agnav/agmission
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
01881947a7
agmission/Development/server/middlewares/app_validator.js
Devin Major 01881947a7 release 3.2.1
2026-04-22 15:02:51 -04:00

216 lines
7.7 KiB
JavaScript
Raw Blame History

'use strict';
const
env = require('../helpers/env.js'),
{ verifyAsync, decodeAsync } = require('../helpers/jwt_async.js'),
{ TokenExpiredError } = require('jsonwebtoken'),
utils = require('../helpers/utils.js'),
cache = require('../helpers/mem_cache.js'),
subUtil = require('../helpers/subscription_util.js'),
{ Errors, Fields } = require('../helpers/constants.js'),
{ AppAuthError, AppMembershipError, AppParamError } = require('../helpers/app_error.js'),
{ SubType, SubFields } = require('../model/subscription.js'),
Vehicle = require('../model/vehicle.js'),
ObjectId = require('mongodb').ObjectId;
const USE_SUBSCRIPTION = env.ENABLE_SUBSCRIPTION;
function getRoutePath(req) {
return req && req.baseUrl + req.path;
}
function isSecuredRoute(routePath, method) {
const nonSecurePaths = [
{ path: '/login', method: 'ALL' },
{ path: '/siteVer', method: 'ALL' },
{ path: '/mailPwdReset', method: 'POST' },
{ path: '/resetPassword', method: 'ALL' },
{ path: '/signup', method: 'ALL' },
{ path: '/api/partners', method: 'GET', exact: true }, // Allow unauthenticated GET /api/partners only (not subroutes)
{ path: '/exists', method: 'POST' },
{ path: '/countries', method: 'GET' },
{ path: '/testAuth', method: 'ALL' },
{ path: '/stPmtWH_EP', method: 'POST' } // Stripe webhook endpoint - authenticated via signature verification
];
if (env.INV_IMG_VIR_DIR) {
nonSecurePaths.push({ path: env.INV_IMG_VIR_DIR, method: 'ALL' });
}
return !nonSecurePaths.some(
(route) => {
const methodMatches = (route.method === 'ALL') || (method && method === route.method);
const pathMatches = route.exact ? routePath === route.path : routePath.includes(route.path);
return pathMatches && methodMatches;
}
);
}
/** Check on every request and authenticate and authorize users. This middleware must be call first to ensure user authentication and related user session data */
async function checkUser(req, res, next) {
// console.log(req.url);
if (!isSecuredRoute(getRoutePath(req), req.method)) return next && next();
const token = req.headers.authorization ? req.headers.authorization.split(' ') : null;
if (!token || token.length !== 2 || token[0].toLowerCase() !== 'bearer') AppAuthError.throw();
const bearer = token[1];
try {
const decodedToken = await verifyAsync(bearer, env.TOKEN_SECRET);
/* Setup for current logged in user */
req.uid = decodedToken.uid; // Set req User id
if (!ObjectId.isValid(req.uid)) AppAuthError.throw();
req.ut = decodedToken.ut; // Set req User type
// Rebuild the in-memory cache for this user in case of server restarted or the user's cache has expired
const userInfo = cache.get(req.uid);
if (userInfo && userInfo[Fields.MARKED_DELETE]) {
AppAuthError.throw();
} else if (!userInfo || cache.isExpired(req.uid, env.MAX_SESSION_SECS)) {
const curUserInfo = await cache.loadUser(req.uid);
if (!curUserInfo && curUserInfo[Fields.MARKED_DELETE]) {
AppAuthError.throw();
}
req.userInfo = curUserInfo;
return next && next();
} else {
req.userInfo = userInfo;
return next && next();
}
} catch (err) {
if (err instanceof TokenExpiredError) {
const decodedPkg = await decodeAsync(bearer);
// Handle the case the user logout when token already expired => should still allow clearing temp data
if (req.path.endsWith('/clearTempData')) {
req.uid = decodedPkg.uid;
if (!ObjectId.isValid(req.uid)) AppAuthError.throw();
req.ut = decodedPkg.ut;
return next && next();
}
AppAuthError.throw(Errors.TOKEN_EXPIRED);
} else {
AppAuthError.throw();
}
}
}
function getUserInfo(req) {
if (!req) AppParamError.throw();
const userInfo = req.userInfo;
if (!USE_SUBSCRIPTION) return userInfo; // Temporarily before merging subscription management feature
if (!userInfo || !userInfo.membership || utils.isEmptyArray(userInfo.membership?.subscriptions))
AppMembershipError.throw();
return userInfo;
}
/** Check for require any subscription. It requires to be called after checkUser middleware */
async function checkRqAnySubscription(req, res, next) {
if (!USE_SUBSCRIPTION) return next && next(); // Temporarily before merging subscription management feature
const routeUrl = getRoutePath(req);
if (!isSecuredRoute(routeUrl, req.method)) return next && next();
try {
getUserInfo(req);
return next && next();
} catch (err) {
return next && next(err);
}
}
/** Check for require any subscription. It requires to be called after checkUser middleware */
async function checkRqPkgSubscription(req, res, next) {
if (!USE_SUBSCRIPTION) return next && next(); // Temporarily before merging subscription management feature
const routeUrl = getRoutePath(req);
if (!isSecuredRoute(routeUrl, req.method)) return next && next();
try {
const userInfo = getUserInfo(req);
if (utils.isEmptyArray(userInfo?.membership?.subscriptions) || !(userInfo.membership.subscriptions.some(sub => sub.type === SubType.PACKAGE))) {
return AppMembershipError.throw(Errors.PKG_SUBSCRIPTION_NOT_FOUND);
}
return next && next();
} catch (err) {
return next && next(err);
}
}
// async function checkRqTrackingSubscription(req, res, next) {
// // TODO: Handle the check for subscription for addon(s) by name.
// }
async function checkACsLimits(userInfo) {
if (!USE_SUBSCRIPTION) return true; // Temporarily before merging subscription management feature
if (!userInfo) AppAuthError.throw();
const pkgSub = subUtil.getPkgSubfromUserInfo(userInfo);
const numOfAC = await Vehicle.countDocuments({ parent: userInfo.puid, [Fields.MARKED_DELETE]: { $in: [false, null] }, pkgActive: true });
// Check for customer-specific override first, fallback to package limit
const maxVehicles = userInfo.membership?.customLimits?.maxVehicles
?? subUtil.getSubMetaField(pkgSub, SubFields.MAX_VEHICLES)
?? 0;
if (numOfAC && numOfAC >= maxVehicles) {
AppMembershipError.throw(Errors.REACHED_VEHICLES_LIMIT);
}
return true;
}
async function checkUsageLimits(userInfo) {
if (!USE_SUBSCRIPTION) return true; // Temporarily before merging subscription management feature
if (!userInfo) AppAuthError.throw();
const pkgSub = subUtil.getPkgSubfromUserInfo(userInfo);
// Check and skip paid migrated users which have trial subscription and migratedDate is not null
if (pkgSub.type === SubType.TRIAL && userInfo?.migratedDate) return true;
// Check for customer-specific override first, fallback to package limit
const priceMaxAcres = userInfo.membership?.customLimits?.maxAcres
?? subUtil.getSubMetaField(pkgSub, SubFields.MAX_ACRES)
?? 0;
if (priceMaxAcres) {
const ttSprArea = await subUtil.calcTotalAreaByUser(ObjectId(userInfo.puid), pkgSub.periodStart, pkgSub.periodEnd);
if (ttSprArea && utils.haToAcre(ttSprArea) >= priceMaxAcres) {
AppMembershipError.throw(Errors.REACHED_AREA_LIMIT);
}
}
return true;
}
async function checkRqACsLimits(req, res, next) {
if (!USE_SUBSCRIPTION) return next && next(); // Temporarily before merging subscription management feature
const userInfo = getUserInfo(req);
await checkACsLimits(userInfo);
return next && (next());
}
async function checkRqUsageLimits(req, res, next) {
if (!USE_SUBSCRIPTION) return next && next(); // Temporarily before merging subscription management feature
const userInfo = getUserInfo(req);
await checkUsageLimits(userInfo);
return next && next();
}
module.exports = {
isSecuredRoute, getUserInfo, checkUser, checkACsLimits, checkUsageLimits,
checkRqAnySubscription, checkRqPkgSubscription, checkRqACsLimits, checkRqUsageLimits,
};
Reference in New Issue View Git Blame Copy Permalink