farmcontrol/farmcontrol-api
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: farmcontrol:a9c4b29f9f2d6d7fc0fecd4ca2a42014eefbefff
Branches Tags
farmcontrol:main
farmcontrol:config-updates
..
compare: farmcontrol:a2d62ddec1dd2da318d899bb679803ab7f258e64
Branches Tags
farmcontrol:main
farmcontrol:config-updates

No commits in common. "a9c4b29f9f2d6d7fc0fecd4ca2a42014eefbefff" and "a2d62ddec1dd2da318d899bb679803ab7f258e64" have entirely different histories.
a9c4b29f9f ... a2d62ddec1

12 changed files with 385 additions and 1097 deletions
Show Stats Expand all files Collapse all files

30
config.json
View File

@ -46,16 +46,6 @@
"filesBucket": "farmcontrol"
}
},
"smtp": {
"host": "mail.tombutcher.work",
"port": 465,
"secure": true,
"auth": {
"user": "farmcontrol",
"pass": "XwV5u3jWufuo5E5U4N9hBHfNfwk28D7fNdFN"
},
"from": "FarmControl <farmcontrol@tombutcher.work>"
},
"otpExpiryMins": 0.5
},
"test": {
@ -105,16 +95,6 @@
"filesBucket": "farmcontrol-test"
}
},
"smtp": {
"host": "localhost",
"port": 587,
"secure": false,
"auth": {
"user": "",
"pass": ""
},
"from": "FarmControl <farmcontrol@tombutcher.work>"
},
"otpExpiryMins": 0.5
},
"production": {
@ -163,16 +143,6 @@
"region": "us-east-1",
"filesBucket": "farmcontrol"
}
},
"smtp": {
"host": "localhost",
"port": 587,
"secure": false,
"auth": {
"user": "",
"pass": ""
},
"from": "FarmControl <noreply@farmcontrol.app>"
}
}
}

1
package.json
View File

@ -30,7 +30,6 @@
"nodemailer": "*",
"nodemon": "^3.1.11",
"pg": "^8.16.3",
"puppeteer": "^24.37.5",
"redis": "^5.10.0",
"sequelize": "^6.37.7"
},

388
pnpm-lock.yaml generated
View File

@ -86,9 +86,6 @@ importers:
pg:
specifier: ^8.16.3
version: 8.18.0
puppeteer:
specifier: ^24.37.5
version: 24.37.5
redis:
specifier: ^5.10.0
version: 5.10.0
@ -1187,11 +1184,6 @@ packages:
resolution: {integrity: sha512-QNqXyfVS2wm9hweSYD2O7F0G06uurj9kZ96TRQE5Y9hU7+tgdZwIkbAKc5Ocy1HxEY2kuDQa6cQ1WRs/O5LFKA==}
engines: {node: ^12.20.0 || ^14.18.0 || >=16.0.0}
'@puppeteer/browsers@2.13.0':
resolution: {integrity: sha512-46BZJYJjc/WwmKjsvDFykHtXrtomsCIrwYQPOP7VfMJoZY2bsDF9oROBABR3paDjDcmkUye1Pb1BqdcdiipaWA==}
engines: {node: '>=18'}
hasBin: true
'@redis/bloom@5.10.0':
resolution: {integrity: sha512-doIF37ob+l47n0rkpRNgU8n4iacBlKM9xLiP1LtTZTvz8TloJB8qx/MgvhMhKdYG+CvCY2aPBnN2706izFn/4A==}
engines: {node: '>= 18'}
@ -1741,17 +1733,6 @@ packages:
axios@1.13.4:
resolution: {integrity: sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==}
axios@1.13.6:
resolution: {integrity: sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==}
b4a@1.8.0:
resolution: {integrity: sha512-qRuSmNSkGQaHwNbM7J78Wwy+ghLEYF1zNrSeMxj4Kgw6y33O3mXcQ6Ie9fRvfU/YnxWkOchPXbaLb73TkIsfdg==}
peerDependencies:
react-native-b4a: '*'
peerDependenciesMeta:
react-native-b4a:
optional: true
babel-jest@30.2.0:
resolution: {integrity: sha512-0YiBEOxWqKkSQWL9nNGGEgndoeL0ZpWrbLMNL5u/Kaxrli3Eaxlt3ZtIDktEvXt4L/R9r3ODr2zKwGM/2BjxVw==}
engines: {node: ^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0}
@ -1800,44 +1781,6 @@ packages:
balanced-match@1.0.2:
resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
bare-events@2.8.2:
resolution: {integrity: sha512-riJjyv1/mHLIPX4RwiK+oW9/4c3TEUeORHKefKAKnZ5kyslbN+HXowtbaVEqt4IMUB7OXlfixcs6gsFeo/jhiQ==}
peerDependencies:
bare-abort-controller: '*'
peerDependenciesMeta:
bare-abort-controller:
optional: true
bare-fs@4.5.5:
resolution: {integrity: sha512-XvwYM6VZqKoqDll8BmSww5luA5eflDzY0uEFfBJtFKe4PAAtxBjU3YIxzIBzhyaEQBy1VXEQBto4cpN5RZJw+w==}
engines: {bare: '>=1.16.0'}
peerDependencies:
bare-buffer: '*'
peerDependenciesMeta:
bare-buffer:
optional: true
bare-os@3.7.0:
resolution: {integrity: sha512-64Rcwj8qlnTZU8Ps6JJEdSmxBEUGgI7g8l+lMtsJLl4IsfTcHMTfJ188u2iGV6P6YPRZrtv72B2kjn+hp+Yv3g==}
engines: {bare: '>=1.14.0'}
bare-path@3.0.0:
resolution: {integrity: sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==}
bare-stream@2.8.0:
resolution: {integrity: sha512-reUN0M2sHRqCdG4lUK3Fw8w98eeUIZHL5c3H7Mbhk2yVBL+oofgaIp0ieLfD5QXwPCypBpmEEKU2WZKzbAk8GA==}
peerDependencies:
bare-buffer: '*'
bare-events: '*'
peerDependenciesMeta:
bare-buffer:
optional: true
bare-events:
optional: true
bare-url@2.3.2:
resolution: {integrity: sha512-ZMq4gd9ngV5aTMa5p9+UfY0b3skwhHELaDkhEHetMdX0LRkW9kzaym4oo/Eh+Ghm0CCDuMTsRIGM/ytUc1ZYmw==}
baseline-browser-mapping@2.9.19:
resolution: {integrity: sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==}
hasBin: true
@ -1845,7 +1788,6 @@ packages:
basic-ftp@5.1.0:
resolution: {integrity: sha512-RkaJzeJKDbaDWTIPiJwubyljaEPwpVWkm9Rt5h9Nd6h7tEXTJ3VB4qxdZBioV7JO5yLUaOKwz7vDOzlncUsegw==}
engines: {node: '>=10.0.0'}
deprecated: Security vulnerability fixed in 5.2.0, please upgrade
bcrypt@6.0.0:
resolution: {integrity: sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==}
@ -1956,16 +1898,11 @@ packages:
resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
engines: {node: '>= 8.10.0'}
chromedriver@146.0.0:
resolution: {integrity: sha512-fDAbuEy+Dn9F/h8fphiQIUEyUDOTGlfjZHfI9dJZz75+ui/LIHqWzStQt87vpwA9oV3ut4C2W3flfvbn3KELFQ==}
chromedriver@145.0.0:
resolution: {integrity: sha512-rnqHS3u+OEdhaS3PmV7V8KYHBLiIOrIKMkRZSEaQcQXnpqHQTPBrS/1x7r0MJvuywtv2qFQYNbd5yXUmuxFvmg==}
engines: {node: '>=20'}
hasBin: true
chromium-bidi@14.0.0:
resolution: {integrity: sha512-9gYlLtS6tStdRWzrtXaTMnqcM4dudNegMXJxkR0I/CXObHalYeYcAMPrL19eroNZHtJ8DQmu1E+ZNOYu/IXMXw==}
peerDependencies:
devtools-protocol: '*'
ci-info@4.4.0:
resolution: {integrity: sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==}
engines: {node: '>=8'}
@ -2077,15 +2014,6 @@ packages:
resolution: {integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==}
engines: {node: '>= 0.10'}
cosmiconfig@9.0.0:
resolution: {integrity: sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==}
engines: {node: '>=14'}
peerDependencies:
typescript: '>=4.9.5'
peerDependenciesMeta:
typescript:
optional: true
cross-spawn@7.0.6:
resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
engines: {node: '>= 8'}
@ -2183,9 +2111,6 @@ packages:
resolution: {integrity: sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==}
engines: {node: '>=8'}
devtools-protocol@0.0.1566079:
resolution: {integrity: sha512-MJfAEA1UfVhSs7fbSQOG4czavUp1ajfg6prlAN0+cmfa2zNjaIbvq8VneP7do1WAQQIvgNJWSMeP6UyI90gIlQ==}
dezalgo@1.0.4:
resolution: {integrity: sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==}
@ -2245,10 +2170,6 @@ packages:
end-of-stream@1.4.5:
resolution: {integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==}
env-paths@2.2.1:
resolution: {integrity: sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==}
engines: {node: '>=6'}
error-ex@1.3.4:
resolution: {integrity: sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==}
@ -2483,9 +2404,6 @@ packages:
resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==}
engines: {node: '>= 0.6'}
events-universal@1.0.1:
resolution: {integrity: sha512-LUd5euvbMLpwOF8m6ivPCbhQeSiYVNb8Vs0fQ8QjXo0JTkEHpz8pxdQf0gStltaPpw0Cca8b39KxvK9cfKRiAw==}
execa@5.1.1:
resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
engines: {node: '>=10'}
@ -2520,9 +2438,6 @@ packages:
fast-diff@1.3.0:
resolution: {integrity: sha512-VxPP4NqbUjj6MaAOafWeUn2cXWLcCtljklUtZf0Ind4XQ+QPtmA0b18zZy0jIQx+ExRVCR/ZQpBmik5lXshNsw==}
fast-fifo@1.3.2:
resolution: {integrity: sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ==}
fast-json-stable-stringify@2.1.0:
resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
@ -3408,9 +3323,6 @@ packages:
resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
engines: {node: '>=16 || 14 >=14.17'}
mitt@3.0.1:
resolution: {integrity: sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==}
mkdirp@0.5.6:
resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==}
hasBin: true
@ -3821,10 +3733,6 @@ packages:
resolution: {integrity: sha512-9uBdv/B4EefsuAL+pWqueZyZS2Ba+LxfFeQ9DN14HU4bN8bhaxKdkpjpB6fs9+pSjIBu+FXQHImEg8j/Lw0+vA==}
engines: {node: ^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0}
progress@2.0.3:
resolution: {integrity: sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==}
engines: {node: '>=0.4.0'}
prop-types@15.8.1:
resolution: {integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==}
@ -3842,9 +3750,6 @@ packages:
proxy-from-env@1.1.0:
resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==}
proxy-from-env@2.0.0:
resolution: {integrity: sha512-h2lD3OfRraP3R51rNFKIE8nX+qoLr1mE74X91YhVxtDbt+OD6ntoNZv56+JgI4RCdtwQ5eexsOk1KdOQDfvPCQ==}
pstree.remy@1.1.8:
resolution: {integrity: sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==}
@ -3855,15 +3760,6 @@ packages:
resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
engines: {node: '>=6'}
puppeteer-core@24.37.5:
resolution: {integrity: sha512-ybL7iE78YPN4T6J+sPLO7r0lSByp/0NN6PvfBEql219cOnttoTFzCWKiBOjstXSqi/OKpwae623DWAsL7cn2MQ==}
engines: {node: '>=18'}
puppeteer@24.37.5:
resolution: {integrity: sha512-3PAOIQLceyEmn1Fi76GkGO2EVxztv5OtdlB1m8hMUZL3f8KDHnlvXbvCXv+Ls7KzF1R0KdKBqLuT/Hhrok12hQ==}
engines: {node: '>=18'}
hasBin: true
pure-rand@7.0.1:
resolution: {integrity: sha512-oTUZM/NAZS8p7ANR3SHh30kXB+zK2r2BPcEn/awJIbOvq82WoMN4p62AWWp3Hhw50G0xMsw1mhIBLqHw64EcNQ==}
@ -4018,11 +3914,6 @@ packages:
engines: {node: '>=10'}
hasBin: true
semver@7.7.4:
resolution: {integrity: sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==}
engines: {node: '>=10'}
hasBin: true
send@1.2.1:
resolution: {integrity: sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==}
engines: {node: '>= 18'}
@ -4203,9 +4094,6 @@ packages:
resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==}
engines: {node: '>=10.0.0'}
streamx@2.23.0:
resolution: {integrity: sha512-kn+e44esVfn2Fa/O0CPFcex27fjIL6MkVae0Mm6q+E6f0hWv578YCERbv+4m02cjxvDsPKLnmxral/rR6lBMAg==}
string-length@4.0.2:
resolution: {integrity: sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==}
engines: {node: '>=10'}
@ -4295,25 +4183,13 @@ packages:
resolution: {integrity: sha512-Bh7QjT8/SuKUIfObSXNHNSK6WHo6J1tHCqJsuaFDP7gP0fkzSfTxI8y85JrppZ0h8l0maIgc2tfuZQ6/t3GtnQ==}
engines: {node: ^14.18.0 || >=16.0.0}
tar-fs@3.1.1:
resolution: {integrity: sha512-LZA0oaPOc2fVo82Txf3gw+AkEd38szODlptMYejQUhndHMLQ9M059uXR+AfS7DNo0NpINvSqDsvyaCrBVkptWg==}
tar-stream@3.1.8:
resolution: {integrity: sha512-U6QpVRyCGHva435KoNWy9PRoi2IFYCgtEhq9nmrPPpbRacPs9IH4aJ3gbrFC8dPcXvdSZ4XXfXT5Fshbp2MtlQ==}
tcp-port-used@1.0.2:
resolution: {integrity: sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA==}
teex@1.0.1:
resolution: {integrity: sha512-eYE6iEI62Ni1H8oIa7KlDU6uQBtqr4Eajni3wX7rpfXD8ysFx8z0+dri+KWEPWpBsxXfxu58x/0jvTVT1ekOSg==}
test-exclude@6.0.0:
resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==}
engines: {node: '>=8'}
text-decoder@1.2.7:
resolution: {integrity: sha512-vlLytXkeP4xvEq2otHeJfSQIRyWxo/oZGEbXrtEEF9Hnmrdly59sUbzZ/QgyWuLYHctCHxFF4tRQZNQ9k60ExQ==}
text-table@0.2.0:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
@ -4396,9 +4272,6 @@ packages:
resolution: {integrity: sha512-3KS2b+kL7fsuk/eJZ7EQdnEmQoaho/r6KUef7hxvltNA5DR8NAUM+8wJMbJyZ4G9/7i3v5zPBIMN5aybAh2/Jg==}
engines: {node: '>= 0.4'}
typed-query-selector@2.12.1:
resolution: {integrity: sha512-uzR+FzI8qrUEIu96oaeBJmd9E7CFEiQ3goA5qCVgc4s5llSubcfGHq9yUstZx/k4s9dXHVKsE35YWoFyvEqEHA==}
typedarray@0.0.6:
resolution: {integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==}
@ -4490,9 +4363,6 @@ packages:
walker@1.0.8:
resolution: {integrity: sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==}
webdriver-bidi-protocol@0.4.1:
resolution: {integrity: sha512-ARrjNjtWRRs2w4Tk7nqrf2gBI0QXWuOmMCx2hU+1jUt6d00MjMxURrhxhGbrsoiZKJrhTSTzbIrc554iKI10qw==}
webidl-conversions@7.0.0:
resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==}
engines: {node: '>=12'}
@ -4544,18 +4414,6 @@ packages:
resolution: {integrity: sha512-+QU2zd6OTD8XWIJCbffaiQeH9U73qIqafo1x6V1snCWYGJf6cVE0cDR4D8xRzcEnfI21IFrUPzPGtcPf8AC+Rw==}
engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0}
ws@8.19.0:
resolution: {integrity: sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==}
engines: {node: '>=10.0.0'}
peerDependencies:
bufferutil: ^4.0.1
utf-8-validate: '>=5.0.2'
peerDependenciesMeta:
bufferutil:
optional: true
utf-8-validate:
optional: true
xdg-basedir@4.0.0:
resolution: {integrity: sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==}
engines: {node: '>=8'}
@ -4597,9 +4455,6 @@ packages:
resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
engines: {node: '>=10'}
zod@3.25.76:
resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
snapshots:
'@aws-crypto/crc32@5.2.0':
@ -6266,21 +6121,6 @@ snapshots:
'@pkgr/core@0.2.9': {}
'@puppeteer/browsers@2.13.0':
dependencies:
debug: 4.4.3(supports-color@5.5.0)
extract-zip: 2.0.1
progress: 2.0.3
proxy-agent: 6.5.0
semver: 7.7.4
tar-fs: 3.1.1
yargs: 17.7.2
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- react-native-b4a
- supports-color
'@redis/bloom@5.10.0(@redis/client@5.10.0)':
dependencies:
'@redis/client': 5.10.0
@ -6654,7 +6494,8 @@ snapshots:
'@testim/chrome-version@1.1.4':
optional: true
'@tootallnate/quickjs-emscripten@0.23.0': {}
'@tootallnate/quickjs-emscripten@0.23.0':
optional: true
'@tybys/wasm-util@0.10.1':
dependencies:
@ -6803,7 +6644,8 @@ snapshots:
acorn@8.15.0: {}
agent-base@7.1.4: {}
agent-base@7.1.4:
optional: true
ajv@6.12.6:
dependencies:
@ -6931,6 +6773,7 @@ snapshots:
ast-types@0.13.4:
dependencies:
tslib: 2.8.1
optional: true
async-function@1.0.0: {}
@ -6950,17 +6793,6 @@ snapshots:
transitivePeerDependencies:
- debug
axios@1.13.6:
dependencies:
follow-redirects: 1.15.11
form-data: 4.0.5
proxy-from-env: 1.1.0
transitivePeerDependencies:
- debug
optional: true
b4a@1.8.0: {}
babel-jest@30.2.0(@babel/core@7.29.0):
dependencies:
'@babel/core': 7.29.0
@ -7045,42 +6877,10 @@ snapshots:
balanced-match@1.0.2: {}
bare-events@2.8.2: {}
bare-fs@4.5.5:
dependencies:
bare-events: 2.8.2
bare-path: 3.0.0
bare-stream: 2.8.0(bare-events@2.8.2)
bare-url: 2.3.2
fast-fifo: 1.3.2
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
bare-os@3.7.0: {}
bare-path@3.0.0:
dependencies:
bare-os: 3.7.0
bare-stream@2.8.0(bare-events@2.8.2):
dependencies:
streamx: 2.23.0
teex: 1.0.1
optionalDependencies:
bare-events: 2.8.2
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
bare-url@2.3.2:
dependencies:
bare-path: 3.0.0
baseline-browser-mapping@2.9.19: {}
basic-ftp@5.1.0: {}
basic-ftp@5.1.0:
optional: true
bcrypt@6.0.0:
dependencies:
@ -7138,7 +6938,8 @@ snapshots:
bson@6.10.4: {}
buffer-crc32@0.2.13: {}
buffer-crc32@0.2.13:
optional: true
buffer-equal-constant-time@1.0.1: {}
@ -7200,26 +7001,20 @@ snapshots:
optionalDependencies:
fsevents: 2.3.3
chromedriver@146.0.0:
chromedriver@145.0.0:
dependencies:
'@testim/chrome-version': 1.1.4
axios: 1.13.6
axios: 1.13.4
compare-versions: 6.1.1
extract-zip: 2.0.1
proxy-agent: 6.5.0
proxy-from-env: 2.0.0
proxy-from-env: 1.1.0
tcp-port-used: 1.0.2
transitivePeerDependencies:
- debug
- supports-color
optional: true
chromium-bidi@14.0.0(devtools-protocol@0.0.1566079):
dependencies:
devtools-protocol: 0.0.1566079
mitt: 3.0.1
zod: 3.25.76
ci-info@4.4.0: {}
cjs-module-lexer@2.2.0: {}
@ -7319,20 +7114,14 @@ snapshots:
object-assign: 4.1.1
vary: 1.1.2
cosmiconfig@9.0.0:
dependencies:
env-paths: 2.2.1
import-fresh: 3.3.1
js-yaml: 4.1.1
parse-json: 5.2.0
cross-spawn@7.0.6:
dependencies:
path-key: 3.1.1
shebang-command: 2.0.0
which: 2.0.2
data-uri-to-buffer@6.0.2: {}
data-uri-to-buffer@6.0.2:
optional: true
data-view-buffer@1.0.2:
dependencies:
@ -7396,6 +7185,7 @@ snapshots:
ast-types: 0.13.4
escodegen: 2.1.0
esprima: 4.0.1
optional: true
delayed-stream@1.0.0: {}
@ -7403,8 +7193,6 @@ snapshots:
detect-newline@3.1.0: {}
devtools-protocol@0.0.1566079: {}
dezalgo@1.0.4:
dependencies:
asap: 2.0.6
@ -7466,8 +7254,7 @@ snapshots:
end-of-stream@1.4.5:
dependencies:
once: 1.4.0
env-paths@2.2.1: {}
optional: true
error-ex@1.3.4:
dependencies:
@ -7591,6 +7378,7 @@ snapshots:
esutils: 2.0.3
optionalDependencies:
source-map: 0.6.1
optional: true
eslint-config-prettier@10.1.8(eslint@9.39.2):
dependencies:
@ -7601,7 +7389,7 @@ snapshots:
eslint: 8.57.1
eslint-plugin-react: 7.37.5(eslint@8.57.1)
eslint-config-standard@17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@8.57.1))(eslint-plugin-promise@6.6.0(eslint@8.57.1))(eslint@8.57.1):
eslint-config-standard@17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@9.39.2))(eslint-plugin-promise@6.6.0(eslint@9.39.2))(eslint@8.57.1):
dependencies:
eslint: 8.57.1
eslint-plugin-import: 2.32.0(eslint@8.57.1)
@ -7842,12 +7630,6 @@ snapshots:
etag@1.8.1: {}
events-universal@1.0.1:
dependencies:
bare-events: 2.8.2
transitivePeerDependencies:
- bare-abort-controller
execa@5.1.1:
dependencies:
cross-spawn: 7.0.6
@ -7928,13 +7710,12 @@ snapshots:
'@types/yauzl': 2.10.3
transitivePeerDependencies:
- supports-color
optional: true
fast-deep-equal@3.1.3: {}
fast-diff@1.3.0: {}
fast-fifo@1.3.2: {}
fast-json-stable-stringify@2.1.0: {}
fast-levenshtein@2.0.6: {}
@ -7956,6 +7737,7 @@ snapshots:
fd-slicer@1.1.0:
dependencies:
pend: 1.2.0
optional: true
file-entry-cache@6.0.1:
dependencies:
@ -8106,6 +7888,7 @@ snapshots:
get-stream@5.2.0:
dependencies:
pump: 3.0.3
optional: true
get-stream@6.0.1: {}
@ -8122,6 +7905,7 @@ snapshots:
debug: 4.4.3(supports-color@5.5.0)
transitivePeerDependencies:
- supports-color
optional: true
glob-parent@5.1.2:
dependencies:
@ -8221,6 +8005,7 @@ snapshots:
debug: 4.4.3(supports-color@5.5.0)
transitivePeerDependencies:
- supports-color
optional: true
https-proxy-agent@7.0.6:
dependencies:
@ -8228,6 +8013,7 @@ snapshots:
debug: 4.4.3(supports-color@5.5.0)
transitivePeerDependencies:
- supports-color
optional: true
human-signals@2.1.0: {}
@ -8270,7 +8056,8 @@ snapshots:
hasown: 2.0.2
side-channel: 1.1.0
ip-address@10.1.0: {}
ip-address@10.1.0:
optional: true
ip-regex@4.3.0:
optional: true
@ -8877,7 +8664,7 @@ snapshots:
dependencies:
jwk-to-pem: 2.0.7
optionalDependencies:
chromedriver: 146.0.0
chromedriver: 145.0.0
transitivePeerDependencies:
- debug
- supports-color
@ -8958,7 +8745,8 @@ snapshots:
dependencies:
yallist: 3.1.1
lru-cache@7.18.3: {}
lru-cache@7.18.3:
optional: true
make-dir@2.1.0:
dependencies:
@ -9028,8 +8816,6 @@ snapshots:
minipass@7.1.2: {}
mitt@3.0.1: {}
mkdirp@0.5.6:
dependencies:
minimist: 1.2.8
@ -9115,7 +8901,8 @@ snapshots:
negotiator@1.0.0: {}
netmask@2.0.2: {}
netmask@2.0.2:
optional: true
node-addon-api@8.5.0: {}
@ -9276,11 +9063,13 @@ snapshots:
socks-proxy-agent: 8.0.5
transitivePeerDependencies:
- supports-color
optional: true
pac-resolver@7.0.1:
dependencies:
degenerator: 5.0.1
netmask: 2.0.2
optional: true
package-json-from-dist@1.0.1: {}
@ -9321,7 +9110,8 @@ snapshots:
path-to-regexp@8.3.0: {}
pend@1.2.0: {}
pend@1.2.0:
optional: true
pg-cloudflare@1.3.0:
optional: true
@ -9407,8 +9197,6 @@ snapshots:
ansi-styles: 5.2.0
react-is: 18.3.1
progress@2.0.3: {}
prop-types@15.8.1:
dependencies:
loose-envify: 1.4.0
@ -9434,55 +9222,20 @@ snapshots:
socks-proxy-agent: 8.0.5
transitivePeerDependencies:
- supports-color
optional: true
proxy-from-env@1.1.0: {}
proxy-from-env@2.0.0:
optional: true
pstree.remy@1.1.8: {}
pump@3.0.3:
dependencies:
end-of-stream: 1.4.5
once: 1.4.0
optional: true
punycode@2.3.1: {}
puppeteer-core@24.37.5:
dependencies:
'@puppeteer/browsers': 2.13.0
chromium-bidi: 14.0.0(devtools-protocol@0.0.1566079)
debug: 4.4.3(supports-color@5.5.0)
devtools-protocol: 0.0.1566079
typed-query-selector: 2.12.1
webdriver-bidi-protocol: 0.4.1
ws: 8.19.0
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- bufferutil
- react-native-b4a
- supports-color
- utf-8-validate
puppeteer@24.37.5:
dependencies:
'@puppeteer/browsers': 2.13.0
chromium-bidi: 14.0.0(devtools-protocol@0.0.1566079)
cosmiconfig: 9.0.0
devtools-protocol: 0.0.1566079
puppeteer-core: 24.37.5
typed-query-selector: 2.12.1
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- bufferutil
- react-native-b4a
- supports-color
- typescript
- utf-8-validate
pure-rand@7.0.1: {}
qs@6.14.1:
@ -9648,8 +9401,6 @@ snapshots:
semver@7.7.3: {}
semver@7.7.4: {}
send@1.2.1:
dependencies:
debug: 4.4.3(supports-color@5.5.0)
@ -9788,7 +9539,8 @@ snapshots:
slash@3.0.0: {}
smart-buffer@4.2.0: {}
smart-buffer@4.2.0:
optional: true
socks-proxy-agent@8.0.5:
dependencies:
@ -9797,11 +9549,13 @@ snapshots:
socks: 2.8.7
transitivePeerDependencies:
- supports-color
optional: true
socks@2.8.7:
dependencies:
ip-address: 10.1.0
smart-buffer: 4.2.0
optional: true
source-map-support@0.5.13:
dependencies:
@ -9837,7 +9591,7 @@ snapshots:
standard@17.1.2:
dependencies:
eslint: 8.57.1
eslint-config-standard: 17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@8.57.1))(eslint-plugin-promise@6.6.0(eslint@8.57.1))(eslint@8.57.1)
eslint-config-standard: 17.1.0(eslint-plugin-import@2.32.0(eslint@8.57.1))(eslint-plugin-n@15.7.0(eslint@9.39.2))(eslint-plugin-promise@6.6.0(eslint@9.39.2))(eslint@8.57.1)
eslint-config-standard-jsx: 11.0.0(eslint-plugin-react@7.37.5(eslint@8.57.1))(eslint@8.57.1)
eslint-plugin-import: 2.32.0(eslint@8.57.1)
eslint-plugin-n: 15.7.0(eslint@8.57.1)
@ -9868,15 +9622,6 @@ snapshots:
streamsearch@1.1.0: {}
streamx@2.23.0:
dependencies:
events-universal: 1.0.1
fast-fifo: 1.3.2
text-decoder: 1.2.7
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
string-length@4.0.2:
dependencies:
char-regex: 1.0.2
@ -10000,29 +9745,6 @@ snapshots:
dependencies:
'@pkgr/core': 0.2.9
tar-fs@3.1.1:
dependencies:
pump: 3.0.3
tar-stream: 3.1.8
optionalDependencies:
bare-fs: 4.5.5
bare-path: 3.0.0
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- react-native-b4a
tar-stream@3.1.8:
dependencies:
b4a: 1.8.0
bare-fs: 4.5.5
fast-fifo: 1.3.2
streamx: 2.23.0
transitivePeerDependencies:
- bare-abort-controller
- bare-buffer
- react-native-b4a
tcp-port-used@1.0.2:
dependencies:
debug: 4.3.1
@ -10031,25 +9753,12 @@ snapshots:
- supports-color
optional: true
teex@1.0.1:
dependencies:
streamx: 2.23.0
transitivePeerDependencies:
- bare-abort-controller
- react-native-b4a
test-exclude@6.0.0:
dependencies:
'@istanbuljs/schema': 0.1.3
glob: 7.2.3
minimatch: 3.1.2
text-decoder@1.2.7:
dependencies:
b4a: 1.8.0
transitivePeerDependencies:
- react-native-b4a
text-table@0.2.0: {}
tmpl@1.0.5: {}
@ -10137,8 +9846,6 @@ snapshots:
possible-typed-array-names: 1.1.0
reflect.getprototypeof: 1.0.10
typed-query-selector@2.12.1: {}
typedarray@0.0.6: {}
uid-safe@2.1.5:
@ -10235,8 +9942,6 @@ snapshots:
dependencies:
makeerror: 1.0.12
webdriver-bidi-protocol@0.4.1: {}
webidl-conversions@7.0.0: {}
whatwg-url@14.2.0:
@ -10314,8 +10019,6 @@ snapshots:
imurmurhash: 0.1.4
signal-exit: 4.1.0
ws@8.19.0: {}
xdg-basedir@4.0.0: {}
xml@1.0.1: {}
@ -10354,7 +10057,6 @@ snapshots:
dependencies:
buffer-crc32: 0.2.13
fd-slicer: 1.1.0
optional: true
yocto-queue@0.1.0: {}
zod@3.25.76: {}

16
src/config.js
View File

@ -53,22 +53,6 @@ function loadConfig() {
);
}
// Ensure smtp config exists and override with env vars if available
if (!envConfig.smtp) {
envConfig.smtp = {};
}
if (process.env.SMTP_HOST) envConfig.smtp.host = process.env.SMTP_HOST;
if (process.env.SMTP_PORT) envConfig.smtp.port = parseInt(process.env.SMTP_PORT, 10);
if (process.env.SMTP_SECURE) envConfig.smtp.secure = process.env.SMTP_SECURE === 'true';
if (process.env.SMTP_USER || process.env.SMTP_PASS) {
envConfig.smtp.auth = {
...(envConfig.smtp.auth || {}),
...(process.env.SMTP_USER && { user: process.env.SMTP_USER }),
...(process.env.SMTP_PASS && { pass: process.env.SMTP_PASS }),
};
}
if (process.env.SMTP_FROM) envConfig.smtp.from = process.env.SMTP_FROM;
return envConfig;
} catch (err) {
console.error('Error loading config:', err);

3
src/index.js
View File

@ -2,6 +2,7 @@ import express from 'express';
import bodyParser from 'body-parser';
import cors from 'cors';
import config from './config.js';
import { expressSession, keycloak } from './keycloak.js';
import { dbConnect } from './database/mongo.js';
import {
authRoutes,
@ -104,6 +105,8 @@ async function initializeApp() {
app.use(cors(corsOptions));
app.use(bodyParser.json({ type: 'application/json', strict: false, limit: '50mb' }));
app.use(express.json());
app.use(expressSession);
app.use(keycloak.middleware());
app.use(populateUserMiddleware);
app.get('/', function (req, res) {

131
src/keycloak.js
View File

@ -1,20 +1,21 @@
/**
* Authentication middleware - uses Redis session store.
* Keycloak is used only for login/refresh; session validation is done via Redis.
*/
import Keycloak from 'keycloak-connect';
import session from 'express-session';
import config, { getEnvironment } from './config.js';
import axios from 'axios';
import jwt from 'jsonwebtoken';
import log4js from 'log4js';
import NodeCache from 'node-cache';
import { userModel } from './database/schemas/management/user.schema.js';
import { getObject } from './database/database.js';
import { hostModel } from './database/schemas/management/host.schema.js';
import { getSession, lookupUserByToken } from './services/misc/auth.js';
const logger = log4js.getLogger('Keycloak');
logger.level = config.server.logLevel || 'info';
const userCache = new NodeCache({ stdTTL: 300 });
// Initialize NodeCache with 5-minute TTL
const userCache = new NodeCache({ stdTTL: 300 }); // 300 seconds = 5 minutes
// Cache event listeners for monitoring
userCache.on('expired', (key, value) => {
logger.debug(`Cache entry expired: ${key}`);
});
@ -23,18 +24,22 @@ userCache.on('flush', () => {
logger.info('Cache flushed');
});
// User lookup function with caching
const lookupUser = async (preferredUsername) => {
try {
// Check cache first
const cachedUser = userCache.get(preferredUsername);
if (cachedUser) {
logger.debug(`User found in cache: ${preferredUsername}`);
return cachedUser;
}
// If not in cache, query database
logger.debug(`User not in cache, querying database: ${preferredUsername}`);
const user = await userModel.findOne({ username: preferredUsername });
if (user) {
// Store in cache
userCache.set(preferredUsername, user);
logger.debug(`User stored in cache: ${preferredUsername}`);
return user;
@ -48,32 +53,71 @@ const lookupUser = async (preferredUsername) => {
}
};
/**
* Middleware to check if the user is authenticated.
* Supports: 1) Bearer token (Redis session), 2) Bearer token (email-render JWT for Puppeteer), 3) x-host-id + x-auth-code (host auth)
*/
// Initialize Keycloak
const keycloakConfig = {
realm: config.auth.keycloak.realm,
'auth-server-url': config.auth.keycloak.url,
'ssl-required': getEnvironment() === 'production' ? 'external' : 'none',
resource: config.auth.keycloak.clientId,
'confidential-port': 0,
'bearer-only': true,
'public-client': false,
'use-resource-role-mappings': true,
'verify-token-audience': true,
credentials: {
secret: config.auth.keycloak.clientSecret,
},
};
const memoryStore = new session.MemoryStore();
var expressSession = session({
secret: config.auth.sessionSecret,
resave: false,
saveUninitialized: true, // Set this to true to ensure session is initialized
store: memoryStore,
cookie: {
maxAge: 1800000, // 30 minutes
},
});
var keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);
// Custom middleware to check if the user is authenticated
const isAuthenticated = async (req, res, next) => {
let token = null;
const authHeader = req.headers.authorization || req.headers.Authorization;
if (authHeader && authHeader.startsWith('Bearer ')) {
const token = authHeader.substring(7);
token = authHeader.substring(7);
try {
const session = await getSession(token);
if (session && session.expiresAt > Date.now()) {
req.user = session.user;
req.session = session;
return next();
// Verify token with Keycloak introspection endpoint
const response = await axios.post(
`${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/token/introspect`,
new URLSearchParams({
token: token,
client_id: config.auth.keycloak.clientId,
client_secret: config.auth.keycloak.clientSecret,
}),
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
}
);
const introspection = response.data;
if (!introspection.active) {
logger.info('Token is not active');
logger.debug('Token:', token);
return res.status(401).json({ error: 'Session Inactive', code: 'UNAUTHORIZED' });
}
// Try email-render JWT (short-lived token for Puppeteer email notifications)
const user = await lookupUserByToken(token);
if (user) {
req.user = user;
req.session = { user };
return next();
}
return next();
} catch (error) {
logger.error('Session lookup error:', error.message);
logger.error('Token verification error:', error.message);
return res.status(401).json({ error: 'Verification Error', code: 'UNAUTHORIZED' });
}
}
@ -81,14 +125,46 @@ const isAuthenticated = async (req, res, next) => {
const authCode = req.headers['x-auth-code'];
if (hostId && authCode) {
const host = await getObject({ model: hostModel, id: hostId });
if (host && host.authCode === authCode) {
if (host && host.authCode == authCode) {
return next();
}
} else {
return res.status(401).json({ error: 'Not Authenticated', code: 'UNAUTHORIZED' });
}
// Fallback to session-based authentication
if (req.session && req.session['keycloak-token']) {
const sessionToken = req.session['keycloak-token'];
if (sessionToken.expires_at > new Date().getTime()) {
return next();
}
}
logger.debug('Not authenticated', { hostId, authCode }, 'req.headers', req.headers);
return res.status(401).json({ error: 'Not Authenticated', code: 'UNAUTHORIZED' });
};
// Helper function to extract roles from token
function extractRoles(token) {
const roles = [];
// Extract realm roles
if (token.realm_access && token.realm_access.roles) {
roles.push(...token.realm_access.roles);
}
// Extract client roles
if (token.resource_access) {
for (const client in token.resource_access) {
if (token.resource_access[client].roles) {
roles.push(...token.resource_access[client].roles.map((role) => `${client}:${role}`));
}
}
}
return roles;
}
// Cache management utility functions
const clearUserCache = () => {
userCache.flushAll();
logger.info('User cache cleared');
@ -104,10 +180,11 @@ const removeUserFromCache = (username) => {
};
export {
keycloak,
expressSession,
isAuthenticated,
lookupUser,
clearUserCache,
getUserCacheStats,
removeUserFromCache,
getEnvironment,
};

151
src/mailworker.js
View File

@ -1,151 +0,0 @@
/**
* Worker thread for sending email notifications asynchronously.
* Receives payloads from the main thread and performs Puppeteer render + nodemailer send.
*/
import { parentPort } from 'worker_threads';
import puppeteer from 'puppeteer';
import nodemailer from 'nodemailer';
import log4js from 'log4js';
import config from './config.js';
const baseUrl = (urlClient) => (urlClient || 'http://localhost:3000').replace(/\/$/, '');
async function fetchAndInlineStyles(html, urlClient) {
const base = baseUrl(urlClient);
const linkMatches = [...html.matchAll(/<link[^>]+>/g)];
const stylesheetLinks = linkMatches
.map((m) => {
const tag = m[0];
if (!/rel=["']stylesheet["']/i.test(tag)) return null;
const hrefMatch = tag.match(/href=["']([^"']+)["']/);
return hrefMatch ? { tag, href: hrefMatch[1] } : null;
})
.filter(Boolean);
let inlined = html;
for (const { tag, href } of stylesheetLinks) {
const url = href.startsWith('http') ? href : `${base}${href.startsWith('/') ? '' : '/'}${href}`;
try {
const res = await fetch(url);
if (res.ok) {
const css = await res.text();
inlined = inlined.replace(tag, `<style>${css}</style>`);
}
} catch (e) {
logger.trace('Could not fetch stylesheet:', url, e.message);
}
}
return inlined;
}
const logger = log4js.getLogger('MailWorker');
logger.level = config.server.logLevel;
async function sendEmail(payload) {
const {
email,
title,
message,
type,
metadata,
smtpConfig,
urlClient,
createdAt,
updatedAt,
authCode,
} = payload;
if (!email || !smtpConfig?.host) {
logger.warn('Missing email or SMTP config, skipping...');
return;
}
const params = new URLSearchParams({
title: title || '',
message: message || '',
type: type || 'info',
email: email || '',
createdAt: createdAt || new Date(),
updatedAt: updatedAt || new Date(),
authCode: authCode || '',
metadata: JSON.stringify(metadata || {}),
});
const templateUrl = `${baseUrl(urlClient)}/email/notification?${params.toString()}`;
logger.debug('Rendering template...');
logger.trace('Template URL:', templateUrl);
let html = '';
let browser;
try {
browser = await puppeteer.launch({
headless: 'new',
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-features=SameSiteByDefaultCookies',
],
});
const page = await browser.newPage();
page.on('console', (msg) => {
const text = msg.text();
const type = msg.type();
logger.trace(`Puppeteer [${type}]: ${text}`);
});
await page.goto(templateUrl, { waitUntil: 'networkidle0', timeout: 30000 });
await page.waitForSelector('#email-notification-root[data-rendered="true"]', { timeout: 5000 });
// Wait for Ant Design CSS-in-JS to finish injecting styles
logger.debug('Waiting for 1.5 seconds for page to render...');
await new Promise((r) => setTimeout(r, 1500));
html = await page.evaluate(() => {
const root = document.getElementById('email-notification-root');
if (!root) return document.documentElement.outerHTML;
const origin = document.location.origin;
const styleTags = Array.from(document.querySelectorAll('style'))
.map((s) => s.outerHTML)
.join('\n');
const linkTags = Array.from(document.querySelectorAll('link[rel="stylesheet"]'))
.map((link) => {
const href = link.getAttribute('href');
const abs = href?.startsWith('http')
? href
: `${origin}${href?.startsWith('/') ? '' : '/'}${href || ''}`;
return `<link rel="stylesheet" href="${abs}">`;
})
.join('\n');
return `<!DOCTYPE html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">${styleTags}${linkTags}</head><body>${root.outerHTML}</body></html>`;
});
html = await fetchAndInlineStyles(html, urlClient);
} catch (err) {
logger.error('MailWorker: Puppeteer error', err.message);
html = `<div style="font-family:sans-serif;padding:20px"><h2>${title || 'Notification'}</h2><p>${message || ''}</p></div>`;
} finally {
if (browser) await browser.close();
}
const transporter = nodemailer.createTransport({
host: smtpConfig.host,
port: smtpConfig.port || 587,
secure: smtpConfig.secure || false,
auth: smtpConfig.auth?.user ? smtpConfig.auth : undefined,
});
const subject = title ? `${title} - FarmControl` : 'FarmControl Notification';
const mailOptions = {
from: smtpConfig.from || 'FarmControl <noreply@tombutcher.work>',
to: email,
subject: subject,
html,
};
logger.debug('Sending email...');
logger.trace('Mail options:', mailOptions);
const info = await transporter.sendMail(mailOptions);
logger.debug('Email sent successfully.');
}
parentPort.on('message', (payload) => {
sendEmail(payload).catch((err) => {
logger.error('MailWorker: send failed', err.message);
});
});

453
src/services/misc/auth.js
View File

@ -1,4 +1,5 @@
import config from '../../config.js';
import { keycloak } from '../../keycloak.js';
import log4js from 'log4js';
import axios from 'axios';
import { userModel } from '../../database/schemas/management/user.schema.js';
@ -6,20 +7,14 @@ import { readFileSync } from 'fs';
import { resolve } from 'path';
import NodeCache from 'node-cache';
import jwt from 'jsonwebtoken';
import { getAndConsumeEmailRenderTokenData } from './emailRenderAuth.js';
import {
createSession,
getSession,
updateSessionKeycloakTokens,
deleteSession,
} from './sessionStore.js';
const logger = log4js.getLogger('Auth');
logger.level = config.server.logLevel;
// Initialize NodeCache with 5-minute TTL for token-based user lookup (email render tokens)
const tokenUserCache = new NodeCache({ stdTTL: 300 });
// Initialize NodeCache with 5-minute TTL for token-based user lookup
const tokenUserCache = new NodeCache({ stdTTL: 300 }); // 300 seconds = 5 minutes
// Cache event listeners for monitoring
tokenUserCache.on('expired', (key, value) => {
logger.debug(`Token user cache entry expired: ${key.substring(0, 20)}...`);
});
@ -30,24 +25,32 @@ tokenUserCache.on('flush', () => {
const loginTokenRequests = new Map();
// Lookup user by email-render JWT token (short-lived, for Puppeteer)
const lookupUserByEmailRenderToken = async (token) => {
// Token-based user lookup function with caching
const lookupUserByToken = async (token) => {
try {
// Check cache first
const cachedUser = tokenUserCache.get(token);
if (cachedUser) {
logger.trace(`User found in token cache for token: ${token.substring(0, 20)}...`);
return cachedUser;
}
const decodedToken = jwt.verify(token, config.auth.sessionSecret);
// If not in cache, decode token and lookup user
logger.trace(`User not in token cache, decoding token: ${token.substring(0, 20)}...`);
const decodedToken = jwt.decode(token);
if (!decodedToken || !decodedToken.preferred_username) {
logger.trace('Invalid token or missing preferred_username');
return null;
}
// Query database for user
const user = await userModel.findOne({ username: decodedToken.preferred_username });
if (user) {
// Store in cache using token as key
tokenUserCache.set(token, user);
logger.trace(`User stored in token cache for token: ${token.substring(0, 20)}...`);
return user;
}
@ -59,6 +62,7 @@ const lookupUserByEmailRenderToken = async (token) => {
}
};
// Cache management utility functions
const clearTokenUserCache = () => {
tokenUserCache.flushAll();
logger.info('Token user cache cleared');
@ -73,53 +77,66 @@ const removeUserFromTokenCache = (token) => {
logger.debug(`User removed from token cache for token: ${token.substring(0, 20)}...`);
};
// Login handler - redirect to Keycloak
// Login handler
export const loginRouteHandler = (req, res, redirectType = 'web') => {
// Get the redirect URL from form data or default to production overview
const redirectUrl = req.query.redirect_uri || '/production/overview';
// Store the original URL to redirect after login
const authUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/auth`;
const callBackState = `/auth/${redirectType}/callback`;
const callbackUrl = `${config.app.urlApi}${callBackState}`;
const state = encodeURIComponent(redirectUrl);
logger.warn(req.query.redirect_uri);
res.redirect(
`${authUrl}?client_id=${config.auth.keycloak.clientId}&redirect_uri=${callbackUrl}&response_type=code&scope=openid&state=${state}`
);
};
// Fetch user from Keycloak and create/update in database
const fetchAndStoreUser = async (keycloakTokenData) => {
// Function to fetch user from Keycloak and store in database and session
const fetchAndStoreUser = async (req, token) => {
const userInfoUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/userinfo`;
const response = await axios.post(
userInfoUrl,
new URLSearchParams({
client_id: config.auth.keycloak.clientId,
client_secret: config.auth.keycloak.clientSecret,
}),
{
headers: {
Authorization: `Bearer ${keycloakTokenData.access_token}`,
},
}
);
try {
const response = await axios.post(
userInfoUrl,
new URLSearchParams({
client_id: config.auth.keycloak.clientId,
client_secret: config.auth.keycloak.clientSecret,
}),
{
headers: {
Authorization: `Bearer ${token.access_token}`,
},
}
);
const decoded = jwt.decode(keycloakTokenData.access_token);
const roles = decoded?.realm_access?.roles || [];
const userInfo = {
roles: token.realm_access?.roles || [],
username: response.data.preferred_username,
email: response.data.email,
name: response.data.name,
firstName: response.data.given_name,
lastName: response.data.family_name,
};
const userInfo = {
roles,
username: response.data.preferred_username,
email: response.data.email,
name: response.data.name,
firstName: response.data.given_name,
lastName: response.data.family_name,
};
// Create or update user in database
const user = await createOrUpdateUser(userInfo);
const fullUserInfo = { ...userInfo, _id: user._id };
const user = await createOrUpdateUser(userInfo);
return { ...userInfo, _id: user._id };
// Store user info in session
req.session.user = fullUserInfo;
return fullUserInfo;
} catch (error) {
logger.error('Error fetching and storing user:', error);
throw error;
}
};
// Exchange auth code for tokens, create Redis session, return our session token to client
// Function to exchange authorization code for tokens, fetch user, and set session
export const loginTokenRouteHandler = async (req, res, redirectType = 'web') => {
const code = req.query.code;
if (!code) {
@ -127,18 +144,13 @@ export const loginTokenRouteHandler = async (req, res, redirectType = 'web') =>
}
try {
// Check for temporary email render auth code (30s TTL for Puppeteer)
const emailRenderData = getAndConsumeEmailRenderTokenData(code);
if (emailRenderData) {
logger.debug('Exchanged email render auth code for token');
return res.status(200).json(emailRenderData);
}
// If a request for this code is already in progress, wait for it
if (loginTokenRequests.has(code)) {
const tokenData = await loginTokenRequests.get(code);
return res.status(200).json(tokenData);
}
// Otherwise, start the request and store the promise
const tokenPromise = (async () => {
const callBackState = `/auth/${redirectType}/callback`;
const callbackUrl = `${config.app.urlApi}${callBackState}`;
@ -159,41 +171,35 @@ export const loginTokenRouteHandler = async (req, res, redirectType = 'web') =>
},
}
);
const keycloakTokenData = {
const tokenData = {
access_token: response.data.access_token,
refresh_token: response.data.refresh_token,
id_token: response.data.id_token,
expires_at: new Date().getTime() + response.data.expires_in * 1000,
};
const userData = await fetchAndStoreUser(keycloakTokenData);
req.session['keycloak-token'] = tokenData;
// Fetch and store user data, set session
const userData = await fetchAndStoreUser(req, tokenData);
const userAndTokenData = { ...tokenData, ...userData };
// Create Redis session with our own token
const { sessionToken, expiresAt } = await createSession({
user: userData,
keycloakTokens: keycloakTokenData,
});
// Return our session token to client (UI expects access_token, expires_at, user)
return {
access_token: sessionToken,
expires_at: expiresAt,
...userData,
};
return userAndTokenData;
})();
loginTokenRequests.set(code, tokenPromise);
const userAndTokenData = await tokenPromise;
res.status(200).json(userAndTokenData);
} catch (err) {
const error = err?.response?.data?.error_description || err.message;
res.status(err?.response?.status || 500).json({ error: error });
var error = err?.response?.data?.error_description || err.message;
res.status(err?.status || 500).json({ error: error });
}
};
// Login callback - redirect to client with auth code
// Login callback handler
export const loginCallbackRouteHandler = async (req, res, redirectType = 'web') => {
// Don't use keycloak.protect() here as it expects an already authenticated session
// Extract the code and state from the query parameters
const code = req.query.code;
const state = req.query.state || '/production/overview';
@ -201,7 +207,7 @@ export const loginCallbackRouteHandler = async (req, res, redirectType = 'web')
return res.status(400).send('Authorization code missing');
}
let appUrl;
var appUrl;
switch (redirectType) {
case 'web':
appUrl = config.app.urlClient;
@ -216,37 +222,45 @@ export const loginCallbackRouteHandler = async (req, res, redirectType = 'web')
appUrl = config.app.urlClient;
break;
}
const redirectUriRaw = `${appUrl}${state}`;
let redirectUri;
try {
// Try to parse as a URL (works for http/https)
const url = new URL(redirectUriRaw);
url.searchParams.set('authCode', code);
redirectUri = url.toString();
} catch (e) {
// Fallback for custom schemes (e.g., farmcontrol://app)
if (redirectUriRaw.includes('?')) {
redirectUri = `${redirectUriRaw}&authCode=${encodeURIComponent(code)}`;
} else {
redirectUri = `${redirectUriRaw}?authCode=${encodeURIComponent(code)}`;
}
}
if (redirectType === 'app-scheme') {
const templatePath = resolve(process.cwd(), 'src/services/misc/applaunch.html');
let html = readFileSync(templatePath, 'utf8');
html = html.replace('__REDIRECT_URI__', redirectUri);
res.send(html);
} else {
res.redirect(redirectUri);
}
// Save session and redirect to the original URL
req.session.save(async () => {
if (redirectType == 'app-scheme') {
// Read HTML template and inject redirectUri
const templatePath = resolve(process.cwd(), 'src/services/misc/applaunch.html');
let html = readFileSync(templatePath, 'utf8');
html = html.replace('__REDIRECT_URI__', redirectUri);
res.send(html);
} else {
res.redirect(redirectUri);
}
});
};
// Function to create or update user
const createOrUpdateUser = async (userInfo) => {
try {
const { username, email, name, firstName, lastName } = userInfo;
// Find existing user by username
const existingUser = await userModel.findOne({ username });
if (existingUser) {
// Check if any values have changed
const hasChanges =
existingUser.email !== email ||
existingUser.name !== name ||
@ -254,32 +268,35 @@ const createOrUpdateUser = async (userInfo) => {
existingUser.lastName !== lastName;
if (hasChanges) {
await userModel.updateOne(
{ username },
{
$set: {
email,
name,
firstName,
lastName,
updatedAt: new Date(),
},
}
);
// Update existing user only if there are changes
const updateData = {
email,
name,
firstName,
lastName,
updatedAt: new Date(),
};
await userModel.updateOne({ username }, { $set: updateData });
// Fetch the updated user to return
return await userModel.findOne({ username });
}
return existingUser;
}
const newUser = new userModel({
username,
email,
name,
firstName,
lastName,
});
await newUser.save();
return newUser;
return existingUser;
} else {
// Create new user
const newUser = new userModel({
username,
email,
name,
firstName,
lastName,
});
await newUser.save();
return newUser;
}
} catch (error) {
logger.error('Error creating/updating user:', error);
throw error;
@ -287,98 +304,65 @@ const createOrUpdateUser = async (userInfo) => {
};
export const userRouteHandler = (req, res) => {
if (req.user) {
const authHeader = req.headers.authorization || req.headers.Authorization;
const token = authHeader?.startsWith('Bearer ') ? authHeader.substring(7) : null;
return res.json({
access_token: token,
expires_at: req.session?.expiresAt,
user: req.user,
});
if (req.session && req.session.user) {
res.json(req.session.user);
} else {
res.status(401).json({ error: 'Not authenticated' });
}
res.status(401).json({ error: 'Not authenticated' });
};
// Logout - delete session from Redis, redirect to Keycloak logout
export const logoutRouteHandler = async (req, res) => {
// Logout handler
export const logoutRouteHandler = (req, res) => {
// Get the redirect URL from query or default to login page
const redirectUrl = req.query.redirect_uri || '/login';
const authHeader = req.headers.authorization || req.headers.Authorization;
if (authHeader && authHeader.startsWith('Bearer ')) {
const token = authHeader.substring(7);
try {
await deleteSession(token);
} catch (err) {
logger.error('Error deleting session:', err);
// Destroy the session
req.session.destroy((err) => {
if (err) {
logger.error('Error destroying session:', err);
return res.status(500).json({ error: 'Failed to logout' });
}
}
const logoutUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/logout`;
const encodedRedirectUri = encodeURIComponent(`${config.app.urlClient}${redirectUrl}`);
// Construct the Keycloak logout URL with the redirect URI
const logoutUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/logout`;
const encodedRedirectUri = encodeURIComponent(`${config.app.urlClient}${redirectUrl}`);
res.redirect(
`${logoutUrl}?client_id=${config.auth.keycloak.clientId}&post_logout_redirect_uri=${encodedRedirectUri}`
);
// Redirect to Keycloak logout with the redirect URI
res.redirect(
`${logoutUrl}?client_id=${config.auth.keycloak.clientId}&post_logout_redirect_uri=${encodedRedirectUri}`
);
});
};
// Middleware: require valid session token
export const validateTokenMiddleware = async (req, res, next) => {
const authHeader = req.headers.authorization || req.headers.Authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
logger.debug('No auth header or not bearer token');
return res.status(401).json({ error: 'Not authenticated', code: 'UNAUTHORIZED' });
}
// Token validation - protected route middleware
export const validateTokenMiddleware = keycloak.protect();
const token = authHeader.substring(7);
const session = await getSession(token);
if (!session) {
logger.debug('Session not found');
return res.status(401).json({ error: 'Session invalid or expired', code: 'UNAUTHORIZED' });
}
req.user = session.user;
req.session = session;
next();
};
// Middleware: require specific role
// Check if user has a specific role
export const hasRole = (role) => {
return async (req, res, next) => {
const authHeader = req.headers.authorization || req.headers.Authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Not authenticated', code: 'UNAUTHORIZED' });
}
const token = authHeader.substring(7);
const session = await getSession(token);
if (!session) {
return res.status(401).json({ error: 'Session invalid or expired', code: 'UNAUTHORIZED' });
}
const roles = session.user?.roles || [];
if (!roles.includes(role)) {
return res.status(403).json({ error: 'Forbidden', code: 'FORBIDDEN' });
}
req.user = session.user;
req.session = session;
next();
};
return keycloak.protect((token) => {
return token && token.hasRole(role);
});
};
// Get user info from the token
export const getUserInfoHandler = (req, res) => {
if (req.user) {
if (req.kauth && req.kauth.grant) {
const token = req.kauth.grant.access_token;
const userInfo = {
id: req.user._id,
email: req.user.email,
name: req.user.name || `${req.user.firstName || ''} ${req.user.lastName || ''}`.trim(),
roles: req.user.roles || [],
id: token.content.sub,
email: token.content.email,
name:
token.content.name ||
`${token.content.given_name || ''} ${token.content.family_name || ''}`.trim(),
roles: token.content.realm_access?.roles || [],
};
return res.json(userInfo);
}
res.status(401).json({ error: 'Not authenticated' });
return res.status(401).json({ error: 'Not authenticated' });
};
// Register route - Since we're using Keycloak, registration should be handled there
// This endpoint will redirect to Keycloak's registration page
export const registerRouteHandler = (req, res) => {
const registrationUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/registrations`;
const redirectUri = encodeURIComponent(config.app.urlClient + '/auth/login');
@ -388,7 +372,8 @@ export const registerRouteHandler = (req, res) => {
);
};
export const forgotPasswordRouteHandler = (req, res, _email) => {
// Forgot password handler - redirect to Keycloak's reset password page
export const forgotPasswordRouteHandler = (req, res) => {
const resetUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/login-actions/reset-credentials`;
const redirectUri = encodeURIComponent(config.app.urlClient + '/auth/login');
@ -397,80 +382,76 @@ export const forgotPasswordRouteHandler = (req, res, _email) => {
);
};
// Refresh token - use Bearer token to find session, refresh via Keycloak, update Redis
export const refreshTokenRouteHandler = async (req, res) => {
const authHeader = req.headers.authorization || req.headers.Authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({ error: 'No session token provided' });
}
const sessionToken = authHeader.substring(7);
const session = await getSession(sessionToken);
if (!session || !session.keycloakTokens?.refresh_token) {
// Refresh token handler
export const refreshTokenRouteHandler = (req, res) => {
if (
!req.session ||
!req.session['keycloak-token'] ||
!req.session['keycloak-token'].refresh_token
) {
return res.status(401).json({ error: 'No refresh token available' });
}
const refreshToken = req.session['keycloak-token'].refresh_token;
const tokenUrl = `${config.auth.keycloak.url}/realms/${config.auth.keycloak.realm}/protocol/openid-connect/token`;
try {
const response = await axios.post(
axios
.post(
tokenUrl,
new URLSearchParams({
grant_type: 'refresh_token',
client_id: config.auth.keycloak.clientId,
client_secret: config.auth.keycloak.clientSecret,
refresh_token: session.keycloakTokens.refresh_token,
refresh_token: refreshToken,
}).toString(),
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
}
);
)
.then((response) => {
// Update session with new tokens
req.session['keycloak-token'] = {
...req.session['keycloak-token'],
access_token: response.data.access_token,
refresh_token: response.data.refresh_token,
expires_at: new Date().getTime() + response.data.expires_in * 1000,
};
const keycloakTokenData = {
access_token: response.data.access_token,
refresh_token: response.data.refresh_token,
id_token: response.data.id_token,
expires_at: new Date().getTime() + response.data.expires_in * 1000,
};
// Save session and return new token info
req.session.save(() => {
res.json({
access_token: response.data.access_token,
expires_at: req.session['keycloak-token'].expires_at,
});
});
})
.catch((error) => {
logger.error('Token refresh error:', error.response?.data || error.message);
await updateSessionKeycloakTokens(sessionToken, keycloakTokenData);
// If refresh token is invalid, clear the session
if (error.response?.status === 400) {
req.session.destroy();
}
res.json({
access_token: sessionToken,
expires_at: keycloakTokenData.expires_at,
res.status(500).json({ error: 'Failed to refresh token' });
});
} catch (error) {
logger.error('Token refresh error:', error.response?.data || error.message);
if (error.response?.status === 400) {
await deleteSession(sessionToken);
}
res.status(500).json({ error: 'Failed to refresh token' });
}
};
// Middleware to populate req.user from Bearer token (Redis session or email-render JWT)
// Middleware to populate req.user from session or token
export const populateUserMiddleware = async (req, res, next) => {
const authHeader = req.headers.authorization || req.headers.Authorization;
if (authHeader && authHeader.startsWith('Bearer ')) {
const token = authHeader.substring(7);
try {
// 1. Try Redis session first
const session = await getSession(token);
if (session) {
req.user = session.user;
req.session = session;
return next();
}
// 2. Try email-render JWT (short-lived)
const user = await lookupUserByEmailRenderToken(token);
// Use token-based cache to lookup user
const user = await lookupUserByToken(token);
if (user) {
req.user = user;
// Also set session user for compatibility
req.session.user = user;
return next();
}
} catch (error) {
@ -478,14 +459,40 @@ export const populateUserMiddleware = async (req, res, next) => {
}
}
req.user = null;
// Fallback to session-based authentication
if (req.session && req.session.user) {
req.user = req.session.user;
} else {
req.user = null;
}
next();
};
export {
lookupUserByEmailRenderToken as lookupUserByToken,
clearTokenUserCache,
getTokenUserCacheStats,
removeUserFromTokenCache,
getSession,
};
// Export cache management functions
export { lookupUserByToken, clearTokenUserCache, getTokenUserCacheStats, removeUserFromTokenCache };
// Example of how to set up your routes in Express
/*
import express from "express";
const app = express();
// Apply session middleware
app.use(sessionMiddleware);
// Initialize Keycloak middleware
app.use(keycloak.middleware());
// Set up routes
app.get('/auth/login', loginRouteHandler);
app.get('/auth/logout', logoutRouteHandler);
app.get('/auth/register', registerRouteHandler);
app.get('/auth/forgot-password', forgotPasswordRouteHandler);
// Protected route example
app.get('/api/profile', validateTokenMiddleware, getUserInfoHandler);
// Admin-only route example
app.get('/api/admin', hasRole('admin'), (req, res) => {
res.json({ message: 'Admin access granted' });
});
*/

58
src/services/misc/emailRenderAuth.js
View File

@ -1,58 +0,0 @@
/**
* Temporary 30-second auth for email render (Puppeteer).
* Isolated from auth.js to avoid circular dependency with utils.js -> auth.js -> keycloak.js -> database.js -> utils.js
*/
import config from '../../config.js';
import crypto from 'crypto';
import jwt from 'jsonwebtoken';
import NodeCache from 'node-cache';
import log4js from 'log4js';
const logger = log4js.getLogger('EmailRenderAuth');
logger.level = config.server?.logLevel || 'info';
const EMAIL_RENDER_TTL = 30;
const emailRenderAuthCache = new NodeCache({ stdTTL: EMAIL_RENDER_TTL });
/**
* Creates a temporary auth code for email render (Puppeteer) with 30-second TTL.
* The UI exchanges this code via getLoginToken to establish a brief session for rendering.
* @param {Object} userDoc - User document (must have username, email, _id, etc.)
* @returns {string} authCode to pass in URL query params
*/
export const createEmailRenderAuthCode = (userDoc) => {
const authCode = crypto.randomBytes(32).toString('hex');
const expiresAt = Date.now() + EMAIL_RENDER_TTL * 1000;
const accessToken = jwt.sign(
{ preferred_username: userDoc.username },
config.auth.sessionSecret,
{ expiresIn: EMAIL_RENDER_TTL }
);
const tokenData = {
access_token: accessToken,
expires_at: expiresAt,
_id: userDoc._id,
username: userDoc.username,
email: userDoc.email,
name: userDoc.name,
firstName: userDoc.firstName,
lastName: userDoc.lastName,
};
emailRenderAuthCache.set(authCode, tokenData);
logger.debug(`Created email render auth code (TTL ${EMAIL_RENDER_TTL}s) for user ${userDoc.username}`);
return authCode;
};
/**
* Exchanges an email render auth code for token data. Consumes the code (one-time use).
* @param {string} code - The auth code from URL query
* @returns {Object|null} Token data or null if invalid/expired
*/
export const getAndConsumeEmailRenderTokenData = (code) => {
const data = emailRenderAuthCache.get(code);
if (data) {
emailRenderAuthCache.del(code);
return data;
}
return null;
};

4
src/services/misc/notes.js
View File

@ -13,7 +13,6 @@ import {
getModelHistory,
} from '../../database/database.js';
import mongoose from 'mongoose';
import { newNoteNotification } from '../../utils.js';
const logger = log4js.getLogger('Notes');
logger.level = config.server.logLevel;
@ -128,9 +127,6 @@ export const newNoteRouteHandler = async (req, res) => {
newData,
user: req.user,
});
await newNoteNotification({ ...result, ...newData }, req.user);
if (result.error) {
logger.error('No note created:', result.error);
return res.status(result.code).send(result);

127
src/services/misc/sessionStore.js
View File

@ -1,127 +0,0 @@
/**
* Redis-backed session store.
* Sessions are created after Keycloak authentication. We generate our own session tokens
* and use Redis as the source of truth. Keycloak tokens are stored for refresh.
*/
import crypto from 'crypto';
import log4js from 'log4js';
import config from '../../config.js';
import { redisServer } from '../../database/redis.js';
const logger = log4js.getLogger('SessionStore');
logger.level = config.server.logLevel;
const SESSION_KEY_PREFIX = 'session:';
/**
* Generate a cryptographically secure session token
*/
function generateSessionToken() {
return crypto.randomBytes(32).toString('hex');
}
/**
* Get TTL in seconds from expiresAt timestamp
*/
function getTtlSeconds(expiresAt) {
const now = Date.now();
const ttlMs = expiresAt - now;
return Math.max(Math.ceil(ttlMs / 1000), 60); // minimum 60 seconds
}
/**
* Create a new session in Redis after Keycloak authentication
* @param {Object} params
* @param {Object} params.user - User object (from createOrUpdateUser)
* @param {Object} params.keycloakTokens - { access_token, refresh_token, id_token, expires_at }
* @returns {{ sessionToken: string, expiresAt: number }}
*/
export async function createSession({ user, keycloakTokens }) {
const sessionToken = generateSessionToken();
const expiresAt = keycloakTokens.expires_at;
const sessionData = {
sessionToken,
user: userToSessionUser(user),
keycloakTokens: {
access_token: keycloakTokens.access_token,
refresh_token: keycloakTokens.refresh_token,
id_token: keycloakTokens.id_token,
expires_at: keycloakTokens.expires_at,
},
expiresAt,
};
const key = SESSION_KEY_PREFIX + sessionToken;
const ttlSeconds = getTtlSeconds(expiresAt);
await redisServer.setKey(key, sessionData, ttlSeconds);
logger.debug(`Created session for user ${user.username}, expires in ${ttlSeconds}s`);
return { sessionToken, expiresAt };
}
/**
* Get session by token. Returns null if not found or expired.
*/
export async function getSession(sessionToken) {
if (!sessionToken) return null;
const key = SESSION_KEY_PREFIX + sessionToken;
const session = await redisServer.getKey(key);
if (!session) return null;
if (session.expiresAt && session.expiresAt <= Date.now()) {
await redisServer.deleteKey(key);
return null;
}
return session;
}
/**
* Update session with new Keycloak tokens (after refresh)
*/
export async function updateSessionKeycloakTokens(sessionToken, keycloakTokens) {
const session = await getSession(sessionToken);
if (!session) return null;
const updatedSession = {
...session,
keycloakTokens: {
access_token: keycloakTokens.access_token,
refresh_token: keycloakTokens.refresh_token,
id_token: keycloakTokens.id_token || session.keycloakTokens?.id_token,
expires_at: keycloakTokens.expires_at,
},
expiresAt: keycloakTokens.expires_at,
};
const key = SESSION_KEY_PREFIX + sessionToken;
const ttlSeconds = getTtlSeconds(keycloakTokens.expires_at);
await redisServer.setKey(key, updatedSession, ttlSeconds);
return updatedSession;
}
/**
* Delete a session (logout)
*/
export async function deleteSession(sessionToken) {
if (!sessionToken) return;
const key = SESSION_KEY_PREFIX + sessionToken;
await redisServer.deleteKey(key);
logger.debug(`Deleted session for token ${sessionToken.substring(0, 12)}...`);
}
/**
* Normalize user object for session storage (ensure _id is serializable for Redis)
*/
function userToSessionUser(user) {
if (!user) return null;
const u = { ...user };
if (u._id && typeof u._id === 'object' && u._id.toString) {
u._id = u._id;
}
return JSON.parse(JSON.stringify(u));
}

120
src/utils.js
View File

@ -2,7 +2,6 @@ import { mongoose } from 'mongoose';
import { auditLogModel } from './database/schemas/management/auditlog.schema.js';
import { notificationModel } from './database/schemas/misc/notification.schema.js';
import { userNotifierModel } from './database/schemas/misc/usernotifier.schema.js';
import { userModel } from './database/schemas/management/user.schema.js';
import exifr from 'exifr';
import { natsServer } from './database/nats.js';
import log4js from 'log4js';
@ -10,12 +9,6 @@ import config from './config.js';
import crypto from 'crypto';
import canonicalize from 'canonical-json';
import { getModelByName } from './services/misc/model.js';
import { createEmailRenderAuthCode } from './services/misc/emailRenderAuth.js';
import { Worker } from 'worker_threads';
import path from 'path';
import { fileURLToPath } from 'url';
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const logger = log4js.getLogger('Utils');
logger.level = config.server.logLevel;
@ -434,12 +427,8 @@ async function editNotification(oldValue, newValue, parentId, parentType, user)
old: changedOldValues,
new: changedNewValues,
objectType: parentType,
object: { _id: String(parentId ?? '') },
user: {
_id: String(user?._id ?? ''),
firstName: user.firstName,
lastName: user.lastName,
},
object: { _id: parentId },
user: { _id: user._id, firstName: user.firstName, lastName: user.lastName },
}
);
}
@ -465,7 +454,7 @@ async function deleteAuditLog(deleteValue, parentId, parentType, user) {
async function deleteNotification(object, parentId, parentType, user) {
const model = getModelByName(parentType);
const objectName = object?.name || model?.label || parentType;
const objectName = oldValue?.name ?? newValue?.name ?? model?.label ?? parentType;
await notfiyObjectUserNotifiers(
parentId,
parentType,
@ -481,28 +470,6 @@ async function deleteNotification(object, parentId, parentType, user) {
);
}
async function newNoteNotification(note, user) {
const model = getModelByName(note.parentType);
const objectName = model?.label ?? note.parentType;
await notfiyObjectUserNotifiers(
note.parent,
note.parentType,
`New note added to ${objectName.toLowerCase()} by ${user?.firstName ?? 'unknown'} ${user?.lastName ?? ''}`,
`A new note has been created.`,
'newNote',
{
objectType: note.parentType,
object: { _id: String(note.parent ?? '') },
note: note,
user: {
_id: String(user?._id ?? ''),
firstName: user?.firstName,
lastName: user?.lastName,
},
}
);
}
async function getAuditLogs(idOrIds) {
if (Array.isArray(idOrIds)) {
return auditLogModel.find({ parent: { $in: idOrIds } }).populate('owner');
@ -585,11 +552,6 @@ async function notfiyObjectUserNotifiers(id, objectType, title, message, type =
const userNotifiers = await userNotifierModel.find({ object: id, objectType: objectType });
for (const userNotifier of userNotifiers) {
await createNotification(userNotifier.user._id, title, message, type, metadata);
console.log('userNotifier.email', userNotifier.email);
if (userNotifier.email == true) {
console.log('sending email');
await sendEmailNotification(userNotifier.user, title, message, type, metadata);
}
}
}
@ -607,79 +569,6 @@ async function createNotification(user, title, message, type = 'info', metadata)
return notification;
}
let mailWorker = null;
function getMailWorker() {
if (!mailWorker) {
const workerPath = path.join(__dirname, 'mailworker.js');
mailWorker = new Worker(workerPath);
mailWorker.on('error', (err) => logger.error('MailWorker error:', err));
mailWorker.on('exit', (code) => {
if (code !== 0) logger.warn('MailWorker exited with code', code);
mailWorker = null;
});
}
return mailWorker;
}
/**
* Sends an email notification asynchronously via a worker thread.
* Renders a React template on the urlClient, captures HTML with Puppeteer, and emails the user.
* Accepts the same input as createNotification: user, title, message, type, metadata.
* Returns immediately; does not wait for the email to be sent.
* @param {ObjectId|Object} user - User ID or user object (must have email)
* @param {string} title - Notification title
* @param {string} message - Notification message
* @param {string} type - Notification type (info, editObject, deleteObject, error, success)
* @param {Object} metadata - Optional metadata object
*/
async function sendEmailNotification(user, title, message, type = 'info', metadata) {
let userDoc = user;
if (user && (mongoose.Types.ObjectId.isValid(user) || user._id)) {
const userId = user._id || user;
userDoc = await userModel.findById(userId).lean();
}
if (!userDoc?.email) {
logger.warn('sendEmailNotification: no email for user', user);
return null;
}
const smtpConfig = config.smtp;
if (!smtpConfig?.host) {
logger.warn('sendEmailNotification: SMTP not configured, skipping email');
return null;
}
const urlClient = config.app?.urlClient || 'http://localhost:3000';
const authCode = createEmailRenderAuthCode(userDoc);
const payload = {
email: userDoc.email,
title,
message,
type,
metadata: metadata || {},
createdAt: new Date(),
updatedAt: new Date(),
authCode,
smtpConfig: {
host: smtpConfig.host,
port: smtpConfig.port || 587,
secure: smtpConfig.secure || false,
auth: smtpConfig.auth?.user ? smtpConfig.auth : undefined,
from: smtpConfig.from || 'FarmControl <noreply@farmcontrol.app>',
},
urlClient,
};
try {
getMailWorker().postMessage(payload);
} catch (err) {
logger.error('sendEmailNotification: failed to post to worker', err.message);
}
return null;
}
function flatternObjectIds(object) {
if (!object || typeof object !== 'object') {
return object;
@ -901,7 +790,6 @@ export {
getAuditLogs,
flatternObjectIds,
expandObjectIds,
newNoteNotification,
distributeUpdate,
distributeStats,
distributeNew,
@ -910,8 +798,6 @@ export {
distributeChildDelete,
distributeChildNew,
notfiyObjectUserNotifiers,
createNotification,
sendEmailNotification,
getFilter, // <-- add here
convertPropertiesString,
getFileMeta,