datasquirel/users/reauth-user.js

// @ts-check

/**
 * ==============================================================================
 * Imports
 * ==============================================================================
 */
const http = require("http");
const https = require("https");
const fs = require("fs");
const path = require("path");
const encrypt = require("../package-shared/functions/dsql/encrypt");

const userAuth = require("./user-auth");
const grabHostNames = require("../package-shared/utils/grab-host-names");
const apiReauthUser = require("../package-shared/functions/api/users/api-reauth-user");
const {
    writeAuthFile,
    deleteAuthFile,
} = require("../package-shared/functions/backend/auth/write-auth-files");
const getAuthCookieNames = require("../package-shared/functions/backend/cookies/get-auth-cookie-names");

/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */

/**
 * ==============================================================================
 * Main Function
 * ==============================================================================
 * @async
 *
 * @param {object} params - Single Param object containing params
 * @param {String} [params.key] - API Key
 * @param {String} [params.database]- Target Database slug
 * @param {http.ServerResponse} [params.response] - Http response object
 * @param {http.IncomingMessage} [params.request] - Http request object
 * @param {("deep" | "normal")} [params.level] - Authentication level
 * @param {String} [params.encryptionKey] - Encryption Key
 * @param {String} [params.encryptionSalt] - Encryption Salt
 *  @param {string[]} [params.additionalFields] - Additional Fields to be added to the user object
 * @param {string} [params.encryptedUserString] - encrypted user string to use instead of getting from cookie header
 * @param {string | number} [params.user_id] - User ID
 * @param {boolean} [params.useLocal]
 *
 * @returns { Promise<import("../package-shared/types").APILoginFunctionReturn> }
 */
async function reauthUser({
    key,
    database,
    response,
    request,
    level,
    encryptionKey,
    encryptionSalt,
    additionalFields,
    encryptedUserString,
    user_id,
    useLocal,
}) {
    /**
     * Check Encryption Keys
     *
     * @description Check Encryption Keys
     */
    const grabedHostNames = grabHostNames();
    const { host, port, scheme } = grabedHostNames;

    const finalEncryptionKey =
        encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
    const finalEncryptionSalt =
        encryptionSalt || process.env.DSQL_ENCRYPTION_SALT;

    const existingUser = userAuth({
        database,
        encryptionKey: finalEncryptionKey,
        encryptionSalt: finalEncryptionSalt,
        level,
        request,
        encryptedUserString,
    });

    if (!existingUser?.payload?.id) {
        return {
            success: false,
            payload: null,
            msg: "Cookie Credentials Invalid",
        };
    }

    /**
     * Initialize HTTP response variable
     */
    let httpResponse;

    /**
     * Check for local DB settings
     *
     * @description Look for local db settings in `.env` file and by pass the http request if available
     */
    const { DSQL_DB_HOST, DSQL_DB_USERNAME, DSQL_DB_PASSWORD, DSQL_DB_NAME } =
        process.env;

    if (
        DSQL_DB_HOST?.match(/./) &&
        DSQL_DB_USERNAME?.match(/./) &&
        DSQL_DB_PASSWORD?.match(/./) &&
        DSQL_DB_NAME?.match(/./) &&
        useLocal
    ) {
        /** @type {import("../package-shared/types").DSQL_DatabaseSchemaType | undefined} */
        let dbSchema;

        try {
            const localDbSchemaPath = path.resolve(
                process.cwd(),
                "dsql.schema.json"
            );
            dbSchema = JSON.parse(fs.readFileSync(localDbSchemaPath, "utf8"));
        } catch (error) {}

        httpResponse = await apiReauthUser({
            existingUser: existingUser.payload,
            additionalFields,
            useLocal,
        });
    } else {
        /**
         * Make https request
         *
         * @description make a request to datasquirel.com
         */
        httpResponse = await new Promise((resolve, reject) => {
            const reqPayload = JSON.stringify({
                existingUser: existingUser.payload,
                database,
                additionalFields,
            });

            const httpsRequest = scheme.request(
                {
                    method: "POST",
                    headers: {
                        "Content-Type": "application/json",
                        "Content-Length": Buffer.from(reqPayload).length,
                        Authorization:
                            key ||
                            process.env.DSQL_FULL_ACCESS_API_KEY ||
                            process.env.DSQL_API_KEY,
                    },
                    port,
                    hostname: host,
                    path: `/api/user/${
                        user_id || grabedHostNames.user_id
                    }/reauth-user`,
                },

                /**
                 * Callback Function
                 *
                 * @description https request callback
                 */
                (response) => {
                    var str = "";

                    response.on("data", function (chunk) {
                        str += chunk;
                    });

                    response.on("end", function () {
                        resolve(JSON.parse(str));
                    });

                    response.on("error", (err) => {
                        reject(err);
                    });
                }
            );

            httpsRequest.write(reqPayload);
            httpsRequest.end();
        });
    }

    /** ********************************************** */
    /** ********************************************** */
    /** ********************************************** */

    /**
     * Make https request
     *
     * @description make a request to datasquirel.com
     */
    if (httpResponse?.success) {
        let encryptedPayload = encrypt({
            data: JSON.stringify(httpResponse.payload),
            encryptionKey: finalEncryptionKey,
            encryptionSalt: finalEncryptionSalt,
        });

        const cookieNames = getAuthCookieNames({
            database,
            userId: user_id || grabedHostNames.user_id,
        });

        httpResponse["cookieNames"] = cookieNames;
        httpResponse["key"] = String(encryptedPayload);

        const authKeyName = cookieNames.keyCookieName;
        const csrfName = cookieNames.csrfCookieName;

        response?.setHeader("Set-Cookie", [
            `${authKeyName}=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`,
            `${csrfName}=${httpResponse.payload?.csrf_k};samesite=strict;path=/;HttpOnly=true`,
        ]);

        if (httpResponse.csrf) {
            deleteAuthFile(String(existingUser.payload.csrf_k));
            writeAuthFile(
                httpResponse.csrf,
                JSON.stringify(httpResponse.payload)
            );
        }
    }

    /** ********************************************** */
    /** ********************************************** */
    /** ********************************************** */

    return httpResponse;
}

/** ********************************************** */
/** ********************************************** */
/** ********************************************** */

module.exports = reauthUser;