Do nothing
 				}
 			}
 		}));
 	});
 	test('Basic valid login attempt', async () => {
 		//arguments
 		const req = {
 			body: {
 				email: 'email@example.com',
 				password: 'password',
 			}
 		};
 		const res = {
 			status: code => {
 				expect(code).toBe(200);
 				return {
 					json: tokens => {
 						//decode and analyze the JWT payload
 						const accessToken = JSON.parse(tokens.accessToken);
 						expect(accessToken.email).toBe('email@example.com');
 						expect(accessToken.username).toBe('username');
 					},
 					send: msg => { throw msg; },
 					end: () => null
 				}
 			}
 		}
 		//test
 		const route = require('../../server/auth/login');
 		const result = await route(req, res);
 		expect(result).toBe(null);
 	});
 });
@@ -1,98 +0,0 @@
 describe('POST /auth/signup', () => {
 	beforeEach(() => {
 		jest.resetModules();
 		//mock out bcrypt
 		jest.doMock('bcryptjs', () => ({
 			genSalt: async amount => {
 				expect(amount).toBe(11);
 				return 'salt';
 			},
 			hash: async (password, salt) => {
 				expect(password).toBe('password');
 				return 'hashed-password';
 			}
 		}));
 		//mock out nodemailer
 		jest.doMock('nodemailer', () => ({
 			createTransport: jest.fn(config => {
 				//TODO: test config?
 				return { //return a fake transport object
 					sendMail: async email => {
 						expect(email.to).toBe('email@example.com');
 						return { //return a fake info object
 							accepted: [ email.to ]
 						}
 					}
 				};
 			}),
 		}));
 		//mock out the sequelize library
 		jest.doMock('sequelize', () => {
 			return {
 				Op: {
 					//
 				}
 			}
 		});
 		//mock out the database object
 		jest.doMock('../../server/database', () => {
 			const mSequelize = {
 				authenticate: jest.fn(),
 				define: jest.fn(),
 			};
 			const actualSequelize = jest.requireActual('sequelize');
 			return { Sequelize: jest.fn(() => mSequelize), DataTypes: actualSequelize.DataTypes };			
 		});
 		//mock out the database models
 		jest.doMock('../../server/database/models', () => ({
 			accounts: {
 				findOne: () => null //can't find any (signup state)
 			},
 			pendingSignups: {
 				upsert: jest.fn(async record => {
 					expect(record.email).toBe('email@example.com');
 					expect(record.username).toBe('username');
 					expect(record.hash).toBe('hashed-password');
 					expect(record.contact).toBe(true);
 					//token is a random UUID
 				})
 			}
 		}));
 	});
 	test('Basic valid signup attempt', async () => {
 		//arguments
 		const req = {
 			body: {
 				email: 'email@example.com',
 				username: 'username',
 				password: 'password',
 				contact: true
 			}
 		};
 		const res = {
 			status: code => {
 				expect(code).toBe(200);
 				return {
 					send: msg => expect(msg).toBe('Validation email sent!'),
 					end: () => null
 				}
 			}
 		}
 		//test
 		const route = require('../../server/auth/signup');
 		const result = await route(req, res);
 		expect(result).toBe(null);
 	});
 });
@@ -1,65 +0,0 @@
 describe('Integration Test Suite', () => {
 	beforeEach(() => {
 		jest.resetModules();
 		//mock dotenv
 		jest.doMock('dotenv', () => ({
 			config: () => null
 		}));
 		//mock express
 		jest.doMock('express', () => {
 			const express = () => ({
 				identity: 'app',
 				use: () => null,
 				get: () => null,
 			});
 			express.Router = () => ({
 				identity: 'Router',
 				use: () => null,
 				get: () => null,
 				post: () => null,
 				patch: () => null,
 				delete: () => null,
 			});
 			express.json = () => 'json';
 			return express;
 		});
 		//mock http
 		jest.doMock('http', () => ({
 			Server: app => {
 				expect(app.identity).toBe('app');
 				return {
 					listen: (port, cb) => cb()
 				}
 			}
 		}));
 		//mock sequelize
 		class Seq {
 			sync() {}
 			define() {}
 			static INTEGER() {}
 		};
 		jest.doMock('sequelize', () => {
 			return Seq;
 		});
 		//mock node-cron
 		jest.doMock('node-cron', () => {
 			return {
 				schedule: () => null
 			}
 		});
 	});
 	test('Start The Server', () => {
 		const serv = require('../server/server');
 	});
 });
@@ -1,87 +0,0 @@
 describe('token-auth', () => {
 	beforeEach(() => {
 		jest.resetModules();
 		//mock out jsonwebtoken
 		jest.doMock('jsonwebtoken', () => ({
 			verify: (token, secretAccess, callback) => {
 				if (token != 'invalid') {
 					expect(token).toBe('testtoken');
 					return callback(null, { username: 'username' });
 				} else {
 					expect(token).toBe('invalid');
 					return callback('Misc. error');
 				}
 			},
 		}));
 	});
 	test('Required Functionality', () => {
 		const tokenAuth = require('../../server/utilities/token-auth');
 		const req = {
 			headers: {
 				authorization: 'Bearer testtoken'
 			}
 		};
 		const res = {
 			status: code => {
 				expect(code).toBe(null);
 				return msg => { throw msg; };
 			}
 		};
 		tokenAuth(req, res, () => null);
 		expect(req.user.username).toBe('username');
 	});
 	test('Missing Token', () => {
 		const tokenAuth = require('../../server/utilities/token-auth');
 		const req = {
 			headers: {
 				//
 			}
 		};
 		const res = {
 			status: code => {
 				expect(code).toBe(401);
 				return {
 					send: msg => {
 						expect(msg).toBe('No token found');
 						return null;
 					}
 				};
 			}
 		};
 		tokenAuth(req, res, () => null);
 	});
 	test('Invalid Token', () => {
 		const tokenAuth = require('../../server/utilities/token-auth');
 		const req = {
 			headers: {
 				authorization: 'Bearer invalid'
 			}
 		};
 		const res = {
 			status: code => {
 				expect(code).toBe(403);
 				return {
 					send: msg => {
 						expect(msg).toBe('Misc. error');
 						return null;
 					}
 				};
 			}
 		};
 		tokenAuth(req, res, () => null);
 	});
 });
@@ -9,6 +9,12 @@ const TokenProvider = props => {
 	//state to be used
 	const [accessToken, setAccessToken] = useState('');
 	//force a logout under certain conditions
 	const forceLogout = () => {
 		localStorage.removeItem("accessToken");
 		setAccessToken("");
 	};
 	//make the access token persist between reloads
 	useEffect(() => {
 		setAccessToken(localStorage.getItem("accessToken") || '');
@@ -19,6 +25,11 @@ const TokenProvider = props => {
 		localStorage.setItem("accessToken", accessToken);
 	}, [accessToken]);
 	//force a logout if refresh token is too old
 	if (accessToken && (new Date(Date.now() - 60 * 60 * 24 * 30 * 1000).getTime() > decode(accessToken).exp * 1000)) {
 		forceLogout();
 	}
 	//wrap the default fetch function
 	const tokenFetch = async (url, options) => {
 		//use this?
@@ -47,6 +58,9 @@ const TokenProvider = props => {
 			//any errors, throw them
 			if (!response.ok) {
 				if (response.status == 403) {
 					forceLogout();
 				}
 				throw `${response.status}: ${await response.text()}`;
 			}
@@ -82,6 +96,9 @@ const TokenProvider = props => {
 			//any errors, throw them
 			if (!response.ok) {
 				if (response.status == 403) {
 					forceLogout();
 				}
 				throw `${response.status}: ${await response.text()}`;
 			}
Author	SHA1	Message	Date
Kayne Ruse	267ecaa705	Added a typecheck to password field	2023-05-15 08:03:54 +10:00
Kayne Ruse	3a8cfd39ed	BUGFIX: force a logout if refresh token is too old	2023-05-05 03:56:24 +10:00
Kayne Ruse	b157ef18ff	Updated dependencies	2023-05-03 21:31:30 +10:00
Kayne Ruse	500035284f	Updated depencencies, bumped version	2023-03-25 01:49:17 +11:00
Kayne Ruse	c5360a70d6	Updated dependencies	2023-03-19 02:52:44 +11:00
Kayne Ruse	cf4c8a0f99	Updated dependencies	2023-02-21 09:30:12 +11:00
Kayne Ruse	21527d8931	Updated dependencies, License	2023-01-12 08:08:27 +11:00
Kayne Ruse	a54e802942	Bumped version number	2023-01-04 12:56:04 +00:00
Kayne Ruse	f8abd9110d	Switched to a slim docker distro	2023-01-04 23:51:43 +11:00
Kayne Ruse	406345ada1	Updated libraries	2022-12-31 19:02:27 +00:00
Kayne Ruse	d79a70d66f	Bumped version number	2022-12-01 12:07:10 +00:00
Kayne Ruse	cec30620ec	BUGFIX: clear out old refresh tokens	2022-12-01 12:06:20 +00:00
Kayne Ruse	763efb75bf	Updated dependencies	2022-11-29 05:06:10 +00:00
Kayne Ruse	77260d5d30	Updated dependencies	2022-11-13 02:15:31 +00:00
Kayne Ruse	157bb5dd90	Updated dependencies	2022-08-01 10:39:30 +01:00
Kayne Ruse	20657fda22	Minor tweak	2022-07-26 13:37:10 +01:00
Kayne Ruse	168bc695b6	Tweaked WEB_ORIGIN	2022-07-26 11:49:34 +01:00
`@@ -1,4 +1,4 @@`
	`Copyright (c) 2021 Kayne Ruse, KR Game Studios`	`Copyright (c) 2021-2023 Kayne Ruse, KR Game Studios`

	`This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.`	`This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.`