farmcontrol/farmcontrol-api
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: farmcontrol:a2d62ddec1dd2da318d899bb679803ab7f258e64
Branches Tags
farmcontrol:main
farmcontrol:config-updates
...
compare: farmcontrol:a9c4b29f9f2d6d7fc0fecd4ca2a42014eefbefff
Branches Tags
farmcontrol:main
farmcontrol:config-updates

3 Commits
a2d62ddec1 ... a9c4b29f9f

Author SHA1 Message Date
Tom Butcher
a9c4b29f9f Improved notifications.
Some checks failed
farmcontrol/farmcontrol-api/pipeline/head There was a failure building this commit
Details
2026-03-01 19:21:05 +00:00
Tom Butcher
6e3b900423 Implemented redis session storage. 2026-03-01 17:06:26 +00:00
Tom Butcher
78509ed3a2 Implemented email notifications. 2026-03-01 16:54:56 +00:00
12 changed files with 1100 additions and 388 deletions
Show Stats Expand all files Collapse all files

30
config.json
View File

@ -46,6 +46,16 @@
"filesBucket": "farmcontrol" "filesBucket": "farmcontrol"
} }
}, },
"smtp": {
"host": "mail.tombutcher.work",
"port": 465,
"secure": true,
"auth": {
"user": "farmcontrol",
"pass": "XwV5u3jWufuo5E5U4N9hBHfNfwk28D7fNdFN"
},
"from": "FarmControl <farmcontrol@tombutcher.work>"
},
"otpExpiryMins": 0.5 "otpExpiryMins": 0.5
}, },
"test": { "test": {
@ -95,6 +105,16 @@
"filesBucket": "farmcontrol-test" "filesBucket": "farmcontrol-test"
} }
}, },
"smtp": {
"host": "localhost",
"port": 587,
"secure": false,
"auth": {
"user": "",
"pass": ""
},
"from": "FarmControl <farmcontrol@tombutcher.work>"
},
"otpExpiryMins": 0.5 "otpExpiryMins": 0.5
}, },
"production": { "production": {
@ -143,6 +163,16 @@
"region": "us-east-1", "region": "us-east-1",
"filesBucket": "farmcontrol" "filesBucket": "farmcontrol"
} }
},
"smtp": {
"host": "localhost",
"port": 587,
"secure": false,
"auth": {
"user": "",
"pass": ""
},
"from": "FarmControl <noreply@farmcontrol.app>"
} }
} }
} }

1
package.json
View File

@ -30,6 +30,7 @@
"nodemailer": "*", "nodemailer": "*",
"nodemon": "^3.1.11", "nodemon": "^3.1.11",
"pg": "^8.16.3", "pg": "^8.16.3",
"puppeteer": "^24.37.5",
"redis": "^5.10.0", "redis": "^5.10.0",
"sequelize": "^6.37.7" "sequelize": "^6.37.7"
}, },

388
pnpm-lock.yaml generated
View File

@ -86,6 +86,9 @@ importers:
pg: pg:
specifier: ^8.16.3 specifier: ^8.16.3
version: 8.18.0 version: 8.18.0
puppeteer:
specifier: ^24.37.5
version: 24.37.5
redis: redis:
specifier: ^5.10.0 specifier: ^5.10.0
version: 5.10.0 version: 5.10.0
@ -1184,6 +1187,11 @@ packages:
resolution: {integrity: sha512-QNqXyfVS2wm9hweSYD2O7F0G06uurj9kZ96TRQE5Y9hU7+tgdZwIkbAKc5Ocy1HxEY2kuDQa6cQ1WRs/O5LFKA==} resolution: {integrity: sha512-QNqXyfVS2wm9hweSYD2O7F0G06uurj9kZ96TRQE5Y9hU7+tgdZwIkbAKc5Ocy1HxEY2kuDQa6cQ1WRs/O5LFKA==}
engines: {node: ^12.20.0 || ^14.18.0 || >=16.0.0} engines: {node: ^12.20.0 || ^14.18.0 || >=16.0.0}
'@puppeteer/browsers@2.13.0':
resolution: {integrity: sha512-46BZJYJjc/WwmKjsvDFykHtXrtomsCIrwYQPOP7VfMJoZY2bsDF9oROBABR3paDjDcmkUye1Pb1BqdcdiipaWA==}
engines: {node: '>=18'}
hasBin: true
'@redis/bloom@5.10.0': '@redis/bloom@5.10.0':
resolution: {integrity: sha512-doIF37ob+l47n0rkpRNgU8n4iacBlKM9xLiP1LtTZTvz8TloJB8qx/MgvhMhKdYG+CvCY2aPBnN2706izFn/4A==} resolution: {integrity: sha512-doIF37ob+l47n0rkpRNgU8n4iacBlKM9xLiP1LtTZTvz8TloJB8qx/MgvhMhKdYG+CvCY2aPBnN2706izFn/4A==}
engines: {node: '>= 18'} engines: {node: '>= 18'}
@ -1733,6 +1741,17 @@ packages:
axios@1.13.4: axios@1.13.4:
resolution: {integrity: sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==} resolution: {integrity: sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==}
axios@1.13.6:
resolution: {integrity: sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==}
b4a@1.8.0:
resolution: {integrity: sha512-qRuSmNSkGQaHwNbM7J78Wwy+ghLEYF1zNrSeMxj4Kgw6y33O3mXcQ6Ie9fRvfU/YnxWkOchPXbaLb73TkIsfdg==}
peerDependencies:
react-native-b4a: '*'
peerDependenciesMeta:
react-native-b4a:
optional: true
babel-jest@30.2.0: babel-jest@30.2.0:
resolution: {integrity: sha512-0YiBEOxWqKkSQWL9nNGGEgndoeL0ZpWrbLMNL5u/Kaxrli3Eaxlt3ZtIDktEvXt4L/R9r3ODr2zKwGM/2BjxVw==} resolution: {integrity: sha512-0YiBEOxWqKkSQWL9nNGGEgndoeL0ZpWrbLMNL5u/Kaxrli3Eaxlt3ZtIDktEvXt4L/R9r3ODr2zKwGM/2BjxVw==}
engines: {node: ^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0} engines: {node: ^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0}
@ -1781,6 +1800,44 @@ packages:
balanced-match@1.0.2: balanced-match@1.0.2:
resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
bare-events@2.8.2:
resolution: {integrity: sha512-riJjyv1/mHLIPX4RwiK+oW9/4c3TEUeORHKefKAKnZ5kyslbN+HXowtbaVEqt4IMUB7OXlfixcs6gsFeo/jhiQ==}
peerDependencies:
bare-abort-controller: '*'
peerDependenciesMeta:
bare-abort-controller:
optional: true
bare-fs@4.5.5:
resolution: {integrity: sha512-XvwYM6VZqKoqDll8BmSww5luA5eflDzY0uEFfBJtFKe4PAAtxBjU3YIxzIBzhyaEQBy1VXEQBto4cpN5RZJw+w==}
engines: {bare: '>=1.16.0'}
peerDependencies:
bare-buffer: '*'
peerDependenciesMeta:
bare-buffer:
optional: true
bare-os@3.7.0:
resolution: {integrity: sha512-64Rcwj8qlnTZU8Ps6JJEdSmxBEUGgI7g8l+lMtsJLl4IsfTcHMTfJ188u2iGV6P6YPRZrtv72B2kjn+hp+Yv3g==}
engines: {bare: '>=1.14.0'}
bare-path@3.0.0:
resolution: {integrity: sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==}
bare-stream@2.8.0:
resolution: {integrity: sha512-reUN0M2sHRqCdG4lUK3Fw8w98eeUIZHL5c3H7Mbhk2yVBL+oofgaIp0ieLfD5QXwPCypBpmEEKU2WZKzbAk8GA==}
peerDependencies:
bare-buffer: '*'
bare-events: '*'
peerDependenciesMeta:
bare-buffer:
optional: true
bare-events:
optional: true
bare-url@2.3.2:
resolution: {integrity: sha512-ZMq4gd9ngV5aTMa5p9+UfY0b3skwhHELaDkhEHetMdX0LRkW9kzaym4oo/Eh+Ghm0CCDuMTsRIGM/ytUc1ZYmw==}
baseline-browser-mapping@2.9.19: baseline-browser-mapping@2.9.19:
resolution: {integrity: sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==} resolution: {integrity: sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==}
hasBin: true hasBin: true
@ -1788,6 +1845,7 @@ packages:
basic-ftp@5.1.0: basic-ftp@5.1.0:
resolution: {integrity: sha512-RkaJzeJKDbaDWTIPiJwubyljaEPwpVWkm9Rt5h9Nd6h7tEXTJ3VB4qxdZBioV7JO5yLUaOKwz7vDOzlncUsegw==} resolution: {integrity: sha512-RkaJzeJKDbaDWTIPiJwubyljaEPwpVWkm9Rt5h9Nd6h7tEXTJ3VB4qxdZBioV7JO5yLUaOKwz7vDOzlncUsegw==}
engines: {node: '>=10.0.0'} engines: {node: '>=10.0.0'}
deprecated: Security vulnerability fixed in 5.2.0, please upgrade
bcrypt@6.0.0: bcrypt@6.0.0:
resolution: {integrity: sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==} resolution: {integrity: sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==}
@ -1898,11 +1956,16 @@ packages:
resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==} resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
engines: {node: '>= 8.10.0'} engines: {node: '>= 8.10.0'}
chromedriver@145.0.0: chromedriver@146.0.0:
resolution: {integrity: sha512-rnqHS3u+OEdhaS3PmV7V8KYHBLiIOrIKMkRZSEaQcQXnpqHQTPBrS/1x7r0MJvuywtv2qFQYNbd5yXUmuxFvmg==} resolution: {integrity: sha512-fDAbuEy+Dn9F/h8fphiQIUEyUDOTGlfjZHfI9dJZz75+ui/LIHqWzStQt87vpwA9oV3ut4C2W3flfvbn3KELFQ==}
engines: {node: '>=20'} engines: {node: '>=20'}
hasBin: true hasBin: true
chromium-bidi@14.0.0:
resolution: {integrity: sha512-9gYlLtS6tStdRWzrtXaTMnqcM4dudNegMXJxkR0I/CXObHalYeYcAMPrL19eroNZHtJ8DQmu1E+ZNOYu/IXMXw==}
peerDependencies:
devtools-protocol: '*'
ci-info@4.4.0: ci-info@4.4.0:
resolution: {integrity: sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==} resolution: {integrity: sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==}
engines: {node: '>=8'} engines: {node: '>=8'}
@ -2014,6 +2077,15 @@ packages:
resolution: {integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==} resolution: {integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==}
engines: {node: '>= 0.10'} engines: {node: '>= 0.10'}
cosmiconfig@9.0.0:
resolution: {integrity: sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==}
engines: {node: '>=14'}
peerDependencies:
typescript: '>=4.9.5'
peerDependenciesMeta:
typescript:
optional: true
cross-spawn@7.0.6: cross-spawn@7.0.6:
resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==} resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
engines: {node: '>= 8'} engines: {node: '>= 8'}
@ -2111,6 +2183,9 @@ packages:
resolution: {integrity: sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==} resolution: {integrity: sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==}
engines: {node: '>=8'} engines: {node: '>=8'}
devtools-protocol@0.0.1566079:
resolution: {integrity: sha512-MJfAEA1UfVhSs7fbSQOG4czavUp1ajfg6prlAN0+cmfa2zNjaIbvq8VneP7do1WAQQIvgNJWSMeP6UyI90gIlQ==}
dezalgo@1.0.4: dezalgo@1.0.4:
resolution: {integrity: sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==} resolution: {integrity: sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==}
@ -2170,6 +2245,10 @@ packages:
end-of-stream@1.4.5: end-of-stream@1.4.5:
resolution: {integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==} resolution: {integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==}
env-paths@2.2.1:
resolution: {integrity: sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==}
engines: {node: '>=6'}
error-ex@1.3.4: error-ex@1.3.4:
resolution: {integrity: sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==} resolution: {integrity: sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==}
@ -2404,6 +2483,9 @@ packages:
resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==} resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==}
engines: {node: '>= 0.6'} engines: {node: '>= 0.6'}
events-universal@1.0.1:
resolution: {integrity: sha512-LUd5euvbMLpwOF8m6ivPCbhQeSiYVNb8Vs0fQ8QjXo0JTkEHpz8pxdQf0gStltaPpw0Cca8b39KxvK9cfKRiAw==}
execa@5.1.1: execa@5.1.1:
resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==} resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
engines: {node: '>=10'} engines: {node: '>=10'}
@ -2438,6 +2520,9 @@ packages:
fast-diff@1.3.0: fast-diff@1.3.0:
resolution: {integrity: sha512-VxPP4NqbUjj6MaAOafWeUn2cXWLcCtljklUtZf0Ind4XQ+QPtmA0b18zZy0jIQx+ExRVCR/ZQpBmik5lXshNsw==} resolution: {integrity: sha512-VxPP4NqbUjj6MaAOafWeUn2cXWLcCtljklUtZf0Ind4XQ+QPtmA0b18zZy0jIQx+ExRVCR/ZQpBmik5lXshNsw==}
fast-fifo@1.3.2:
resolution: {integrity: sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ==}
fast-json-stable-stringify@2.1.0: fast-json-stable-stringify@2.1.0:
resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==} resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
@ -3323,6 +3408,9 @@ packages:
resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
engines: {node: '>=16 || 14 >=14.17'} engines: {node: '>=16 || 14 >=14.17'}
mitt@3.0.1:
resolution: {integrity: sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==}
mkdirp@0.5.6: mkdirp@0.5.6:
resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==}
hasBin: true hasBin: true
@ -3733,6 +3821,10 @@ packages:
resolution: {integrity: sha512-9uBdv/B4EefsuAL+pWqueZyZS2Ba+LxfFeQ9DN14HU4bN8bhaxKdkpjpB6fs9+pSjIBu+FXQHImEg8j/Lw0+vA==} resolution: {integrity: sha512-9uBdv/B4EefsuAL+pWqueZyZS2Ba+LxfFeQ9DN14HU4bN8bhaxKdkpjpB6fs9+pSjIBu+FXQHImEg8j/Lw0+vA==}
engines: {node: ^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0} engines: {node: ^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0}
progress@2.0.3:
resolution: {integrity: sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==}
engines: {node: '>=0.4.0'}
prop-types@15.8.1: prop-types@15.8.1:
resolution: {integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==} resolution: {integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==}
@ -3750,6 +3842,9 @@ packages:
proxy-from-env@1.1.0: proxy-from-env@1.1.0:
resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==} resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==}
proxy-from-env@2.0.0:
resolution: {integrity: sha512-h2lD3OfRraP3R51rNFKIE8nX+qoLr1mE74X91YhVxtDbt+OD6ntoNZv56+JgI4RCdtwQ5eexsOk1KdOQDfvPCQ==}
pstree.remy@1.1.8: pstree.remy@1.1.8:
resolution: {integrity: sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==} resolution: {integrity: sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==}
@ -3760,6 +3855,15 @@ packages:
resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==} resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
engines: {node: '>=6'} engines: {node: '>=6'}
puppeteer-core@24.37.5:
resolution: {integrity: sha512-ybL7iE78YPN4T6J+sPLO7r0lSByp/0NN6PvfBEql219cOnttoTFzCWKiBOjstXSqi/OKpwae623DWAsL7cn2MQ==}
engines: {node: '>=18'}
puppeteer@24.37.5:
resolution: {integrity: sha512-3PAOIQLceyEmn1Fi76GkGO2EVxztv5OtdlB1m8hMUZL3f8KDHnlvXbvCXv+Ls7KzF1R0KdKBqLuT/Hhrok12hQ==}
engines: {node: '>=18'}
hasBin: true
pure-rand@7.0.1: pure-rand@7.0.1:
resolution: {integrity: sha512-oTUZM/NAZS8p7ANR3SHh30kXB+zK2r2BPcEn/awJIbOvq82WoMN4p62AWWp3Hhw50G0xMsw1mhIBLqHw64EcNQ==} resolution: {integrity: sha512-oTUZM/NAZS8p7ANR3SHh30kXB+zK2r2BPcEn/awJIbOvq82WoMN4p62AWWp3Hhw50G0xMsw1mhIBLqHw64EcNQ==}
@ -3914,6 +4018,11 @@ packages:
engines: {node: '>=10'} engines: {node: '>=10'}
hasBin: true hasBin: true
semver@7.7.4:
resolution: {integrity: sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==}
engines: {node: '>=10'}
hasBin: true
send@1.2.1: send@1.2.1:
resolution: {integrity: sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==} resolution: {integrity: sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==}
engines: {node: '>= 18'} engines: {node: '>= 18'}
@ -4094,6 +4203,9 @@ packages:
resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==} resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==}
engines: {node: '>=10.0.0'} engines: {node: '>=10.0.0'}
streamx@2.23.0:
resolution: {integrity: sha512-kn+e44esVfn2Fa/O0CPFcex27fjIL6MkVae0Mm6q+E6f0hWv578YCERbv+4m02cjxvDsPKLnmxral/rR6lBMAg==}
string-length@4.0.2: string-length@4.0.2:
resolution: {integrity: sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==} resolution: {integrity: sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==}
engines: {node: '>=10'} engines: {node: '>=10'}
@ -4183,13 +4295,25 @@ packages:
resolution: {integrity: sha512-Bh7QjT8/SuKUIfObSXNHNSK6WHo6J1tHCqJsuaFDP7gP0fkzSfTxI8y85JrppZ0h8l0maIgc2tfuZQ6/t3GtnQ==} resolution: {integrity: sha512-Bh7QjT8/SuKUIfObSXNHNSK6WHo6J1tHCqJsuaFDP7gP0fkzSfTxI8y85JrppZ0h8l0maIgc2tfuZQ6/t3GtnQ==}
engines: {node: ^14.18.0 || >=16.0.0} engines: {node: ^14.18.0 || >=16.0.0}
tar-fs@3.1.1:
resolution: {integrity: sha512-LZA0oaPOc2fVo82Txf3gw+AkEd38szODlptMYejQUhndHMLQ9M059uXR+AfS7DNo0NpINvSqDsvyaCrBVkptWg==}
tar-stream@3.1.8:
resolution: {integrity: sha512-U6QpVRyCGHva435KoNWy9PRoi2IFYCgtEhq9nmrPPpbRacPs9IH4aJ3gbrFC8dPcXvdSZ4XXfXT5Fshbp2MtlQ==}
tcp-port-used@1.0.2: tcp-port-used@1.0.2:
resolution: {integrity: sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==} resolution: {integrity: sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==}
teex@1.0.1:
resolution: {integrity: sha512-eYE6iEI62Ni1H8oIa7KlDU6uQBtqr4Eajni3wX7rpfXD8ysFx8z0+dri+KWEPWpBsxXfxu58x/0jvTVT1ekOSg==}
test-exclude@6.0.0: test-exclude@6.0.0:
resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==} resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==}
engines: {node: '>=8'} engines: {node: '>=8'}
text-decoder@1.2.7:
resolution: {integrity: sha512-vlLytXkeP4xvEq2otHeJfSQIRyWxo/oZGEbXrtEEF9Hnmrdly59sUbzZ/QgyWuLYHctCHxFF4tRQZNQ9k60ExQ==}
text-table@0.2.0: text-table@0.2.0:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==} resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
@ -4272,6 +4396,9 @@ packages:
resolution: {integrity: sha512-3KS2b+kL7fsuk/eJZ7EQdnEmQoaho/r6KUef7hxvltNA5DR8NAUM+8wJMbJyZ4G9/7i3v5zPBIMN5aybAh2/Jg==} resolution: {integrity: sha512-3KS2b+kL7fsuk/eJZ7EQdnEmQoaho/r6KUef7hxvltNA5DR8NAUM+8wJMbJyZ4G9/7i3v5zPBIMN5aybAh2/Jg==}
engines: {node: '>= 0.4'} engines: {node: '>= 0.4'}
typed-query-selector@2.12.1:
resolution: {integrity: sha512-uzR+FzI8qrUEIu96oaeBJmd9E7CFEiQ3goA5qCVgc4s5llSubcfGHq9yUstZx/k4s9dXHVKsE35YWoFyvEqEHA==}
typedarray@0.0.6: typedarray@0.0.6:
resolution: {integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==} resolution: {integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==}
@ -4363,6 +4490,9 @@ packages:
walker@1.0.8: walker@1.0.8:
resolution: {integrity: sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==} resolution: {integrity: sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==}
webdriver-bidi-protocol@0.4.1:
resolution: {integrity: sha512-ARrjNjtWRRs2w4Tk7nqrf2gBI0QXWuOmMCx2hU+1jUt6d00MjMxURrhxhGbrsoiZKJrhTSTzbIrc554iKI10qw==}
webidl-conversions@7.0.0: webidl-conversions@7.0.0:
resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==} resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==}
engines: {node: '>=12'} engines: {node: '>=12'}
@ -4414,6 +4544,18 @@ packages:
resolution: {integrity: sha512-+QU2zd6OTD8XWIJCbffaiQeH9U73qIqafo1x6V1snCWYGJf6cVE0cDR4D8xRzcEnfI21IFrUPzPGtcPf8AC+Rw==} resolution: {integrity: sha512-+QU2zd6OTD8XWIJCbffaiQeH9U73qIqafo1x6V1snCWYGJf6cVE0cDR4D8xRzcEnfI21IFrUPzPGtcPf8AC+Rw==}
engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0}
ws@8.19.0:
resolution: {integrity: sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==}
engines: {node: '>=10.0.0'}
peerDependencies:
bufferutil: ^4.0.1
utf-8-validate: '>=5.0.2'
peerDependenciesMeta:
bufferutil:
optional: true
utf-8-validate:
optional: true
xdg-basedir@4.0.0: xdg-basedir@4.0.0:
resolution: {integrity: sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==} resolution: {integrity: sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==}
engines: {node: '>=8'} engines: {node: '>=8'}
@ -4455,6 +4597,9 @@ packages:
resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==} resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
engines: {node: '>=10'} engines: {node: '>=10'}
zod@3.25.76:
resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
snapshots: snapshots:
'@aws-crypto/crc32@5.2.0': '@aws-crypto/crc32@5.2.0':
@ -6121,6 +6266,21 @@ snapshots:
'@pkgr/core@0.2.9': {} '@pkgr/core@0.2.9': {}
'@puppeteer/browsers@2.13.0':
dependencies:
debug: 4.4.3(supports-color@5.5.0)
extract-zip: 2.0.1
progress: 2.0.3
proxy-agent: 6.5.0
semver: 7.7.4
tar-fs: 3.1.1
yargs: 17.7.2
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- react-native-b4a
- supports-color
'@redis/bloom@5.10.0(@redis/client@5.10.0)': '@redis/bloom@5.10.0(@redis/client@5.10.0)':
dependencies: dependencies:
'@redis/client': 5.10.0 '@redis/client': 5.10.0
@ -6494,8 +6654,7 @@ snapshots:
'@testim/chrome-version@1.1.4': '@testim/chrome-version@1.1.4':
optional: true optional: true
'@tootallnate/quickjs-emscripten@0.23.0': '@tootallnate/quickjs-emscripten@0.23.0': {}
optional: true
'@tybys/wasm-util@0.10.1': '@tybys/wasm-util@0.10.1':
dependencies: dependencies:
@ -6644,8 +6803,7 @@ snapshots:
acorn@8.15.0: {} acorn@8.15.0: {}
agent-base@7.1.4: agent-base@7.1.4: {}
optional: true
ajv@6.12.6: ajv@6.12.6:
dependencies: dependencies:
@ -6773,7 +6931,6 @@ snapshots:
ast-types@0.13.4: ast-types@0.13.4:
dependencies: dependencies:
tslib: 2.8.1 tslib: 2.8.1
optional: true
async-function@1.0.0: {} async-function@1.0.0: {}
@ -6793,6 +6950,17 @@ snapshots:
transitivePeerDependencies: transitivePeerDependencies:
- debug - debug
axios@1.13.6:
dependencies:
follow-redirects: 1.15.11
form-data: 4.0.5
proxy-from-env: 1.1.0
transitivePeerDependencies:
- debug
optional: true
b4a@1.8.0: {}
babel-jest@30.2.0(@babel/core@7.29.0): babel-jest@30.2.0(@babel/core@7.29.0):
dependencies: dependencies:
'@babel/core': 7.29.0 '@babel/core': 7.29.0
@ -6877,10 +7045,42 @@ snapshots:
balanced-match@1.0.2: {} balanced-match@1.0.2: {}
bare-events@2.8.2: {}
bare-fs@4.5.5:
dependencies:
bare-events: 2.8.2
bare-path: 3.0.0
bare-stream: 2.8.0(bare-events@2.8.2)
bare-url: 2.3.2
fast-fifo: 1.3.2
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
bare-os@3.7.0: {}
bare-path@3.0.0:
dependencies:
bare-os: 3.7.0
bare-stream@2.8.0(bare-events@2.8.2):
dependencies:
streamx: 2.23.0
teex: 1.0.1
optionalDependencies:
bare-events: 2.8.2
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
bare-url@2.3.2:
dependencies:
bare-path: 3.0.0
baseline-browser-mapping@2.9.19: {} baseline-browser-mapping@2.9.19: {}
basic-ftp@5.1.0: basic-ftp@5.1.0: {}
optional: true
bcrypt@6.0.0: bcrypt@6.0.0:
dependencies: dependencies:
@ -6938,8 +7138,7 @@ snapshots:
bson@6.10.4: {} bson@6.10.4: {}
buffer-crc32@0.2.13: buffer-crc32@0.2.13: {}
optional: true
buffer-equal-constant-time@1.0.1: {} buffer-equal-constant-time@1.0.1: {}
@ -7001,20 +7200,26 @@ snapshots:
optionalDependencies: optionalDependencies:
fsevents: 2.3.3 fsevents: 2.3.3
chromedriver@145.0.0: chromedriver@146.0.0:
dependencies: dependencies:
'@testim/chrome-version': 1.1.4 '@testim/chrome-version': 1.1.4
axios: 1.13.4 axios: 1.13.6
compare-versions: 6.1.1 compare-versions: 6.1.1
extract-zip: 2.0.1 extract-zip: 2.0.1
proxy-agent: 6.5.0 proxy-agent: 6.5.0
proxy-from-env: 1.1.0 proxy-from-env: 2.0.0
tcp-port-used: 1.0.2 tcp-port-used: 1.0.2
transitivePeerDependencies: transitivePeerDependencies:
- debug - debug
- supports-color - supports-color
optional: true optional: true
chromium-bidi@14.0.0(devtools-protocol@0.0.1566079):
dependencies:
devtools-protocol: 0.0.1566079
mitt: 3.0.1
zod: 3.25.76
ci-info@4.4.0: {} ci-info@4.4.0: {}
cjs-module-lexer@2.2.0: {} cjs-module-lexer@2.2.0: {}
@ -7114,14 +7319,20 @@ snapshots:
object-assign: 4.1.1 object-assign: 4.1.1
vary: 1.1.2 vary: 1.1.2
cosmiconfig@9.0.0:
dependencies:
env-paths: 2.2.1
import-fresh: 3.3.1
js-yaml: 4.1.1
parse-json: 5.2.0
cross-spawn@7.0.6: cross-spawn@7.0.6:
dependencies: dependencies:
path-key: 3.1.1 path-key: 3.1.1
shebang-command: 2.0.0 shebang-command: 2.0.0
which: 2.0.2 which: 2.0.2
data-uri-to-buffer@6.0.2: data-uri-to-buffer@6.0.2: {}
optional: true
data-view-buffer@1.0.2: data-view-buffer@1.0.2:
dependencies: dependencies:
@ -7185,7 +7396,6 @@ snapshots:
ast-types: 0.13.4 ast-types: 0.13.4
escodegen: 2.1.0 escodegen: 2.1.0
esprima: 4.0.1 esprima: 4.0.1
optional: true
delayed-stream@1.0.0: {} delayed-stream@1.0.0: {}
@ -7193,6 +7403,8 @@ snapshots:
detect-newline@3.1.0: {} detect-newline@3.1.0: {}
devtools-protocol@0.0.1566079: {}
dezalgo@1.0.4: dezalgo@1.0.4:
dependencies: dependencies:
asap: 2.0.6 asap: 2.0.6
@ -7254,7 +7466,8 @@ snapshots:
end-of-stream@1.4.5: end-of-stream@1.4.5:
dependencies: dependencies:
once: 1.4.0 once: 1.4.0
optional: true
env-paths@2.2.1: {}
error-ex@1.3.4: error-ex@1.3.4:
dependencies: dependencies:
@ -7378,7 +7591,6 @@ snapshots:
esutils: 2.0.3 esutils: 2.0.3
optionalDependencies: optionalDependencies:
source-map: 0.6.1 source-map: 0.6.1
optional: true
eslint-config-prettier@10.1.8(eslint@9.39.2): eslint-config-prettier@10.1.8(eslint@9.39.2):
dependencies: dependencies:
@ -7389,7 +7601,7 @@ snapshots:
eslint: 8.57.1 eslint: 8.57.1
eslint-plugin-react: 7.37.5(eslint@8.57.1) eslint-plugin-react: 7.37.5(eslint@8.57.1)
eslint-config-standard@17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@9.39.2))(eslint-plugin-promise@6.6.0(eslint@9.39.2))(eslint@8.57.1): eslint-config-standard@17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@8.57.1))(eslint-plugin-promise@6.6.0(eslint@8.57.1))(eslint@8.57.1):
dependencies: dependencies:
eslint: 8.57.1 eslint: 8.57.1
eslint-plugin-import: 2.32.0(eslint@8.57.1) eslint-plugin-import: 2.32.0(eslint@8.57.1)
@ -7630,6 +7842,12 @@ snapshots:
etag@1.8.1: {} etag@1.8.1: {}
events-universal@1.0.1:
dependencies:
bare-events: 2.8.2
transitivePeerDependencies:
- bare-abort-controller
execa@5.1.1: execa@5.1.1:
dependencies: dependencies:
cross-spawn: 7.0.6 cross-spawn: 7.0.6
@ -7710,12 +7928,13 @@ snapshots:
'@types/yauzl': 2.10.3 '@types/yauzl': 2.10.3
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
fast-deep-equal@3.1.3: {} fast-deep-equal@3.1.3: {}
fast-diff@1.3.0: {} fast-diff@1.3.0: {}
fast-fifo@1.3.2: {}
fast-json-stable-stringify@2.1.0: {} fast-json-stable-stringify@2.1.0: {}
fast-levenshtein@2.0.6: {} fast-levenshtein@2.0.6: {}
@ -7737,7 +7956,6 @@ snapshots:
fd-slicer@1.1.0: fd-slicer@1.1.0:
dependencies: dependencies:
pend: 1.2.0 pend: 1.2.0
optional: true
file-entry-cache@6.0.1: file-entry-cache@6.0.1:
dependencies: dependencies:
@ -7888,7 +8106,6 @@ snapshots:
get-stream@5.2.0: get-stream@5.2.0:
dependencies: dependencies:
pump: 3.0.3 pump: 3.0.3
optional: true
get-stream@6.0.1: {} get-stream@6.0.1: {}
@ -7905,7 +8122,6 @@ snapshots:
debug: 4.4.3(supports-color@5.5.0) debug: 4.4.3(supports-color@5.5.0)
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
glob-parent@5.1.2: glob-parent@5.1.2:
dependencies: dependencies:
@ -8005,7 +8221,6 @@ snapshots:
debug: 4.4.3(supports-color@5.5.0) debug: 4.4.3(supports-color@5.5.0)
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
https-proxy-agent@7.0.6: https-proxy-agent@7.0.6:
dependencies: dependencies:
@ -8013,7 +8228,6 @@ snapshots:
debug: 4.4.3(supports-color@5.5.0) debug: 4.4.3(supports-color@5.5.0)
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
human-signals@2.1.0: {} human-signals@2.1.0: {}
@ -8056,8 +8270,7 @@ snapshots:
hasown: 2.0.2 hasown: 2.0.2
side-channel: 1.1.0 side-channel: 1.1.0
ip-address@10.1.0: ip-address@10.1.0: {}
optional: true
ip-regex@4.3.0: ip-regex@4.3.0:
optional: true optional: true
@ -8664,7 +8877,7 @@ snapshots:
dependencies: dependencies:
jwk-to-pem: 2.0.7 jwk-to-pem: 2.0.7
optionalDependencies: optionalDependencies:
chromedriver: 145.0.0 chromedriver: 146.0.0
transitivePeerDependencies: transitivePeerDependencies:
- debug - debug
- supports-color - supports-color
@ -8745,8 +8958,7 @@ snapshots:
dependencies: dependencies:
yallist: 3.1.1 yallist: 3.1.1
lru-cache@7.18.3: lru-cache@7.18.3: {}
optional: true
make-dir@2.1.0: make-dir@2.1.0:
dependencies: dependencies:
@ -8816,6 +9028,8 @@ snapshots:
minipass@7.1.2: {} minipass@7.1.2: {}
mitt@3.0.1: {}
mkdirp@0.5.6: mkdirp@0.5.6:
dependencies: dependencies:
minimist: 1.2.8 minimist: 1.2.8
@ -8901,8 +9115,7 @@ snapshots:
negotiator@1.0.0: {} negotiator@1.0.0: {}
netmask@2.0.2: netmask@2.0.2: {}
optional: true
node-addon-api@8.5.0: {} node-addon-api@8.5.0: {}
@ -9063,13 +9276,11 @@ snapshots:
socks-proxy-agent: 8.0.5 socks-proxy-agent: 8.0.5
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
pac-resolver@7.0.1: pac-resolver@7.0.1:
dependencies: dependencies:
degenerator: 5.0.1 degenerator: 5.0.1
netmask: 2.0.2 netmask: 2.0.2
optional: true
package-json-from-dist@1.0.1: {} package-json-from-dist@1.0.1: {}
@ -9110,8 +9321,7 @@ snapshots:
path-to-regexp@8.3.0: {} path-to-regexp@8.3.0: {}
pend@1.2.0: pend@1.2.0: {}
optional: true
pg-cloudflare@1.3.0: pg-cloudflare@1.3.0:
optional: true optional: true
@ -9197,6 +9407,8 @@ snapshots:
ansi-styles: 5.2.0 ansi-styles: 5.2.0
react-is: 18.3.1 react-is: 18.3.1
progress@2.0.3: {}
prop-types@15.8.1: prop-types@15.8.1:
dependencies: dependencies:
loose-envify: 1.4.0 loose-envify: 1.4.0
@ -9222,20 +9434,55 @@ snapshots:
socks-proxy-agent: 8.0.5 socks-proxy-agent: 8.0.5
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
proxy-from-env@1.1.0: {} proxy-from-env@1.1.0: {}
proxy-from-env@2.0.0:
optional: true
pstree.remy@1.1.8: {} pstree.remy@1.1.8: {}
pump@3.0.3: pump@3.0.3:
dependencies: dependencies:
end-of-stream: 1.4.5 end-of-stream: 1.4.5
once: 1.4.0 once: 1.4.0
optional: true
punycode@2.3.1: {} punycode@2.3.1: {}
puppeteer-core@24.37.5:
dependencies:
'@puppeteer/browsers': 2.13.0
chromium-bidi: 14.0.0(devtools-protocol@0.0.1566079)
debug: 4.4.3(supports-color@5.5.0)
devtools-protocol: 0.0.1566079
typed-query-selector: 2.12.1
webdriver-bidi-protocol: 0.4.1
ws: 8.19.0
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- bufferutil
- react-native-b4a
- supports-color
- utf-8-validate
puppeteer@24.37.5:
dependencies:
'@puppeteer/browsers': 2.13.0
chromium-bidi: 14.0.0(devtools-protocol@0.0.1566079)
cosmiconfig: 9.0.0
devtools-protocol: 0.0.1566079
puppeteer-core: 24.37.5
typed-query-selector: 2.12.1
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- bufferutil
- react-native-b4a
- supports-color
- typescript
- utf-8-validate
pure-rand@7.0.1: {} pure-rand@7.0.1: {}
qs@6.14.1: qs@6.14.1:
@ -9401,6 +9648,8 @@ snapshots:
semver@7.7.3: {} semver@7.7.3: {}
semver@7.7.4: {}
send@1.2.1: send@1.2.1:
dependencies: dependencies:
debug: 4.4.3(supports-color@5.5.0) debug: 4.4.3(supports-color@5.5.0)
@ -9539,8 +9788,7 @@ snapshots:
slash@3.0.0: {} slash@3.0.0: {}
smart-buffer@4.2.0: smart-buffer@4.2.0: {}
optional: true
socks-proxy-agent@8.0.5: socks-proxy-agent@8.0.5:
dependencies: dependencies:
@ -9549,13 +9797,11 @@ snapshots:
socks: 2.8.7 socks: 2.8.7
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
optional: true
socks@2.8.7: socks@2.8.7:
dependencies: dependencies:
ip-address: 10.1.0 ip-address: 10.1.0
smart-buffer: 4.2.0 smart-buffer: 4.2.0
optional: true
source-map-support@0.5.13: source-map-support@0.5.13:
dependencies: dependencies:
@ -9591,7 +9837,7 @@ snapshots:
standard@17.1.2: standard@17.1.2:
dependencies: dependencies:
eslint: 8.57.1 eslint: 8.57.1
eslint-config-standard: 17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@9.39.2))(eslint-plugin-promise@6.6.0(eslint@9.39.2))(eslint@8.57.1) eslint-config-standard: 17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@8.57.1))(eslint-plugin-promise@6.6.0(eslint@8.57.1))(eslint@8.57.1)
eslint-config-standard-jsx: 11.0.0(eslint-plugin-react@7.37.5(eslint@8.57.1))(eslint@8.57.1) eslint-config-standard-jsx: 11.0.0(eslint-plugin-react@7.37.5(eslint@8.57.1))(eslint@8.57.1)
eslint-plugin-import: 2.32.0(eslint@8.57.1) eslint-plugin-import: 2.32.0(eslint@8.57.1)
eslint-plugin-n: 15.7.0(eslint@8.57.1) eslint-plugin-n: 15.7.0(eslint@8.57.1)
@ -9622,6 +9868,15 @@ snapshots:
streamsearch@1.1.0: {} streamsearch@1.1.0: {}
streamx@2.23.0:
dependencies:
events-universal: 1.0.1
fast-fifo: 1.3.2
text-decoder: 1.2.7
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
string-length@4.0.2: string-length@4.0.2:
dependencies: dependencies:
char-regex: 1.0.2 char-regex: 1.0.2
@ -9745,6 +10000,29 @@ snapshots:
dependencies: dependencies:
'@pkgr/core': 0.2.9 '@pkgr/core': 0.2.9
tar-fs@3.1.1:
dependencies:
pump: 3.0.3
tar-stream: 3.1.8
optionalDependencies:
bare-fs: 4.5.5
bare-path: 3.0.0
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- react-native-b4a
tar-stream@3.1.8:
dependencies:
b4a: 1.8.0
bare-fs: 4.5.5
fast-fifo: 1.3.2
streamx: 2.23.0
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- react-native-b4a
tcp-port-used@1.0.2: tcp-port-used@1.0.2:
dependencies: dependencies:
debug: 4.3.1 debug: 4.3.1
@ -9753,12 +10031,25 @@ snapshots:
- supports-color - supports-color
optional: true optional: true
teex@1.0.1:
dependencies:
streamx: 2.23.0
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
test-exclude@6.0.0: test-exclude@6.0.0:
dependencies: dependencies:
'@istanbuljs/schema': 0.1.3 '@istanbuljs/schema': 0.1.3
glob: 7.2.3 glob: 7.2.3
minimatch: 3.1.2 minimatch: 3.1.2
text-decoder@1.2.7:
dependencies:
b4a: 1.8.0
transitivePeerDependencies:
- react-native-b4a
text-table@0.2.0: {} text-table@0.2.0: {}
tmpl@1.0.5: {} tmpl@1.0.5: {}
@ -9846,6 +10137,8 @@ snapshots:
possible-typed-array-names: 1.1.0 possible-typed-array-names: 1.1.0
reflect.getprototypeof: 1.0.10 reflect.getprototypeof: 1.0.10
typed-query-selector@2.12.1: {}
typedarray@0.0.6: {} typedarray@0.0.6: {}
uid-safe@2.1.5: uid-safe@2.1.5:
@ -9942,6 +10235,8 @@ snapshots:
dependencies: dependencies:
makeerror: 1.0.12 makeerror: 1.0.12
webdriver-bidi-protocol@0.4.1: {}
webidl-conversions@7.0.0: {} webidl-conversions@7.0.0: {}
whatwg-url@14.2.0: whatwg-url@14.2.0:
@ -10019,6 +10314,8 @@ snapshots:
imurmurhash: 0.1.4 imurmurhash: 0.1.4
signal-exit: 4.1.0 signal-exit: 4.1.0
ws@8.19.0: {}
xdg-basedir@4.0.0: {} xdg-basedir@4.0.0: {}
xml@1.0.1: {} xml@1.0.1: {}
@ -10057,6 +10354,7 @@ snapshots:
dependencies: dependencies:
buffer-crc32: 0.2.13 buffer-crc32: 0.2.13
fd-slicer: 1.1.0 fd-slicer: 1.1.0
optional: true
yocto-queue@0.1.0: {} yocto-queue@0.1.0: {}
zod@3.25.76: {}

16
src/config.js
View File

@ -53,6 +53,22 @@ function loadConfig() {
); );
} }
// Ensure smtp config exists and override with env vars if available
if (!envConfig.smtp) {
envConfig.smtp = {};
}
if (process.env.SMTP_HOST) envConfig.smtp.host = process.env.SMTP_HOST;
if (process.env.SMTP_PORT) envConfig.smtp.port = parseInt(process.env.SMTP_PORT, 10);
if (process.env.SMTP_SECURE) envConfig.smtp.secure = process.env.SMTP_SECURE === 'true';
if (process.env.SMTP_USER || process.env.SMTP_PASS) {
envConfig.smtp.auth = {
...(envConfig.smtp.auth || {}),
...(process.env.SMTP_USER && { user: process.env.SMTP_USER }),
...(process.env.SMTP_PASS && { pass: process.env.SMTP_PASS }),
};
}
if (process.env.SMTP_FROM) envConfig.smtp.from = process.env.SMTP_FROM;
return envConfig; return envConfig;
} catch (err) { } catch (err) {
console.error('Error loading config:', err); console.error('Error loading config:', err);

3
src/index.js
View File

@ -2,7 +2,6 @@ import express from 'express';
import bodyParser from 'body-parser'; import bodyParser from 'body-parser';
import cors from 'cors'; import cors from 'cors';
import config from './config.js'; import config from './config.js';
import { expressSession, keycloak } from './keycloak.js';
import { dbConnect } from './database/mongo.js'; import { dbConnect } from './database/mongo.js';
import { import {
authRoutes, authRoutes,
@ -105,8 +104,6 @@ async function initializeApp() {
app.use(cors(corsOptions)); app.use(cors(corsOptions));
app.use(bodyParser.json({ type: 'application/json', strict: false, limit: '50mb' })); app.use(bodyParser.json({ type: 'application/json', strict: false, limit: '50mb' }));
app.use(express.json()); app.use(express.json());
app.use(expressSession);
app.use(keycloak.middleware());
app.use(populateUserMiddleware); app.use(populateUserMiddleware);
app.get('/', function (req, res) { app.get('/', function (req, res) {

131
src/keycloak.js
View File

@ -1,21 +1,20 @@
import Keycloak from 'keycloak-connect'; /**
import session from 'express-session'; * Authentication middleware - uses Redis session store.
* Keycloak is used only for login/refresh; session validation is done via Redis.
*/
import config, { getEnvironment } from './config.js'; import config, { getEnvironment } from './config.js';
import axios from 'axios';
import jwt from 'jsonwebtoken';
import log4js from 'log4js'; import log4js from 'log4js';
import NodeCache from 'node-cache'; import NodeCache from 'node-cache';
import { userModel } from './database/schemas/management/user.schema.js'; import { userModel } from './database/schemas/management/user.schema.js';
import { getObject } from './database/database.js'; import { getObject } from './database/database.js';
import { hostModel } from './database/schemas/management/host.schema.js'; import { hostModel } from './database/schemas/management/host.schema.js';
import { getSession, lookupUserByToken } from './services/misc/auth.js';
const logger = log4js.getLogger('Keycloak'); const logger = log4js.getLogger('Keycloak');
logger.level = config.server.logLevel || 'info'; logger.level = config.server.logLevel || 'info';
// Initialize NodeCache with 5-minute TTL const userCache = new NodeCache({ stdTTL: 300 });
const userCache = new NodeCache({ stdTTL: 300 }); // 300 seconds = 5 minutes
// Cache event listeners for monitoring
userCache.on('expired', (key, value) => { userCache.on('expired', (key, value) => {
logger.debug(`Cache entry expired: ${key}`); logger.debug(`Cache entry expired: ${key}`);
}); });
@ -24,22 +23,18 @@ userCache.on('flush', () => {
logger.info('Cache flushed'); logger.info('Cache flushed');
}); });
// User lookup function with caching
const lookupUser = async (preferredUsername) => { const lookupUser = async (preferredUsername) => {
try { try {
// Check cache first
const cachedUser = userCache.get(preferredUsername); const cachedUser = userCache.get(preferredUsername);
if (cachedUser) { if (cachedUser) {
logger.debug(`User found in cache: ${preferredUsername}`); logger.debug(`User found in cache: ${preferredUsername}`);
return cachedUser; return cachedUser;
} }
// If not in cache, query database
logger.debug(`User not in cache, querying database: ${preferredUsername}`); logger.debug(`User not in cache, querying database: ${preferredUsername}`);
const user = await userModel.findOne({ username: preferredUsername }); const user = await userModel.findOne({ username: preferredUsername });
if (user) { if (user) {
// Store in cache
userCache.set(preferredUsername, user); userCache.set(preferredUsername, user);
logger.debug(`User stored in cache: ${preferredUsername}`); logger.debug(`User stored in cache: ${preferredUsername}`);
return user; return user;
@ -53,71 +48,32 @@ const lookupUser = async (preferredUsername) => {
} }
}; };
// Initialize Keycloak /**
const keycloakConfig = { * Middleware to check if the user is authenticated.
realm: config.auth.keycloak.realm, * Supports: 1) Bearer token (Redis session), 2) Bearer token (email-render JWT for Puppeteer), 3) x-host-id + x-auth-code (host auth)
'auth-server-url': config.auth.keycloak.url, */
'ssl-required': getEnvironment() === 'production' ? 'external' : 'none',
resource: config.auth.keycloak.clientId,
'confidential-port': 0,
'bearer-only': true,
'public-client': false,
'use-resource-role-mappings': true,
'verify-token-audience': true,
credentials: {
secret: config.auth.keycloak.clientSecret,
},
};
const memoryStore = new session.MemoryStore();
var expressSession = session({
secret: config.auth.sessionSecret,
resave: false,
saveUninitialized: true, // Set this to true to ensure session is initialized
store: memoryStore,
cookie: {
maxAge: 1800000, // 30 minutes
},
});
var keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);
// Custom middleware to check if the user is authenticated
const isAuthenticated = async (req, res, next) => { const isAuthenticated = async (req, res, next) => {
let token = null;
const authHeader = req.headers.authorization || req.headers.Authorization; const authHeader = req.headers.authorization || req.headers.Authorization;
if (authHeader && authHeader.startsWith('Bearer ')) { if (authHeader && authHeader.startsWith('Bearer ')) {
token = authHeader.substring(7); const token = authHeader.substring(7);
try { try {
// Verify token with Keycloak introspection endpoint const session = await getSession(token);
const response = await axios.post( if (session && session.expiresAt > Date.now()) {
`${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/token/introspect`, req.user = session.user;
new URLSearchParams({ req.session = session;
token: token, return next();
client_id: config.auth.keycloak.clientId,
client_secret: config.auth.keycloak.clientSecret,
}),
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
}
);
const introspection = response.data;
if (!introspection.active) {
logger.info('Token is not active');
logger.debug('Token:', token);
return res.status(401).json({ error: 'Session Inactive', code: 'UNAUTHORIZED' });
} }
return next(); // Try email-render JWT (short-lived token for Puppeteer email notifications)
const user = await lookupUserByToken(token);
if (user) {
req.user = user;
req.session = { user };
return next();
}
} catch (error) { } catch (error) {
logger.error('Token verification error:', error.message); logger.error('Session lookup error:', error.message);
return res.status(401).json({ error: 'Verification Error', code: 'UNAUTHORIZED' });
} }
} }
@ -125,46 +81,14 @@ const isAuthenticated = async (req, res, next) => {
const authCode = req.headers['x-auth-code']; const authCode = req.headers['x-auth-code'];
if (hostId && authCode) { if (hostId && authCode) {
const host = await getObject({ model: hostModel, id: hostId }); const host = await getObject({ model: hostModel, id: hostId });
if (host && host.authCode == authCode) { if (host && host.authCode === authCode) {
return next();
}
} else {
return res.status(401).json({ error: 'Not Authenticated', code: 'UNAUTHORIZED' });
}
// Fallback to session-based authentication
if (req.session && req.session['keycloak-token']) {
const sessionToken = req.session['keycloak-token'];
if (sessionToken.expires_at > new Date().getTime()) {
return next(); return next();
} }
} }
logger.debug('Not authenticated', { hostId, authCode }, 'req.headers', req.headers);
return res.status(401).json({ error: 'Not Authenticated', code: 'UNAUTHORIZED' }); return res.status(401).json({ error: 'Not Authenticated', code: 'UNAUTHORIZED' });
}; };
// Helper function to extract roles from token
function extractRoles(token) {
const roles = [];
// Extract realm roles
if (token.realm_access && token.realm_access.roles) {
roles.push(...token.realm_access.roles);
}
// Extract client roles
if (token.resource_access) {
for (const client in token.resource_access) {
if (token.resource_access[client].roles) {
roles.push(...token.resource_access[client].roles.map((role) => `${client}:${role}`));
}
}
}
return roles;
}
// Cache management utility functions
const clearUserCache = () => { const clearUserCache = () => {
userCache.flushAll(); userCache.flushAll();
logger.info('User cache cleared'); logger.info('User cache cleared');
@ -180,11 +104,10 @@ const removeUserFromCache = (username) => {
}; };
export { export {
keycloak,
expressSession,
isAuthenticated, isAuthenticated,
lookupUser, lookupUser,
clearUserCache, clearUserCache,
getUserCacheStats, getUserCacheStats,
removeUserFromCache, removeUserFromCache,
getEnvironment,
}; };

151
src/mailworker.js Normal file
View File

@ -0,0 +1,151 @@
/**
* Worker thread for sending email notifications asynchronously.
* Receives payloads from the main thread and performs Puppeteer render + nodemailer send.
*/
import { parentPort } from 'worker_threads';
import puppeteer from 'puppeteer';
import nodemailer from 'nodemailer';
import log4js from 'log4js';
import config from './config.js';
const baseUrl = (urlClient) => (urlClient || 'http://localhost:3000').replace(/\/$/, '');
async function fetchAndInlineStyles(html, urlClient) {
const base = baseUrl(urlClient);
const linkMatches = [...html.matchAll(/<link[^>]+>/g)];
const stylesheetLinks = linkMatches
.map((m) => {
const tag = m[0];
if (!/rel=["']stylesheet["']/i.test(tag)) return null;
const hrefMatch = tag.match(/href=["']([^"']+)["']/);
return hrefMatch ? { tag, href: hrefMatch[1] } : null;
})
.filter(Boolean);
let inlined = html;
for (const { tag, href } of stylesheetLinks) {
const url = href.startsWith('http') ? href : `${base}${href.startsWith('/') ? '' : '/'}${href}`;
try {
const res = await fetch(url);
if (res.ok) {
const css = await res.text();
inlined = inlined.replace(tag, `<style>${css}</style>`);
}
} catch (e) {
logger.trace('Could not fetch stylesheet:', url, e.message);
}
}
return inlined;
}
const logger = log4js.getLogger('MailWorker');
logger.level = config.server.logLevel;
async function sendEmail(payload) {
const {
email,
title,
message,
type,
metadata,
smtpConfig,
urlClient,
createdAt,
updatedAt,
authCode,
} = payload;
if (!email || !smtpConfig?.host) {
logger.warn('Missing email or SMTP config, skipping...');
return;
}
const params = new URLSearchParams({
title: title || '',
message: message || '',
type: type || 'info',
email: email || '',
createdAt: createdAt || new Date(),
updatedAt: updatedAt || new Date(),
authCode: authCode || '',
metadata: JSON.stringify(metadata || {}),
});
const templateUrl = `${baseUrl(urlClient)}/email/notification?${params.toString()}`;
logger.debug('Rendering template...');
logger.trace('Template URL:', templateUrl);
let html = '';
let browser;
try {
browser = await puppeteer.launch({
headless: 'new',
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-features=SameSiteByDefaultCookies',
],
});
const page = await browser.newPage();
page.on('console', (msg) => {
const text = msg.text();
const type = msg.type();
logger.trace(`Puppeteer [${type}]: ${text}`);
});
await page.goto(templateUrl, { waitUntil: 'networkidle0', timeout: 30000 });
await page.waitForSelector('#email-notification-root[data-rendered="true"]', { timeout: 5000 });
// Wait for Ant Design CSS-in-JS to finish injecting styles
logger.debug('Waiting for 1.5 seconds for page to render...');
await new Promise((r) => setTimeout(r, 1500));
html = await page.evaluate(() => {
const root = document.getElementById('email-notification-root');
if (!root) return document.documentElement.outerHTML;
const origin = document.location.origin;
const styleTags = Array.from(document.querySelectorAll('style'))
.map((s) => s.outerHTML)
.join('\n');
const linkTags = Array.from(document.querySelectorAll('link[rel="stylesheet"]'))
.map((link) => {
const href = link.getAttribute('href');
const abs = href?.startsWith('http')
? href
: `${origin}${href?.startsWith('/') ? '' : '/'}${href || ''}`;
return `<link rel="stylesheet" href="${abs}">`;
})
.join('\n');
return `<!DOCTYPE html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">${styleTags}${linkTags}</head><body>${root.outerHTML}</body></html>`;
});
html = await fetchAndInlineStyles(html, urlClient);
} catch (err) {
logger.error('MailWorker: Puppeteer error', err.message);
html = `<div style="font-family:sans-serif;padding:20px"><h2>${title || 'Notification'}</h2><p>${message || ''}</p></div>`;
} finally {
if (browser) await browser.close();
}
const transporter = nodemailer.createTransport({
host: smtpConfig.host,
port: smtpConfig.port || 587,
secure: smtpConfig.secure || false,
auth: smtpConfig.auth?.user ? smtpConfig.auth : undefined,
});
const subject = title ? `${title} - FarmControl` : 'FarmControl Notification';
const mailOptions = {
from: smtpConfig.from || 'FarmControl <noreply@tombutcher.work>',
to: email,
subject: subject,
html,
};
logger.debug('Sending email...');
logger.trace('Mail options:', mailOptions);
const info = await transporter.sendMail(mailOptions);
logger.debug('Email sent successfully.');
}
parentPort.on('message', (payload) => {
sendEmail(payload).catch((err) => {
logger.error('MailWorker: send failed', err.message);
});
});

459
src/services/misc/auth.js
View File

@ -1,5 +1,4 @@
import config from '../../config.js'; import config from '../../config.js';
import { keycloak } from '../../keycloak.js';
import log4js from 'log4js'; import log4js from 'log4js';
import axios from 'axios'; import axios from 'axios';
import { userModel } from '../../database/schemas/management/user.schema.js'; import { userModel } from '../../database/schemas/management/user.schema.js';
@ -7,14 +6,20 @@ import { readFileSync } from 'fs';
import { resolve } from 'path'; import { resolve } from 'path';
import NodeCache from 'node-cache'; import NodeCache from 'node-cache';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';
import { getAndConsumeEmailRenderTokenData } from './emailRenderAuth.js';
import {
createSession,
getSession,
updateSessionKeycloakTokens,
deleteSession,
} from './sessionStore.js';
const logger = log4js.getLogger('Auth'); const logger = log4js.getLogger('Auth');
logger.level = config.server.logLevel; logger.level = config.server.logLevel;
// Initialize NodeCache with 5-minute TTL for token-based user lookup // Initialize NodeCache with 5-minute TTL for token-based user lookup (email render tokens)
const tokenUserCache = new NodeCache({ stdTTL: 300 }); // 300 seconds = 5 minutes const tokenUserCache = new NodeCache({ stdTTL: 300 });
// Cache event listeners for monitoring
tokenUserCache.on('expired', (key, value) => { tokenUserCache.on('expired', (key, value) => {
logger.debug(`Token user cache entry expired: ${key.substring(0, 20)}...`); logger.debug(`Token user cache entry expired: ${key.substring(0, 20)}...`);
}); });
@ -25,32 +30,24 @@ tokenUserCache.on('flush', () => {
const loginTokenRequests = new Map(); const loginTokenRequests = new Map();
// Token-based user lookup function with caching // Lookup user by email-render JWT token (short-lived, for Puppeteer)
const lookupUserByToken = async (token) => { const lookupUserByEmailRenderToken = async (token) => {
try { try {
// Check cache first
const cachedUser = tokenUserCache.get(token); const cachedUser = tokenUserCache.get(token);
if (cachedUser) { if (cachedUser) {
logger.trace(`User found in token cache for token: ${token.substring(0, 20)}...`); logger.trace(`User found in token cache for token: ${token.substring(0, 20)}...`);
return cachedUser; return cachedUser;
} }
// If not in cache, decode token and lookup user const decodedToken = jwt.verify(token, config.auth.sessionSecret);
logger.trace(`User not in token cache, decoding token: ${token.substring(0, 20)}...`);
const decodedToken = jwt.decode(token);
if (!decodedToken || !decodedToken.preferred_username) { if (!decodedToken || !decodedToken.preferred_username) {
logger.trace('Invalid token or missing preferred_username'); logger.trace('Invalid token or missing preferred_username');
return null; return null;
} }
// Query database for user
const user = await userModel.findOne({ username: decodedToken.preferred_username }); const user = await userModel.findOne({ username: decodedToken.preferred_username });
if (user) { if (user) {
// Store in cache using token as key
tokenUserCache.set(token, user); tokenUserCache.set(token, user);
logger.trace(`User stored in token cache for token: ${token.substring(0, 20)}...`);
return user; return user;
} }
@ -62,7 +59,6 @@ const lookupUserByToken = async (token) => {
} }
}; };
// Cache management utility functions
const clearTokenUserCache = () => { const clearTokenUserCache = () => {
tokenUserCache.flushAll(); tokenUserCache.flushAll();
logger.info('Token user cache cleared'); logger.info('Token user cache cleared');
@ -77,66 +73,53 @@ const removeUserFromTokenCache = (token) => {
logger.debug(`User removed from token cache for token: ${token.substring(0, 20)}...`); logger.debug(`User removed from token cache for token: ${token.substring(0, 20)}...`);
}; };
// Login handler // Login handler - redirect to Keycloak
export const loginRouteHandler = (req, res, redirectType = 'web') => { export const loginRouteHandler = (req, res, redirectType = 'web') => {
// Get the redirect URL from form data or default to production overview
const redirectUrl = req.query.redirect_uri || '/production/overview'; const redirectUrl = req.query.redirect_uri || '/production/overview';
// Store the original URL to redirect after login
const authUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/auth`; const authUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/auth`;
const callBackState = `/auth/${redirectType}/callback`; const callBackState = `/auth/${redirectType}/callback`;
const callbackUrl = `${config.app.urlApi}${callBackState}`; const callbackUrl = `${config.app.urlApi}${callBackState}`;
const state = encodeURIComponent(redirectUrl); const state = encodeURIComponent(redirectUrl);
logger.warn(req.query.redirect_uri);
res.redirect( res.redirect(
`${authUrl}?client_id=${config.auth.keycloak.clientId}&redirect_uri=${callbackUrl}&response_type=code&scope=openid&state=${state}` `${authUrl}?client_id=${config.auth.keycloak.clientId}&redirect_uri=${callbackUrl}&response_type=code&scope=openid&state=${state}`
); );
}; };
// Function to fetch user from Keycloak and store in database and session // Fetch user from Keycloak and create/update in database
const fetchAndStoreUser = async (req, token) => { const fetchAndStoreUser = async (keycloakTokenData) => {
const userInfoUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/userinfo`; const userInfoUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/userinfo`;
try { const response = await axios.post(
const response = await axios.post( userInfoUrl,
userInfoUrl, new URLSearchParams({
new URLSearchParams({ client_id: config.auth.keycloak.clientId,
client_id: config.auth.keycloak.clientId, client_secret: config.auth.keycloak.clientSecret,
client_secret: config.auth.keycloak.clientSecret, }),
}), {
{ headers: {
headers: { Authorization: `Bearer ${keycloakTokenData.access_token}`,
Authorization: `Bearer ${token.access_token}`, },
}, }
} );
);
const userInfo = { const decoded = jwt.decode(keycloakTokenData.access_token);
roles: token.realm_access?.roles || [], const roles = decoded?.realm_access?.roles || [];
username: response.data.preferred_username,
email: response.data.email,
name: response.data.name,
firstName: response.data.given_name,
lastName: response.data.family_name,
};
// Create or update user in database const userInfo = {
const user = await createOrUpdateUser(userInfo); roles,
const fullUserInfo = { ...userInfo, _id: user._id }; username: response.data.preferred_username,
email: response.data.email,
name: response.data.name,
firstName: response.data.given_name,
lastName: response.data.family_name,
};
// Store user info in session const user = await createOrUpdateUser(userInfo);
req.session.user = fullUserInfo; return { ...userInfo, _id: user._id };
return fullUserInfo;
} catch (error) {
logger.error('Error fetching and storing user:', error);
throw error;
}
}; };
// Function to exchange authorization code for tokens, fetch user, and set session // Exchange auth code for tokens, create Redis session, return our session token to client
export const loginTokenRouteHandler = async (req, res, redirectType = 'web') => { export const loginTokenRouteHandler = async (req, res, redirectType = 'web') => {
const code = req.query.code; const code = req.query.code;
if (!code) { if (!code) {
@ -144,13 +127,18 @@ export const loginTokenRouteHandler = async (req, res, redirectType = 'web') =>
} }
try { try {
// If a request for this code is already in progress, wait for it // Check for temporary email render auth code (30s TTL for Puppeteer)
const emailRenderData = getAndConsumeEmailRenderTokenData(code);
if (emailRenderData) {
logger.debug('Exchanged email render auth code for token');
return res.status(200).json(emailRenderData);
}
if (loginTokenRequests.has(code)) { if (loginTokenRequests.has(code)) {
const tokenData = await loginTokenRequests.get(code); const tokenData = await loginTokenRequests.get(code);
return res.status(200).json(tokenData); return res.status(200).json(tokenData);
} }
// Otherwise, start the request and store the promise
const tokenPromise = (async () => { const tokenPromise = (async () => {
const callBackState = `/auth/${redirectType}/callback`; const callBackState = `/auth/${redirectType}/callback`;
const callbackUrl = `${config.app.urlApi}${callBackState}`; const callbackUrl = `${config.app.urlApi}${callBackState}`;
@ -171,35 +159,41 @@ export const loginTokenRouteHandler = async (req, res, redirectType = 'web') =>
}, },
} }
); );
const tokenData = {
const keycloakTokenData = {
access_token: response.data.access_token, access_token: response.data.access_token,
refresh_token: response.data.refresh_token, refresh_token: response.data.refresh_token,
id_token: response.data.id_token, id_token: response.data.id_token,
expires_at: new Date().getTime() + response.data.expires_in * 1000, expires_at: new Date().getTime() + response.data.expires_in * 1000,
}; };
req.session['keycloak-token'] = tokenData; const userData = await fetchAndStoreUser(keycloakTokenData);
// Fetch and store user data, set session
const userData = await fetchAndStoreUser(req, tokenData);
const userAndTokenData = { ...tokenData, ...userData };
return userAndTokenData; // Create Redis session with our own token
const { sessionToken, expiresAt } = await createSession({
user: userData,
keycloakTokens: keycloakTokenData,
});
// Return our session token to client (UI expects access_token, expires_at, user)
return {
access_token: sessionToken,
expires_at: expiresAt,
...userData,
};
})(); })();
loginTokenRequests.set(code, tokenPromise); loginTokenRequests.set(code, tokenPromise);
const userAndTokenData = await tokenPromise; const userAndTokenData = await tokenPromise;
res.status(200).json(userAndTokenData); res.status(200).json(userAndTokenData);
} catch (err) { } catch (err) {
var error = err?.response?.data?.error_description || err.message; const error = err?.response?.data?.error_description || err.message;
res.status(err?.status || 500).json({ error: error }); res.status(err?.response?.status || 500).json({ error: error });
} }
}; };
// Login callback handler // Login callback - redirect to client with auth code
export const loginCallbackRouteHandler = async (req, res, redirectType = 'web') => { export const loginCallbackRouteHandler = async (req, res, redirectType = 'web') => {
// Don't use keycloak.protect() here as it expects an already authenticated session
// Extract the code and state from the query parameters
const code = req.query.code; const code = req.query.code;
const state = req.query.state || '/production/overview'; const state = req.query.state || '/production/overview';
@ -207,7 +201,7 @@ export const loginCallbackRouteHandler = async (req, res, redirectType = 'web')
return res.status(400).send('Authorization code missing'); return res.status(400).send('Authorization code missing');
} }
var appUrl; let appUrl;
switch (redirectType) { switch (redirectType) {
case 'web': case 'web':
appUrl = config.app.urlClient; appUrl = config.app.urlClient;
@ -222,45 +216,37 @@ export const loginCallbackRouteHandler = async (req, res, redirectType = 'web')
appUrl = config.app.urlClient; appUrl = config.app.urlClient;
break; break;
} }
const redirectUriRaw = `${appUrl}${state}`; const redirectUriRaw = `${appUrl}${state}`;
let redirectUri; let redirectUri;
try { try {
// Try to parse as a URL (works for http/https)
const url = new URL(redirectUriRaw); const url = new URL(redirectUriRaw);
url.searchParams.set('authCode', code); url.searchParams.set('authCode', code);
redirectUri = url.toString(); redirectUri = url.toString();
} catch (e) { } catch (e) {
// Fallback for custom schemes (e.g., farmcontrol://app)
if (redirectUriRaw.includes('?')) { if (redirectUriRaw.includes('?')) {
redirectUri = `${redirectUriRaw}&authCode=${encodeURIComponent(code)}`; redirectUri = `${redirectUriRaw}&authCode=${encodeURIComponent(code)}`;
} else { } else {
redirectUri = `${redirectUriRaw}?authCode=${encodeURIComponent(code)}`; redirectUri = `${redirectUriRaw}?authCode=${encodeURIComponent(code)}`;
} }
} }
// Save session and redirect to the original URL
req.session.save(async () => { if (redirectType === 'app-scheme') {
if (redirectType == 'app-scheme') { const templatePath = resolve(process.cwd(), 'src/services/misc/applaunch.html');
// Read HTML template and inject redirectUri let html = readFileSync(templatePath, 'utf8');
const templatePath = resolve(process.cwd(), 'src/services/misc/applaunch.html'); html = html.replace('__REDIRECT_URI__', redirectUri);
let html = readFileSync(templatePath, 'utf8'); res.send(html);
html = html.replace('__REDIRECT_URI__', redirectUri); } else {
res.send(html); res.redirect(redirectUri);
} else { }
res.redirect(redirectUri);
}
});
}; };
// Function to create or update user
const createOrUpdateUser = async (userInfo) => { const createOrUpdateUser = async (userInfo) => {
try { try {
const { username, email, name, firstName, lastName } = userInfo; const { username, email, name, firstName, lastName } = userInfo;
// Find existing user by username
const existingUser = await userModel.findOne({ username }); const existingUser = await userModel.findOne({ username });
if (existingUser) { if (existingUser) {
// Check if any values have changed
const hasChanges = const hasChanges =
existingUser.email !== email || existingUser.email !== email ||
existingUser.name !== name || existingUser.name !== name ||
@ -268,35 +254,32 @@ const createOrUpdateUser = async (userInfo) => {
existingUser.lastName !== lastName; existingUser.lastName !== lastName;
if (hasChanges) { if (hasChanges) {
// Update existing user only if there are changes await userModel.updateOne(
const updateData = { { username },
email, {
name, $set: {
firstName, email,
lastName, name,
updatedAt: new Date(), firstName,
}; lastName,
updatedAt: new Date(),
await userModel.updateOne({ username }, { $set: updateData }); },
}
// Fetch the updated user to return );
return await userModel.findOne({ username }); return await userModel.findOne({ username });
} }
return existingUser; return existingUser;
} else {
// Create new user
const newUser = new userModel({
username,
email,
name,
firstName,
lastName,
});
await newUser.save();
return newUser;
} }
const newUser = new userModel({
username,
email,
name,
firstName,
lastName,
});
await newUser.save();
return newUser;
} catch (error) { } catch (error) {
logger.error('Error creating/updating user:', error); logger.error('Error creating/updating user:', error);
throw error; throw error;
@ -304,65 +287,98 @@ const createOrUpdateUser = async (userInfo) => {
}; };
export const userRouteHandler = (req, res) => { export const userRouteHandler = (req, res) => {
if (req.session && req.session.user) { if (req.user) {
res.json(req.session.user); const authHeader = req.headers.authorization || req.headers.Authorization;
} else { const token = authHeader?.startsWith('Bearer ') ? authHeader.substring(7) : null;
res.status(401).json({ error: 'Not authenticated' }); return res.json({
access_token: token,
expires_at: req.session?.expiresAt,
user: req.user,
});
} }
res.status(401).json({ error: 'Not authenticated' });
}; };
// Logout handler // Logout - delete session from Redis, redirect to Keycloak logout
export const logoutRouteHandler = (req, res) => { export const logoutRouteHandler = async (req, res) => {
// Get the redirect URL from query or default to login page
const redirectUrl = req.query.redirect_uri || '/login'; const redirectUrl = req.query.redirect_uri || '/login';
// Destroy the session const authHeader = req.headers.authorization || req.headers.Authorization;
req.session.destroy((err) => { if (authHeader && authHeader.startsWith('Bearer ')) {
if (err) { const token = authHeader.substring(7);
logger.error('Error destroying session:', err); try {
return res.status(500).json({ error: 'Failed to logout' }); await deleteSession(token);
} catch (err) {
logger.error('Error deleting session:', err);
}
}
const logoutUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/logout`;
const encodedRedirectUri = encodeURIComponent(`${config.app.urlClient}${redirectUrl}`);
res.redirect(
`${logoutUrl}?client_id=${config.auth.keycloak.clientId}&post_logout_redirect_uri=${encodedRedirectUri}`
);
};
// Middleware: require valid session token
export const validateTokenMiddleware = async (req, res, next) => {
const authHeader = req.headers.authorization || req.headers.Authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
logger.debug('No auth header or not bearer token');
return res.status(401).json({ error: 'Not authenticated', code: 'UNAUTHORIZED' });
}
const token = authHeader.substring(7);
const session = await getSession(token);
if (!session) {
logger.debug('Session not found');
return res.status(401).json({ error: 'Session invalid or expired', code: 'UNAUTHORIZED' });
}
req.user = session.user;
req.session = session;
next();
};
// Middleware: require specific role
export const hasRole = (role) => {
return async (req, res, next) => {
const authHeader = req.headers.authorization || req.headers.Authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Not authenticated', code: 'UNAUTHORIZED' });
} }
// Construct the Keycloak logout URL with the redirect URI const token = authHeader.substring(7);
const logoutUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/logout`; const session = await getSession(token);
const encodedRedirectUri = encodeURIComponent(`${config.app.urlClient}${redirectUrl}`); if (!session) {
return res.status(401).json({ error: 'Session invalid or expired', code: 'UNAUTHORIZED' });
}
// Redirect to Keycloak logout with the redirect URI const roles = session.user?.roles || [];
res.redirect( if (!roles.includes(role)) {
`${logoutUrl}?client_id=${config.auth.keycloak.clientId}&post_logout_redirect_uri=${encodedRedirectUri}` return res.status(403).json({ error: 'Forbidden', code: 'FORBIDDEN' });
); }
});
req.user = session.user;
req.session = session;
next();
};
}; };
// Token validation - protected route middleware
export const validateTokenMiddleware = keycloak.protect();
// Check if user has a specific role
export const hasRole = (role) => {
return keycloak.protect((token) => {
return token && token.hasRole(role);
});
};
// Get user info from the token
export const getUserInfoHandler = (req, res) => { export const getUserInfoHandler = (req, res) => {
if (req.kauth && req.kauth.grant) { if (req.user) {
const token = req.kauth.grant.access_token;
const userInfo = { const userInfo = {
id: token.content.sub, id: req.user._id,
email: token.content.email, email: req.user.email,
name: name: req.user.name || `${req.user.firstName || ''} ${req.user.lastName || ''}`.trim(),
token.content.name || roles: req.user.roles || [],
`${token.content.given_name || ''} ${token.content.family_name || ''}`.trim(),
roles: token.content.realm_access?.roles || [],
}; };
return res.json(userInfo); return res.json(userInfo);
} }
return res.status(401).json({ error: 'Not authenticated' }); res.status(401).json({ error: 'Not authenticated' });
}; };
// Register route - Since we're using Keycloak, registration should be handled there
// This endpoint will redirect to Keycloak's registration page
export const registerRouteHandler = (req, res) => { export const registerRouteHandler = (req, res) => {
const registrationUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/registrations`; const registrationUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/registrations`;
const redirectUri = encodeURIComponent(config.app.urlClient + '/auth/login'); const redirectUri = encodeURIComponent(config.app.urlClient + '/auth/login');
@ -372,8 +388,7 @@ export const registerRouteHandler = (req, res) => {
); );
}; };
// Forgot password handler - redirect to Keycloak's reset password page export const forgotPasswordRouteHandler = (req, res, _email) => {
export const forgotPasswordRouteHandler = (req, res) => {
const resetUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/login-actions/reset-credentials`; const resetUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/login-actions/reset-credentials`;
const redirectUri = encodeURIComponent(config.app.urlClient + '/auth/login'); const redirectUri = encodeURIComponent(config.app.urlClient + '/auth/login');
@ -382,76 +397,80 @@ export const forgotPasswordRouteHandler = (req, res) => {
); );
}; };
// Refresh token handler // Refresh token - use Bearer token to find session, refresh via Keycloak, update Redis
export const refreshTokenRouteHandler = (req, res) => { export const refreshTokenRouteHandler = async (req, res) => {
if ( const authHeader = req.headers.authorization || req.headers.Authorization;
!req.session || if (!authHeader || !authHeader.startsWith('Bearer ')) {
!req.session['keycloak-token'] || return res.status(401).json({ error: 'No session token provided' });
!req.session['keycloak-token'].refresh_token }
) {
const sessionToken = authHeader.substring(7);
const session = await getSession(sessionToken);
if (!session || !session.keycloakTokens?.refresh_token) {
return res.status(401).json({ error: 'No refresh token available' }); return res.status(401).json({ error: 'No refresh token available' });
} }
const refreshToken = req.session['keycloak-token'].refresh_token;
const tokenUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/token`; const tokenUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/token`;
axios try {
.post( const response = await axios.post(
tokenUrl, tokenUrl,
new URLSearchParams({ new URLSearchParams({
grant_type: 'refresh_token', grant_type: 'refresh_token',
client_id: config.auth.keycloak.clientId, client_id: config.auth.keycloak.clientId,
client_secret: config.auth.keycloak.clientSecret, client_secret: config.auth.keycloak.clientSecret,
refresh_token: refreshToken, refresh_token: session.keycloakTokens.refresh_token,
}).toString(), }).toString(),
{ {
headers: { headers: {
'Content-Type': 'application/x-www-form-urlencoded', 'Content-Type': 'application/x-www-form-urlencoded',
}, },
} }
) );
.then((response) => {
// Update session with new tokens
req.session['keycloak-token'] = {
...req.session['keycloak-token'],
access_token: response.data.access_token,
refresh_token: response.data.refresh_token,
expires_at: new Date().getTime() + response.data.expires_in * 1000,
};
// Save session and return new token info const keycloakTokenData = {
req.session.save(() => { access_token: response.data.access_token,
res.json({ refresh_token: response.data.refresh_token,
access_token: response.data.access_token, id_token: response.data.id_token,
expires_at: req.session['keycloak-token'].expires_at, expires_at: new Date().getTime() + response.data.expires_in * 1000,
}); };
});
})
.catch((error) => {
logger.error('Token refresh error:', error.response?.data || error.message);
// If refresh token is invalid, clear the session await updateSessionKeycloakTokens(sessionToken, keycloakTokenData);
if (error.response?.status === 400) {
req.session.destroy();
}
res.status(500).json({ error: 'Failed to refresh token' }); res.json({
access_token: sessionToken,
expires_at: keycloakTokenData.expires_at,
}); });
} catch (error) {
logger.error('Token refresh error:', error.response?.data || error.message);
if (error.response?.status === 400) {
await deleteSession(sessionToken);
}
res.status(500).json({ error: 'Failed to refresh token' });
}
}; };
// Middleware to populate req.user from session or token // Middleware to populate req.user from Bearer token (Redis session or email-render JWT)
export const populateUserMiddleware = async (req, res, next) => { export const populateUserMiddleware = async (req, res, next) => {
const authHeader = req.headers.authorization || req.headers.Authorization; const authHeader = req.headers.authorization || req.headers.Authorization;
if (authHeader && authHeader.startsWith('Bearer ')) { if (authHeader && authHeader.startsWith('Bearer ')) {
const token = authHeader.substring(7); const token = authHeader.substring(7);
try { try {
// Use token-based cache to lookup user // 1. Try Redis session first
const user = await lookupUserByToken(token); const session = await getSession(token);
if (session) {
req.user = session.user;
req.session = session;
return next();
}
// 2. Try email-render JWT (short-lived)
const user = await lookupUserByEmailRenderToken(token);
if (user) { if (user) {
req.user = user; req.user = user;
// Also set session user for compatibility
req.session.user = user;
return next(); return next();
} }
} catch (error) { } catch (error) {
@ -459,40 +478,14 @@ export const populateUserMiddleware = async (req, res, next) => {
} }
} }
// Fallback to session-based authentication req.user = null;
if (req.session && req.session.user) {
req.user = req.session.user;
} else {
req.user = null;
}
next(); next();
}; };
// Export cache management functions export {
export { lookupUserByToken, clearTokenUserCache, getTokenUserCacheStats, removeUserFromTokenCache }; lookupUserByEmailRenderToken as lookupUserByToken,
clearTokenUserCache,
// Example of how to set up your routes in Express getTokenUserCacheStats,
/* removeUserFromTokenCache,
import express from "express"; getSession,
const app = express(); };
// Apply session middleware
app.use(sessionMiddleware);
// Initialize Keycloak middleware
app.use(keycloak.middleware());
// Set up routes
app.get('/auth/login', loginRouteHandler);
app.get('/auth/logout', logoutRouteHandler);
app.get('/auth/register', registerRouteHandler);
app.get('/auth/forgot-password', forgotPasswordRouteHandler);
// Protected route example
app.get('/api/profile', validateTokenMiddleware, getUserInfoHandler);
// Admin-only route example
app.get('/api/admin', hasRole('admin'), (req, res) => {
res.json({ message: 'Admin access granted' });
});
*/

58
src/services/misc/emailRenderAuth.js Normal file
View File

@ -0,0 +1,58 @@
/**
* Temporary 30-second auth for email render (Puppeteer).
* Isolated from auth.js to avoid circular dependency with utils.js -> auth.js -> keycloak.js -> database.js -> utils.js
*/
import config from '../../config.js';
import crypto from 'crypto';
import jwt from 'jsonwebtoken';
import NodeCache from 'node-cache';
import log4js from 'log4js';
const logger = log4js.getLogger('EmailRenderAuth');
logger.level = config.server?.logLevel || 'info';
const EMAIL_RENDER_TTL = 30;
const emailRenderAuthCache = new NodeCache({ stdTTL: EMAIL_RENDER_TTL });
/**
* Creates a temporary auth code for email render (Puppeteer) with 30-second TTL.
* The UI exchanges this code via getLoginToken to establish a brief session for rendering.
* @param {Object} userDoc - User document (must have username, email, _id, etc.)
* @returns {string} authCode to pass in URL query params
*/
export const createEmailRenderAuthCode = (userDoc) => {
const authCode = crypto.randomBytes(32).toString('hex');
const expiresAt = Date.now() + EMAIL_RENDER_TTL * 1000;
const accessToken = jwt.sign(
{ preferred_username: userDoc.username },
config.auth.sessionSecret,
{ expiresIn: EMAIL_RENDER_TTL }
);
const tokenData = {
access_token: accessToken,
expires_at: expiresAt,
_id: userDoc._id,
username: userDoc.username,
email: userDoc.email,
name: userDoc.name,
firstName: userDoc.firstName,
lastName: userDoc.lastName,
};
emailRenderAuthCache.set(authCode, tokenData);
logger.debug(`Created email render auth code (TTL ${EMAIL_RENDER_TTL}s) for user ${userDoc.username}`);
return authCode;
};
/**
* Exchanges an email render auth code for token data. Consumes the code (one-time use).
* @param {string} code - The auth code from URL query
* @returns {Object|null} Token data or null if invalid/expired
*/
export const getAndConsumeEmailRenderTokenData = (code) => {
const data = emailRenderAuthCache.get(code);
if (data) {
emailRenderAuthCache.del(code);
return data;
}
return null;
};

4
src/services/misc/notes.js
View File

@ -13,6 +13,7 @@ import {
getModelHistory, getModelHistory,
} from '../../database/database.js'; } from '../../database/database.js';
import mongoose from 'mongoose'; import mongoose from 'mongoose';
import { newNoteNotification } from '../../utils.js';
const logger = log4js.getLogger('Notes'); const logger = log4js.getLogger('Notes');
logger.level = config.server.logLevel; logger.level = config.server.logLevel;
@ -127,6 +128,9 @@ export const newNoteRouteHandler = async (req, res) => {
newData, newData,
user: req.user, user: req.user,
}); });
await newNoteNotification({ ...result, ...newData }, req.user);
if (result.error) { if (result.error) {
logger.error('No note created:', result.error); logger.error('No note created:', result.error);
return res.status(result.code).send(result); return res.status(result.code).send(result);

127
src/services/misc/sessionStore.js Normal file
View File

@ -0,0 +1,127 @@
/**
* Redis-backed session store.
* Sessions are created after Keycloak authentication. We generate our own session tokens
* and use Redis as the source of truth. Keycloak tokens are stored for refresh.
*/
import crypto from 'crypto';
import log4js from 'log4js';
import config from '../../config.js';
import { redisServer } from '../../database/redis.js';
const logger = log4js.getLogger('SessionStore');
logger.level = config.server.logLevel;
const SESSION_KEY_PREFIX = 'session:';
/**
* Generate a cryptographically secure session token
*/
function generateSessionToken() {
return crypto.randomBytes(32).toString('hex');
}
/**
* Get TTL in seconds from expiresAt timestamp
*/
function getTtlSeconds(expiresAt) {
const now = Date.now();
const ttlMs = expiresAt - now;
return Math.max(Math.ceil(ttlMs / 1000), 60); // minimum 60 seconds
}
/**
* Create a new session in Redis after Keycloak authentication
* @param {Object} params
* @param {Object} params.user - User object (from createOrUpdateUser)
* @param {Object} params.keycloakTokens - { access_token, refresh_token, id_token, expires_at }
* @returns {{ sessionToken: string, expiresAt: number }}
*/
export async function createSession({ user, keycloakTokens }) {
const sessionToken = generateSessionToken();
const expiresAt = keycloakTokens.expires_at;
const sessionData = {
sessionToken,
user: userToSessionUser(user),
keycloakTokens: {
access_token: keycloakTokens.access_token,
refresh_token: keycloakTokens.refresh_token,
id_token: keycloakTokens.id_token,
expires_at: keycloakTokens.expires_at,
},
expiresAt,
};
const key = SESSION_KEY_PREFIX + sessionToken;
const ttlSeconds = getTtlSeconds(expiresAt);
await redisServer.setKey(key, sessionData, ttlSeconds);
logger.debug(`Created session for user ${user.username}, expires in ${ttlSeconds}s`);
return { sessionToken, expiresAt };
}
/**
* Get session by token. Returns null if not found or expired.
*/
export async function getSession(sessionToken) {
if (!sessionToken) return null;
const key = SESSION_KEY_PREFIX + sessionToken;
const session = await redisServer.getKey(key);
if (!session) return null;
if (session.expiresAt && session.expiresAt <= Date.now()) {
await redisServer.deleteKey(key);
return null;
}
return session;
}
/**
* Update session with new Keycloak tokens (after refresh)
*/
export async function updateSessionKeycloakTokens(sessionToken, keycloakTokens) {
const session = await getSession(sessionToken);
if (!session) return null;
const updatedSession = {
...session,
keycloakTokens: {
access_token: keycloakTokens.access_token,
refresh_token: keycloakTokens.refresh_token,
id_token: keycloakTokens.id_token || session.keycloakTokens?.id_token,
expires_at: keycloakTokens.expires_at,
},
expiresAt: keycloakTokens.expires_at,
};
const key = SESSION_KEY_PREFIX + sessionToken;
const ttlSeconds = getTtlSeconds(keycloakTokens.expires_at);
await redisServer.setKey(key, updatedSession, ttlSeconds);
return updatedSession;
}
/**
* Delete a session (logout)
*/
export async function deleteSession(sessionToken) {
if (!sessionToken) return;
const key = SESSION_KEY_PREFIX + sessionToken;
await redisServer.deleteKey(key);
logger.debug(`Deleted session for token ${sessionToken.substring(0, 12)}...`);
}
/**
* Normalize user object for session storage (ensure _id is serializable for Redis)
*/
function userToSessionUser(user) {
if (!user) return null;
const u = { ...user };
if (u._id && typeof u._id === 'object' && u._id.toString) {
u._id = u._id;
}
return JSON.parse(JSON.stringify(u));
}

120
src/utils.js
View File

@ -2,6 +2,7 @@ import { mongoose } from 'mongoose';
import { auditLogModel } from './database/schemas/management/auditlog.schema.js'; import { auditLogModel } from './database/schemas/management/auditlog.schema.js';
import { notificationModel } from './database/schemas/misc/notification.schema.js'; import { notificationModel } from './database/schemas/misc/notification.schema.js';
import { userNotifierModel } from './database/schemas/misc/usernotifier.schema.js'; import { userNotifierModel } from './database/schemas/misc/usernotifier.schema.js';
import { userModel } from './database/schemas/management/user.schema.js';
import exifr from 'exifr'; import exifr from 'exifr';
import { natsServer } from './database/nats.js'; import { natsServer } from './database/nats.js';
import log4js from 'log4js'; import log4js from 'log4js';
@ -9,6 +10,12 @@ import config from './config.js';
import crypto from 'crypto'; import crypto from 'crypto';
import canonicalize from 'canonical-json'; import canonicalize from 'canonical-json';
import { getModelByName } from './services/misc/model.js'; import { getModelByName } from './services/misc/model.js';
import { createEmailRenderAuthCode } from './services/misc/emailRenderAuth.js';
import { Worker } from 'worker_threads';
import path from 'path';
import { fileURLToPath } from 'url';
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const logger = log4js.getLogger('Utils'); const logger = log4js.getLogger('Utils');
logger.level = config.server.logLevel; logger.level = config.server.logLevel;
@ -427,8 +434,12 @@ async function editNotification(oldValue, newValue, parentId, parentType, user)
old: changedOldValues, old: changedOldValues,
new: changedNewValues, new: changedNewValues,
objectType: parentType, objectType: parentType,
object: { _id: parentId }, object: { _id: String(parentId ?? '') },
user: { _id: user._id, firstName: user.firstName, lastName: user.lastName }, user: {
_id: String(user?._id ?? ''),
firstName: user.firstName,
lastName: user.lastName,
},
} }
); );
} }
@ -454,7 +465,7 @@ async function deleteAuditLog(deleteValue, parentId, parentType, user) {
async function deleteNotification(object, parentId, parentType, user) { async function deleteNotification(object, parentId, parentType, user) {
const model = getModelByName(parentType); const model = getModelByName(parentType);
const objectName = oldValue?.name ?? newValue?.name ?? model?.label ?? parentType; const objectName = object?.name || model?.label || parentType;
await notfiyObjectUserNotifiers( await notfiyObjectUserNotifiers(
parentId, parentId,
parentType, parentType,
@ -470,6 +481,28 @@ async function deleteNotification(object, parentId, parentType, user) {
); );
} }
async function newNoteNotification(note, user) {
const model = getModelByName(note.parentType);
const objectName = model?.label ?? note.parentType;
await notfiyObjectUserNotifiers(
note.parent,
note.parentType,
`New note added to ${objectName.toLowerCase()} by ${user?.firstName ?? 'unknown'} ${user?.lastName ?? ''}`,
`A new note has been created.`,
'newNote',
{
objectType: note.parentType,
object: { _id: String(note.parent ?? '') },
note: note,
user: {
_id: String(user?._id ?? ''),
firstName: user?.firstName,
lastName: user?.lastName,
},
}
);
}
async function getAuditLogs(idOrIds) { async function getAuditLogs(idOrIds) {
if (Array.isArray(idOrIds)) { if (Array.isArray(idOrIds)) {
return auditLogModel.find({ parent: { $in: idOrIds } }).populate('owner'); return auditLogModel.find({ parent: { $in: idOrIds } }).populate('owner');
@ -552,6 +585,11 @@ async function notfiyObjectUserNotifiers(id, objectType, title, message, type =
const userNotifiers = await userNotifierModel.find({ object: id, objectType: objectType }); const userNotifiers = await userNotifierModel.find({ object: id, objectType: objectType });
for (const userNotifier of userNotifiers) { for (const userNotifier of userNotifiers) {
await createNotification(userNotifier.user._id, title, message, type, metadata); await createNotification(userNotifier.user._id, title, message, type, metadata);
console.log('userNotifier.email', userNotifier.email);
if (userNotifier.email == true) {
console.log('sending email');
await sendEmailNotification(userNotifier.user, title, message, type, metadata);
}
} }
} }
@ -569,6 +607,79 @@ async function createNotification(user, title, message, type = 'info', metadata)
return notification; return notification;
} }
let mailWorker = null;
function getMailWorker() {
if (!mailWorker) {
const workerPath = path.join(__dirname, 'mailworker.js');
mailWorker = new Worker(workerPath);
mailWorker.on('error', (err) => logger.error('MailWorker error:', err));
mailWorker.on('exit', (code) => {
if (code !== 0) logger.warn('MailWorker exited with code', code);
mailWorker = null;
});
}
return mailWorker;
}
/**
* Sends an email notification asynchronously via a worker thread.
* Renders a React template on the urlClient, captures HTML with Puppeteer, and emails the user.
* Accepts the same input as createNotification: user, title, message, type, metadata.
* Returns immediately; does not wait for the email to be sent.
* @param {ObjectId|Object} user - User ID or user object (must have email)
* @param {string} title - Notification title
* @param {string} message - Notification message
* @param {string} type - Notification type (info, editObject, deleteObject, error, success)
* @param {Object} metadata - Optional metadata object
*/
async function sendEmailNotification(user, title, message, type = 'info', metadata) {
let userDoc = user;
if (user && (mongoose.Types.ObjectId.isValid(user) || user._id)) {
const userId = user._id || user;
userDoc = await userModel.findById(userId).lean();
}
if (!userDoc?.email) {
logger.warn('sendEmailNotification: no email for user', user);
return null;
}
const smtpConfig = config.smtp;
if (!smtpConfig?.host) {
logger.warn('sendEmailNotification: SMTP not configured, skipping email');
return null;
}
const urlClient = config.app?.urlClient || 'http://localhost:3000';
const authCode = createEmailRenderAuthCode(userDoc);
const payload = {
email: userDoc.email,
title,
message,
type,
metadata: metadata || {},
createdAt: new Date(),
updatedAt: new Date(),
authCode,
smtpConfig: {
host: smtpConfig.host,
port: smtpConfig.port || 587,
secure: smtpConfig.secure || false,
auth: smtpConfig.auth?.user ? smtpConfig.auth : undefined,
from: smtpConfig.from || 'FarmControl <noreply@farmcontrol.app>',
},
urlClient,
};
try {
getMailWorker().postMessage(payload);
} catch (err) {
logger.error('sendEmailNotification: failed to post to worker', err.message);
}
return null;
}
function flatternObjectIds(object) { function flatternObjectIds(object) {
if (!object || typeof object !== 'object') { if (!object || typeof object !== 'object') {
return object; return object;
@ -790,6 +901,7 @@ export {
getAuditLogs, getAuditLogs,
flatternObjectIds, flatternObjectIds,
expandObjectIds, expandObjectIds,
newNoteNotification,
distributeUpdate, distributeUpdate,
distributeStats, distributeStats,
distributeNew, distributeNew,
@ -798,6 +910,8 @@ export {
distributeChildDelete, distributeChildDelete,
distributeChildNew, distributeChildNew,
notfiyObjectUserNotifiers, notfiyObjectUserNotifiers,
createNotification,
sendEmailNotification,
getFilter, // <-- add here getFilter, // <-- add here
convertPropertiesString, convertPropertiesString,
getFileMeta, getFileMeta,