// @ts-check /** * ============================================================================== * Imports * ============================================================================== */ const http = require("http"); const https = require("https"); const fs = require("fs"); const path = require("path"); const encrypt = require("../package-shared/functions/dsql/encrypt"); const grabHostNames = require("../package-shared/utils/grab-host-names"); const apiLoginUser = require("../package-shared/functions/api/users/api-login"); const getAuthCookieNames = require("../package-shared/functions/backend/cookies/get-auth-cookie-names"); const { writeAuthFile, } = require("../package-shared/functions/backend/auth/write-auth-files"); /** * Login A user * ============================================================================== * @async * * @param {object} params - Single Param object containing params * @param {String} [params.key] - FULL ACCESS API Key * @param {String} params.database - Target Database * @param {{ * email?: string, * username?: string, * password?: string, * }} params.payload Login Email/Username and Password * @param {string[]} [params.additionalFields] - Additional Fields to be added to the user object * @param {http.ServerResponse & Object} [params.response] - Http response object * @param {String} [params.encryptionKey] - Encryption Key * @param {String} [params.encryptionSalt] - Encryption Salt * @param {boolean} [params.email_login] - Email only Login * @param {string} [params.email_login_code] - Email login code * @param {string} [params.temp_code_field] - Database table field name for temporary code * @param {boolean} [params.token] - Send access key as part of response body? * @param {string | number} [params.user_id] - User ID * @param {boolean} [params.skipPassword] * @param {boolean} [params.useLocal] * @param {string | number} [params.apiUserID] - Required for setting of cookies * * @returns { Promise} */ async function loginUser({ key, payload, database, additionalFields, response, encryptionKey, encryptionSalt, email_login, email_login_code, temp_code_field, token, user_id, skipPassword, useLocal, apiUserID, }) { const grabedHostNames = grabHostNames(); const { host, port, scheme } = grabedHostNames; const defaultTempLoginFieldName = "temp_login_code"; const emailLoginTempCodeFieldName = email_login ? temp_code_field ? temp_code_field : defaultTempLoginFieldName : undefined; const finalEncryptionKey = encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD; const finalEncryptionSalt = encryptionSalt || process.env.DSQL_ENCRYPTION_SALT; if (!finalEncryptionKey?.match(/.{8,}/)) { console.log("Encryption key is invalid"); return { success: false, payload: null, msg: "Encryption key is invalid", }; } if (!finalEncryptionSalt?.match(/.{8,}/)) { console.log("Encryption salt is invalid"); return { success: false, payload: null, msg: "Encryption salt is invalid", }; } /** * Check required fields * * @description Check required fields */ if (!payload.email) { return { success: false, payload: null, msg: "Email Required", }; } /** * Initialize HTTP response variable */ /** @type {import("../package-shared/types").APILoginFunctionReturn} */ let httpResponse = { success: false, }; /** * Check for local DB settings * * @description Look for local db settings in `.env` file and by pass the http request if available */ const { DSQL_DB_HOST, DSQL_DB_USERNAME, DSQL_DB_PASSWORD, DSQL_DB_NAME } = process.env; if ( DSQL_DB_HOST?.match(/./) && DSQL_DB_USERNAME?.match(/./) && DSQL_DB_PASSWORD?.match(/./) && DSQL_DB_NAME?.match(/./) && useLocal ) { /** @type {import("../package-shared/types").DSQL_DatabaseSchemaType | undefined} */ let dbSchema; try { const localDbSchemaPath = path.resolve( process.cwd(), "dsql.schema.json" ); dbSchema = JSON.parse(fs.readFileSync(localDbSchemaPath, "utf8")); } catch (error) {} httpResponse = await apiLoginUser({ database: process.env.DSQL_DB_NAME || "", email: payload.email, username: payload.username, password: payload.password, skipPassword, encryptionKey: finalEncryptionKey, additionalFields, email_login, email_login_code, email_login_field: emailLoginTempCodeFieldName, token, useLocal, }); } else { /** * Make https request * * @description make a request to datasquirel.com * * @type {{ success: boolean, payload: import("../package-shared/types").DATASQUIREL_LoggedInUser | null, userId?: number, msg?: string }} */ httpResponse = await new Promise((resolve, reject) => { /** @type {import("../package-shared/types").PackageUserLoginRequestBody} */ const reqPayload = { encryptionKey: finalEncryptionKey, payload, database, additionalFields, email_login, email_login_code, email_login_field: emailLoginTempCodeFieldName, token, skipPassword: skipPassword, }; const reqPayloadJSON = JSON.stringify(reqPayload); const httpsRequest = scheme.request( { method: "POST", headers: { "Content-Type": "application/json", "Content-Length": Buffer.from(reqPayloadJSON).length, Authorization: key || process.env.DSQL_FULL_ACCESS_API_KEY || process.env.DSQL_API_KEY, }, port, hostname: host, path: `/api/user/${ user_id || grabedHostNames.user_id }/login-user`, }, /** * Callback Function * * @description https request callback */ (res) => { var str = ""; res.on("data", function (chunk) { str += chunk; }); res.on("end", function () { resolve(JSON.parse(str)); }); res.on("error", (err) => { reject(err); }); } ); httpsRequest.write(reqPayloadJSON); httpsRequest.end(); }); } /** * Make https request * * @description make a request to datasquirel.com */ if (httpResponse?.success) { let encryptedPayload = encrypt({ data: JSON.stringify(httpResponse.payload), encryptionKey: finalEncryptionKey, encryptionSalt: finalEncryptionSalt, }); try { if (token && encryptedPayload) httpResponse["token"] = encryptedPayload; } catch (error) {} const cookieNames = getAuthCookieNames({ database, userId: apiUserID || user_id || grabedHostNames.user_id, }); if (httpResponse.csrf) { writeAuthFile( httpResponse.csrf, JSON.stringify(httpResponse.payload) ); } httpResponse["cookieNames"] = cookieNames; httpResponse["key"] = String(encryptedPayload); const authKeyName = cookieNames.keyCookieName; const csrfName = cookieNames.csrfCookieName; response?.setHeader("Set-Cookie", [ `${authKeyName}=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `${csrfName}=${httpResponse.payload?.csrf_k};samesite=strict;path=/;HttpOnly=true`, ]); } return httpResponse; } module.exports = loginUser;