Skip to content

Commit

Permalink
Merge pull request #2268 from hollaex/beta
Browse files Browse the repository at this point in the history 
Beta
  • Loading branch information
@abeikverdi
abeikverdi authored Jul 12, 2023
2 parents 4f9a99d + fdfb048 commit c087baf
Show file tree
Hide file tree
Showing 32 changed files with 1,837 additions and 639 deletions.
15 changes: 13 additions & 2 deletions server/api/controllers/admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -482,8 +482,12 @@ const getAdminUserLogins = (req, res) => {
'controllers/admin/getAdminUserLogins/auth',
req.auth
);
const { user_id, status, limit, page, start_date, order_by, order, end_date, format } = req.swagger.params;
const { user_id, status, country, ip, limit, page, start_date, order_by, order, end_date, format } = req.swagger.params;

if (format.value && req.auth.scopes.indexOf(ROLES.ADMIN) === -1) {
return res.status(403).json({ message: API_KEY_NOT_PERMITTED });
}

if (start_date.value && !isDate(start_date.value)) {
loggerAdmin.error(
req.uuid,
Expand Down Expand Up @@ -514,6 +518,8 @@ const getAdminUserLogins = (req, res) => {
toolsLib.user.getUserLogins({
userId: user_id.value,
status: status.value,
country: country.value,
ip: ip.value,
limit: limit.value,
page: page.value,
orderBy: order_by.value,
Expand Down Expand Up @@ -2388,8 +2394,12 @@ const sendRawEmailByAdmin = (req, res) => {
const getUserSessionsByAdmin = (req, res) => {
loggerAdmin.verbose(req.uuid, 'controllers/admin/getUserSessionsByAdmin/auth', req.auth);

const { user_id, status, limit, page, order_by, order, start_date, end_date, format } = req.swagger.params;
const { user_id, last_seen, status, limit, page, order_by, order, start_date, end_date, format } = req.swagger.params;

if (format.value && req.auth.scopes.indexOf(ROLES.ADMIN) === -1) {
return res.status(403).json({ message: API_KEY_NOT_PERMITTED });
}

if (order_by.value && typeof order_by.value !== 'string') {
loggerAdmin.error(
req.uuid,
Expand All @@ -2401,6 +2411,7 @@ const getUserSessionsByAdmin = (req, res) => {

toolsLib.user.getExchangeUserSessions({
user_id: user_id.value,
last_seen: last_seen.value,
status: status.value,
limit: limit.value,
page: page.value,
Expand Down
2 changes: 1 addition & 1 deletion server/api/controllers/user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,7 @@ const loginPost = (req, res) => {
})
.catch((err) => {
loggerUser.error(req.uuid, 'controllers/user/loginPost catch', err.message);
return res.status(err.statusCode || 403).json({ message: errorMessageConverter(err) });
return res.status(err.statusCode || 401).json({ message: errorMessageConverter(err) });
});
};

Expand Down
16 changes: 16 additions & 0 deletions server/api/swagger/admin.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1676,6 +1676,16 @@ paths:
description: fetch successful or failed logins
required: false
type: boolean
- in: query
name: country
description: country of the login
required: false
type: string
- in: query
name: ip
description: ip of the login
required: false
type: string
- in: query
name: limit
description: "Number of elements to return. Default: 50. Maximun: 100"
Expand Down Expand Up @@ -3046,6 +3056,12 @@ paths:
required: false
type: number
format: int32
- in: query
name: last_seen
description: last seen
required: false
type: string
enum: ['1', '24']
- in: query
name: status
description: fetch active or revoke sessions
Expand Down
2 changes: 1 addition & 1 deletion server/api/swagger/swagger.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const definition = {
swagger: '2.0',
info: {
title: 'HollaEx Kit',
version: '2.7.0'
version: '2.7.1'
},
host: 'api.hollaex.com',
basePath: '/v2',
Expand Down
14 changes: 9 additions & 5 deletions server/api/swagger/user.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -378,7 +378,7 @@ paths:
secret:
type: string
maxLength: 256
403:
401:
description: Access Denied
schema:
$ref: "#/definitions/MessageResponse"
Expand Down Expand Up @@ -412,7 +412,7 @@ paths:
description: Success
schema:
$ref: "#/definitions/MessageResponse"
403:
401:
description: Access Denied
schema:
$ref: "#/definitions/MessageResponse"
Expand Down Expand Up @@ -446,7 +446,7 @@ paths:
description: Success
schema:
$ref: "#/definitions/MessageResponse"
403:
401:
description: Access Denied
schema:
$ref: "#/definitions/MessageResponse"
Expand Down Expand Up @@ -603,10 +603,14 @@ paths:
description: Success
schema:
$ref: "#/definitions/ObjectResponse"
403:
401:
description: Access Denied
schema:
$ref: "#/definitions/MessageResponse"
default:
description: Error
schema:
$ref: "#/definitions/MessageResponse"
security:
- Token: []
x-security-types:
Expand Down Expand Up @@ -693,7 +697,7 @@ paths:
description: Created
schema:
$ref: "#/definitions/MessageResponse"
403:
401:
description: Access Denied
schema:
$ref: "#/definitions/MessageResponse"
Expand Down
2 changes: 1 addition & 1 deletion server/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "2.7.0",
"version": "2.7.1",
"private": false,
"description": "HollaEx Kit",
"keywords": [
Expand Down
24 changes: 18 additions & 6 deletions server/utils/hollaex-tools-lib/tools/security.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -491,15 +491,15 @@ const verifyAuthTokenMiddleware = (req, authOrSecDef, token, cb, isSocket = fals
if (req.swagger && req.swagger.operation['security'].length > 0 && req.swagger.operation['security'][0].Token) {
const endpointTypes = req.swagger.operation['x-security-types'];
if (has(req.headers, 'authorization') && !endpointTypes.includes('bearer')) {
return req.res.status(403).json({ message: ACCESS_DENIED(INVALID_TOKEN_TYPE) });
return req.res.status(401).json({ message: ACCESS_DENIED(INVALID_TOKEN_TYPE) });
}

if (has(req.headers, 'api-key') && !endpointTypes.includes('hmac')) {
return req.res.status(403).json({ message: ACCESS_DENIED(INVALID_TOKEN_TYPE) });
return req.res.status(401).json({ message: ACCESS_DENIED(INVALID_TOKEN_TYPE) });
}

if (!has(req.headers, 'authorization') && !has(req.headers, 'api-key')) {
return req.res.status(403).json({ message: ACCESS_DENIED(NO_AUTH_TOKEN) });
return req.res.status(401).json({ message: ACCESS_DENIED(NO_AUTH_TOKEN) });
}

if (has(req.headers, 'authorization') && endpointTypes.includes('bearer')) {
Expand All @@ -522,7 +522,11 @@ const verifyBearerTokenMiddleware = (req, authOrSecDef, token, cb, isSocket = fa
if (isSocket) {
return cb(new Error(ACCESS_DENIED(msg)));
} else {
return req.res.status(403).json({ message: ACCESS_DENIED(msg) });
let statusCode = 401;
if (msg.indexOf(NOT_AUTHORIZED) > -1) {
statusCode = 403;
}
return req.res.status(statusCode).json({ message: ACCESS_DENIED(msg) });
}
};

Expand Down Expand Up @@ -613,7 +617,11 @@ const verifyHmacTokenMiddleware = (req, definition, apiKey, cb, isSocket = false
if (isSocket) {
return cb(new Error(ACCESS_DENIED(msg)));
} else {
return req.res.status(403).json({ message: ACCESS_DENIED(msg) });
let statusCode = 401;
if (msg.indexOf(NOT_AUTHORIZED) > -1) {
statusCode = 403;
}
return req.res.status(statusCode).json({ message: ACCESS_DENIED(msg) });
}
};
// Swagger endpoint scopes
Expand Down Expand Up @@ -684,7 +692,11 @@ const verifyNetworkHmacToken = (req) => {

const verifyBearerTokenExpressMiddleware = (scopes = BASE_SCOPES) => (req, res, next) => {
const sendError = (msg) => {
return req.res.status(403).json({ message: ACCESS_DENIED(msg) });
let statusCode = 401;
if (msg.indexOf(NOT_AUTHORIZED) > -1) {
statusCode = 403;
}
return req.res.status(statusCode).json({ message: ACCESS_DENIED(msg) });
};

const token = req.headers['authorization'];
Expand Down
33 changes: 27 additions & 6 deletions server/utils/hollaex-tools-lib/tools/user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1270,6 +1270,8 @@ const toggleFlaggedUserById = (userId) => {
const getUserLogins = (opts = {
userId: null,
status: null,
country: null,
ip: null,
limit: null,
page: null,
orderBy: null,
Expand All @@ -1284,10 +1286,12 @@ const getUserLogins = (opts = {
let options = {
where: {
timestamp: timeframe,
...(opts.status != null && { status: opts.status })
...(opts.status != null && { status: opts.status }),
...(opts.country != null && { country: opts.country }),
...(opts.ip != null && { ip: { [Op.like]: `%${opts.ip}%` } })
},
attributes: {
exclude: ['id', 'origin', 'referer']
exclude: ['origin', 'referer']
},
order: [ordering]
};
Expand Down Expand Up @@ -1898,6 +1902,7 @@ const updateUserInfo = async (userId, data = {}) => {

const getExchangeUserSessions = (opts = {
user_id: null,
last_seen: null,
status: null,
limit: null,
page: null,
Expand All @@ -1914,11 +1919,27 @@ const getExchangeUserSessions = (opts = {

return dbQuery.findAndCountAllWithRows('session', {
where: {
...(opts.status != null && { status: opts.status }),
...(opts.status == true && {
status: opts.status,
expiry_date: {
[Op.gt]: new Date()
}
}),
...(opts.status == false && {
[Op.or]: [
{
status: opts.status,
expiry_date: {
[Op.lt]: new Date()
}
}]
}),
created_at: timeframe,
expiry_date: {
[Op.gt]: new Date()
},
...(opts.last_seen && { last_seen:
{
[Op.gt]: new Date().setHours(new Date().getHours() - Number(opts.last_seen))
}
}),
},
attributes: {
exclude: ['token']
Expand Down
4 changes: 2 additions & 2 deletions server/ws/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ const wss = new WebSocket.Server({
toolsLib.security.verifyBearerTokenMiddleware(info.req, null, bearerToken, (err) => {
if (err) {
loggerWebsocket.error('ws/server', err);
return next(false, 403, err.message);
return next(false, 401, err.message);
} else {
return next(true);
}
Expand All @@ -46,7 +46,7 @@ const wss = new WebSocket.Server({
toolsLib.security.verifyHmacTokenMiddleware(info.req, null, hmacKey, (err) => {
if (err) {
loggerWebsocket.error('ws/server', err);
return next(false, 403, err.message);
return next(false, 401, err.message);
} else {
return next(true);
}
Expand Down
2 changes: 1 addition & 1 deletion version
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.7.0
2.7.1
2 changes: 1 addition & 1 deletion web/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# build environment
FROM node:14-buster-slim as build
FROM node:14.21.1-buster as build
ENV NODE_OPTIONS=--max_old_space_size=4096
ENV GENERATE_SOURCEMAP=false
WORKDIR /app
Expand Down
Loading

0 comments on commit c087baf

Please sign in to comment.