meb/meb-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed some bugs in api and auth services, completed auth cores.

Browse Source
This commit is contained in:
Giuseppe Raffa
2026-05-25 23:14:50 +02:00
parent 318ea3555f
commit 47faa41eb9
41 changed files with 2061 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
api/Dockerfile
View File

@@ -1,11 +1,8 @@
FROM node:20-slim
RUN corepack enable && corepack prepare pnpm@latest
FROM node:20-alpine
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile
COPY . .
EXPOSE 3000
CMD ["node", "src/index.js"]
CMD ["pnpm", "exec", "nodemon", "src/index.js"]

25
api/package.json
View File

@@ -1,18 +1,25 @@
{
"name": "api",
"type": "module",
"version": "1.0.0",
"description": "",
"main": "index.js",
"private": true,
"packageManager": "pnpm@9.15.0",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
"dev": "nodemon src/index.js",
"start": "node src/index.js"
},
"keywords": [],
"author": "",
"license": "ISC",
"packageManager": "pnpm@11.1.3",
"dependencies": {
"@influxdata/influxdb-client": "^1.35.0",
"@msgpack/msgpack": "^3.1.2",
"cookie-parser": "^1.4.7",
"cors": "^2.8.5",
"express": "^5.2.1",
"helmet": "^8.1.0",
"ioredis": "^5.10.1",
"pg": "^8.21.0"
"pg": "^8.21.0",
"zod": "^4.4.3"
},
"devDependencies": {
"nodemon": "^3.1.14"
}
}
}

298
api/pnpm-lock.yaml generated
View File

@@ -8,29 +8,78 @@ importers:
.:
dependencies:
'@influxdata/influxdb-client':
specifier: ^1.35.0
version: 1.35.0
'@msgpack/msgpack':
specifier: ^3.1.2
version: 3.1.3
cookie-parser:
specifier: ^1.4.7
version: 1.4.7
cors:
specifier: ^2.8.5
version: 2.8.6
express:
specifier: ^5.2.1
version: 5.2.1
helmet:
specifier: ^8.1.0
version: 8.1.0
ioredis:
specifier: ^5.10.1
version: 5.10.1
pg:
specifier: ^8.21.0
version: 8.21.0
zod:
specifier: ^4.4.3
version: 4.4.3
devDependencies:
nodemon:
specifier: ^3.1.14
version: 3.1.14
packages:
'@influxdata/influxdb-client@1.35.0':
resolution: {integrity: sha512-woWMi8PDpPQpvTsRaUw4Ig+nOGS/CWwAwS66Fa1Vr/EkW+NEwxI8YfPBsdBMn33jK2Y86/qMiiuX/ROHIkJLTw==}
'@ioredis/commands@1.5.1':
resolution: {integrity: sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw==}
'@msgpack/msgpack@3.1.3':
resolution: {integrity: sha512-47XIizs9XZXvuJgoaJUIE2lFoID8ugvc0jzSHP+Ptfk8nTbnR8g788wv48N03Kx0UkAv559HWRQ3yzOgzlRNUA==}
engines: {node: '>= 18'}
accepts@2.0.0:
resolution: {integrity: sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==}
engines: {node: '>= 0.6'}
anymatch@3.1.3:
resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
engines: {node: '>= 8'}
balanced-match@4.0.4:
resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
engines: {node: 18 || 20 || >=22}
binary-extensions@2.3.0:
resolution: {integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==}
engines: {node: '>=8'}
body-parser@2.2.2:
resolution: {integrity: sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==}
engines: {node: '>=18'}
brace-expansion@5.0.6:
resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==}
engines: {node: 18 || 20 || >=22}
braces@3.0.3:
resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==}
engines: {node: '>=8'}
bytes@3.1.2:
resolution: {integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==}
engines: {node: '>= 0.8'}
@@ -43,6 +92,10 @@ packages:
resolution: {integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==}
engines: {node: '>= 0.4'}
chokidar@3.6.0:
resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
engines: {node: '>= 8.10.0'}
cluster-key-slot@1.1.2:
resolution: {integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==}
engines: {node: '>=0.10.0'}
@@ -59,6 +112,13 @@ packages:
resolution: {integrity: sha512-j/O/d7GcZCyNl7/hwZAb606rzqkyvaDctLmckbxLzHvFBzTJHuGEdodATcP3yIRoDrLHkIATJuvzbFlp/ki2cQ==}
engines: {node: '>=18'}
cookie-parser@1.4.7:
resolution: {integrity: sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==}
engines: {node: '>= 0.8.0'}
cookie-signature@1.0.6:
resolution: {integrity: sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==}
cookie-signature@1.2.2:
resolution: {integrity: sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==}
engines: {node: '>=6.6.0'}
@@ -67,6 +127,10 @@ packages:
resolution: {integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==}
engines: {node: '>= 0.6'}
cors@2.8.6:
resolution: {integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==}
engines: {node: '>= 0.10'}
debug@4.4.3:
resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
engines: {node: '>=6.0'}
@@ -118,6 +182,10 @@ packages:
resolution: {integrity: sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==}
engines: {node: '>= 18'}
fill-range@7.1.1:
resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==}
engines: {node: '>=8'}
finalhandler@2.1.1:
resolution: {integrity: sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==}
engines: {node: '>= 18.0.0'}
@@ -130,6 +198,11 @@ packages:
resolution: {integrity: sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==}
engines: {node: '>= 0.8'}
fsevents@2.3.3:
resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
os: [darwin]
function-bind@1.1.2:
resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==}
@@ -141,10 +214,18 @@ packages:
resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==}
engines: {node: '>= 0.4'}
glob-parent@5.1.2:
resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
engines: {node: '>= 6'}
gopd@1.2.0:
resolution: {integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==}
engines: {node: '>= 0.4'}
has-flag@3.0.0:
resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==}
engines: {node: '>=4'}
has-symbols@1.1.0:
resolution: {integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==}
engines: {node: '>= 0.4'}
@@ -153,6 +234,10 @@ packages:
resolution: {integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==}
engines: {node: '>= 0.4'}
helmet@8.1.0:
resolution: {integrity: sha512-jOiHyAZsmnr8LqoPGmCjYAaiuWwjAPLgY8ZX2XrmHawt99/u1y6RgrZMTeoPfpUbV96HOalYgz1qzkRbw54Pmg==}
engines: {node: '>=18.0.0'}
http-errors@2.0.1:
resolution: {integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==}
engines: {node: '>= 0.8'}
@@ -161,6 +246,9 @@ packages:
resolution: {integrity: sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==}
engines: {node: '>=0.10.0'}
ignore-by-default@1.0.1:
resolution: {integrity: sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==}
inherits@2.0.4:
resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
@@ -172,6 +260,22 @@ packages:
resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
engines: {node: '>= 0.10'}
is-binary-path@2.1.0:
resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
engines: {node: '>=8'}
is-extglob@2.1.1:
resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
engines: {node: '>=0.10.0'}
is-glob@4.0.3:
resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
engines: {node: '>=0.10.0'}
is-number@7.0.0:
resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
engines: {node: '>=0.12.0'}
is-promise@4.0.0:
resolution: {integrity: sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==}
@@ -201,6 +305,10 @@ packages:
resolution: {integrity: sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==}
engines: {node: '>=18'}
minimatch@10.2.5:
resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
engines: {node: 18 || 20 || >=22}
ms@2.1.3:
resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
@@ -208,6 +316,19 @@ packages:
resolution: {integrity: sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==}
engines: {node: '>= 0.6'}
nodemon@3.1.14:
resolution: {integrity: sha512-jakjZi93UtB3jHMWsXL68FXSAosbLfY0In5gtKq3niLSkrWznrVBzXFNOEMJUfc9+Ke7SHWoAZsiMkNP3vq6Jw==}
engines: {node: '>=10'}
hasBin: true
normalize-path@3.0.0:
resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
engines: {node: '>=0.10.0'}
object-assign@4.1.1:
resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
engines: {node: '>=0.10.0'}
object-inspect@1.13.4:
resolution: {integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==}
engines: {node: '>= 0.4'}
@@ -260,6 +381,10 @@ packages:
pgpass@1.0.5:
resolution: {integrity: sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug==}
picomatch@2.3.2:
resolution: {integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==}
engines: {node: '>=8.6'}
postgres-array@2.0.0:
resolution: {integrity: sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==}
engines: {node: '>=4'}
@@ -280,6 +405,9 @@ packages:
resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
engines: {node: '>= 0.10'}
pstree.remy@1.1.8:
resolution: {integrity: sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==}
qs@6.15.2:
resolution: {integrity: sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==}
engines: {node: '>=0.6'}
@@ -292,6 +420,10 @@ packages:
resolution: {integrity: sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==}
engines: {node: '>= 0.10'}
readdirp@3.6.0:
resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
engines: {node: '>=8.10.0'}
redis-errors@1.2.0:
resolution: {integrity: sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==}
engines: {node: '>=4'}
@@ -307,6 +439,11 @@ packages:
safer-buffer@2.1.2:
resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}
semver@7.8.0:
resolution: {integrity: sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==}
engines: {node: '>=10'}
hasBin: true
send@1.2.1:
resolution: {integrity: sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==}
engines: {node: '>= 18'}
@@ -334,6 +471,10 @@ packages:
resolution: {integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==}
engines: {node: '>= 0.4'}
simple-update-notifier@2.0.0:
resolution: {integrity: sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==}
engines: {node: '>=10'}
split2@4.2.0:
resolution: {integrity: sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==}
engines: {node: '>= 10.x'}
@@ -345,14 +486,29 @@ packages:
resolution: {integrity: sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==}
engines: {node: '>= 0.8'}
supports-color@5.5.0:
resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==}
engines: {node: '>=4'}
to-regex-range@5.0.1:
resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
engines: {node: '>=8.0'}
toidentifier@1.0.1:
resolution: {integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==}
engines: {node: '>=0.6'}
touch@3.1.1:
resolution: {integrity: sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==}
hasBin: true
type-is@2.1.0:
resolution: {integrity: sha512-faYHw0anBbc/kWF3zFTEnxSFOAGUX9GFbOBthvDdLsIlEoWOFOtS0zgCiQYwIskL9iGXZL3kAXD8OoZ4GmMATA==}
engines: {node: '>= 18'}
undefsafe@2.0.5:
resolution: {integrity: sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==}
unpipe@1.0.0:
resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==}
engines: {node: '>= 0.8'}
@@ -368,20 +524,36 @@ packages:
resolution: {integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==}
engines: {node: '>=0.4'}
zod@4.4.3:
resolution: {integrity: sha512-ytENFjIJFl2UwYglde2jchW2Hwm4GJFLDiSXWdTrJQBIN9Fcyp7n4DhxJEiWNAJMV1/BqWfW/kkg71UDcHJyTQ==}
snapshots:
'@influxdata/influxdb-client@1.35.0': {}
'@ioredis/commands@1.5.1': {}
'@msgpack/msgpack@3.1.3': {}
accepts@2.0.0:
dependencies:
mime-types: 3.0.2
negotiator: 1.0.0
anymatch@3.1.3:
dependencies:
normalize-path: 3.0.0
picomatch: 2.3.2
balanced-match@4.0.4: {}
binary-extensions@2.3.0: {}
body-parser@2.2.2:
dependencies:
bytes: 3.1.2
content-type: 1.0.5
debug: 4.4.3
debug: 4.4.3(supports-color@5.5.0)
http-errors: 2.0.1
iconv-lite: 0.7.2
on-finished: 2.4.1
@@ -391,6 +563,14 @@ snapshots:
transitivePeerDependencies:
- supports-color
brace-expansion@5.0.6:
dependencies:
balanced-match: 4.0.4
braces@3.0.3:
dependencies:
fill-range: 7.1.1
bytes@3.1.2: {}
call-bind-apply-helpers@1.0.2:
@@ -403,6 +583,18 @@ snapshots:
call-bind-apply-helpers: 1.0.2
get-intrinsic: 1.3.0
chokidar@3.6.0:
dependencies:
anymatch: 3.1.3
braces: 3.0.3
glob-parent: 5.1.2
is-binary-path: 2.1.0
is-glob: 4.0.3
normalize-path: 3.0.0
readdirp: 3.6.0
optionalDependencies:
fsevents: 2.3.3
cluster-key-slot@1.1.2: {}
content-disposition@1.1.0: {}
@@ -411,13 +603,27 @@ snapshots:
content-type@2.0.0: {}
cookie-parser@1.4.7:
dependencies:
cookie: 0.7.2
cookie-signature: 1.0.6
cookie-signature@1.0.6: {}
cookie-signature@1.2.2: {}
cookie@0.7.2: {}
debug@4.4.3:
cors@2.8.6:
dependencies:
object-assign: 4.1.1
vary: 1.1.2
debug@4.4.3(supports-color@5.5.0):
dependencies:
ms: 2.1.3
optionalDependencies:
supports-color: 5.5.0
denque@2.1.0: {}
@@ -453,7 +659,7 @@ snapshots:
content-type: 1.0.5
cookie: 0.7.2
cookie-signature: 1.2.2
debug: 4.4.3
debug: 4.4.3(supports-color@5.5.0)
depd: 2.0.0
encodeurl: 2.0.0
escape-html: 1.0.3
@@ -478,9 +684,13 @@ snapshots:
transitivePeerDependencies:
- supports-color
fill-range@7.1.1:
dependencies:
to-regex-range: 5.0.1
finalhandler@2.1.1:
dependencies:
debug: 4.4.3
debug: 4.4.3(supports-color@5.5.0)
encodeurl: 2.0.0
escape-html: 1.0.3
on-finished: 2.4.1
@@ -493,6 +703,9 @@ snapshots:
fresh@2.0.0: {}
fsevents@2.3.3:
optional: true
function-bind@1.1.2: {}
get-intrinsic@1.3.0:
@@ -513,14 +726,22 @@ snapshots:
dunder-proto: 1.0.1
es-object-atoms: 1.1.1
glob-parent@5.1.2:
dependencies:
is-glob: 4.0.3
gopd@1.2.0: {}
has-flag@3.0.0: {}
has-symbols@1.1.0: {}
hasown@2.0.3:
dependencies:
function-bind: 1.1.2
helmet@8.1.0: {}
http-errors@2.0.1:
dependencies:
depd: 2.0.0
@@ -533,13 +754,15 @@ snapshots:
dependencies:
safer-buffer: 2.1.2
ignore-by-default@1.0.1: {}
inherits@2.0.4: {}
ioredis@5.10.1:
dependencies:
'@ioredis/commands': 1.5.1
cluster-key-slot: 1.1.2
debug: 4.4.3
debug: 4.4.3(supports-color@5.5.0)
denque: 2.1.0
lodash.defaults: 4.2.0
lodash.isarguments: 3.1.0
@@ -551,6 +774,18 @@ snapshots:
ipaddr.js@1.9.1: {}
is-binary-path@2.1.0:
dependencies:
binary-extensions: 2.3.0
is-extglob@2.1.1: {}
is-glob@4.0.3:
dependencies:
is-extglob: 2.1.1
is-number@7.0.0: {}
is-promise@4.0.0: {}
lodash.defaults@4.2.0: {}
@@ -569,10 +804,31 @@ snapshots:
dependencies:
mime-db: 1.54.0
minimatch@10.2.5:
dependencies:
brace-expansion: 5.0.6
ms@2.1.3: {}
negotiator@1.0.0: {}
nodemon@3.1.14:
dependencies:
chokidar: 3.6.0
debug: 4.4.3(supports-color@5.5.0)
ignore-by-default: 1.0.1
minimatch: 10.2.5
pstree.remy: 1.1.8
semver: 7.8.0
simple-update-notifier: 2.0.0
supports-color: 5.5.0
touch: 3.1.1
undefsafe: 2.0.5
normalize-path@3.0.0: {}
object-assign@4.1.1: {}
object-inspect@1.13.4: {}
on-finished@2.4.1:
@@ -622,6 +878,8 @@ snapshots:
dependencies:
split2: 4.2.0
picomatch@2.3.2: {}
postgres-array@2.0.0: {}
postgres-bytea@1.0.1: {}
@@ -637,6 +895,8 @@ snapshots:
forwarded: 0.2.0
ipaddr.js: 1.9.1
pstree.remy@1.1.8: {}
qs@6.15.2:
dependencies:
side-channel: 1.1.0
@@ -650,6 +910,10 @@ snapshots:
iconv-lite: 0.7.2
unpipe: 1.0.0
readdirp@3.6.0:
dependencies:
picomatch: 2.3.2
redis-errors@1.2.0: {}
redis-parser@3.0.0:
@@ -658,7 +922,7 @@ snapshots:
router@2.2.0:
dependencies:
debug: 4.4.3
debug: 4.4.3(supports-color@5.5.0)
depd: 2.0.0
is-promise: 4.0.0
parseurl: 1.3.3
@@ -668,9 +932,11 @@ snapshots:
safer-buffer@2.1.2: {}
semver@7.8.0: {}
send@1.2.1:
dependencies:
debug: 4.4.3
debug: 4.4.3(supports-color@5.5.0)
encodeurl: 2.0.0
escape-html: 1.0.3
etag: 1.8.1
@@ -723,20 +989,36 @@ snapshots:
side-channel-map: 1.0.1
side-channel-weakmap: 1.0.2
simple-update-notifier@2.0.0:
dependencies:
semver: 7.8.0
split2@4.2.0: {}
standard-as-callback@2.1.0: {}
statuses@2.0.2: {}
supports-color@5.5.0:
dependencies:
has-flag: 3.0.0
to-regex-range@5.0.1:
dependencies:
is-number: 7.0.0
toidentifier@1.0.1: {}
touch@3.1.1: {}
type-is@2.1.0:
dependencies:
content-type: 2.0.0
media-typer: 1.1.0
mime-types: 3.0.2
undefsafe@2.0.5: {}
unpipe@1.0.0: {}
vary@1.1.2: {}
@@ -744,3 +1026,5 @@ snapshots:
wrappy@1.0.2: {}
xtend@4.0.2: {}
zod@4.4.3: {}

16
api/src/core/cors.js Normal file
View File

@@ -0,0 +1,16 @@
import cors from 'cors';
const dev = {
origin: true,
credentials: true,
};
const prod = {
origin: (process.env.ALLOWED_ORIGINS ?? '').split(','),
credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'X-Internal-Token'],
};
export const corsMiddleware = cors(process.env.NODE_ENV === 'production' ? prod : dev);

37
api/src/core/msgpackcore.js Normal file
View File

@@ -0,0 +1,37 @@
import { encode, decode } from '@msgpack/msgpack';
/*
Un middleware da interporre in una richiesta HTTP che converte il corpo della richiesta in un buffer MSGPack compatto.
*/
export function bodyToMSGPack() {
return (req, _res, next) => {
if (!req.is('application/msgpack')) return next();
const chunks = [];
req.on('data', chunk => chunks.push(chunk));
req.on('end', () => {
try {
req.body = decode(Buffer.concat(chunks));
next();
} catch (e) {
next(new Error('bad_msgpack_error'));
}
})
}
}
/*
Invia un oggetto come risposta in formato JSON o MSGPack, a seconda delle preferenze del client, specificate nelle intestazioni Accept.
*/
export function send(req, res, obj, status = 200) {
if (req.accepts(['json', 'application/msgpack']) === 'application/msgpack') {
return sendAsMsgpack(res, obj, status);
}
res.status(status).json(obj);
}
/*
Invia un oggetto come risposta in formato MSGPack.
*/
export function sendAsMsgpack(res, obj, status = 200) {
res.status(status).type('application/msgpack').send(Buffer.from(encode(obj)));
}

111
api/src/core/rulesetscore.js Normal file
View File

@@ -0,0 +1,111 @@
import { rulesets } from "../data/db.js";
import { redis } from "../data/redis.js";
const kinds = new Set([
'telemetry',
'forecasts'
]);
/*
Esegue un controllo sul tipo di ruleset ricevuto per verificare che sia valido e evitare SQL injection
*/
function checkKind(kind) {
if (!kinds.has(kind)) throw new Error(`Invalid kind: ${kind}`);
}
/*
Restituisce le versioni di un ruleset.
*/
export async function getVersions(kind) {
checkKind(kind);
const { rows } = await rulesets.query(`select id, version_major, version_minor, version_patch, is_active, created_at, deprecated_at from ${kind} order by version_major desc, version_minor desc, version_patch desc`)
return rows;
}
/*
Restituisce le versioni attive di un ruleset.
*/
export async function getActive(kind) {
checkKind(kind);
const { rows } = await rulesets.query(`select id, version_major, version_minor, version_patch, content, created_at from ${kind} where is_active = true limit 1`);
return rows[0] ?? null;
}
/*
Restituisce una versione di un ruleset dato il suo ID.
*/
export async function getByID(kind, id) {
checkKind(kind);
const { rows } = await rulesets.query(`select * from ${kind} where id = $1`, [id]);
return rows[0] ?? null;
}
/*
Crea una nuova versione di un ruleset.
@param {string} kind - Il tipo di ruleset (telemetry o forecasts).
@param {Object} content - Il contenuto della nuova versione in formaot JSON.
@param {Object} version - La versione della nuova versione con formato: { major: 1, minor: 0, patch: 0 }.
@returns {Promise<object>} - Risultato della query.
*/
export async function newVersion(kind, content, version) {
checkKind(kind);
let { major, minor, patch } = version;
if (!version) {
const { rows } = await rulesets.query(`select version_major, version_minor, version_patch from ${kind} order by version_major desc, version_minor desc, version_patch desc limit 1`);
if (rows[0]) {
major = rows[0].version_major;
minor = rows[0].version_minor;
patch = rows[0].version_patch + 1;
} else {
major = 1;
minor = 0;
patch = 0;
}
}
const { rows } = await rulesets.query(`insert into ${kind} (version_major, version_minor, version_patch, content) values ($1, $2, $3, $4) returning *`, [major, minor, patch, content]);
return rows[0];
}
export async function activate(kind, id) {
checkKind(kind);
const client = await rulesets.connect();
try {
await client.query('begin');
await client.query(`update ${kind} set is_active = false where is_active = true`);
const r = await client.query(`update ${kind} set is_active = true where id = $1 and deprecated_at is null returning *`, [id]);
if (!r.rows[0]) {
await client.query('rollback');
return null;
}
await client.query('commit');
await redis.publish(`ruleset:update:${kind}`, JSON.stringify({ id, active: true }));
return r.rows[0];
} catch (error) {
await client.query('rollback');
throw error;
} finally {
client.release();
}
}
export async function deprecate(kind, id) {
checkKind(kind);
const client = await rulesets.connect();
try {
await client.query('begin');
const r = await client.query(`update ${kind} set deprecated_at = now(), is_active = case when is_active then false else is_active end where id = $1`, [id]);
await client.query('commit');
await redis.publish(`ruleset:update:${kind}`, JSON.stringify({ id, deprecated: true }));
return r.rows[0];
} catch (error) {
await client.query('rollback');
throw error;
} finally {
client.release();
}
}

25
api/src/data/db.js Normal file
View File

@@ -0,0 +1,25 @@
import pg from 'pg';
const client = {
host: process.env.DB_HOST,
port: Number(process.env.DB_PORT),
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
max: 10,
idleTimeoutMillis: 30_000
};
/* The sensors database client */
const sensors = new pg.Pool({ ...client, database: 'sensors' });
/* The rulesets database client */
const rulesets = new pg.Pool({ ...client, database: 'rulesets' });
/* The data database client */
const data = new pg.Pool({ ...client, database: 'data' });
export async function query(from, text, params) {
return await from.query(text, params);
};
export { sensors, rulesets, data };

26
api/src/data/influx.js Normal file
View File

@@ -0,0 +1,26 @@
import { InfluxDB, Point } from '@influxdata/influxdb-client';
const url = process.env.INFLX_URL;
const token = process.env.INFLX_TOKEN;
const org = process.env.INFLX_ORG;
const boatTelemetry = 'boat_telemetry';
const client = new InfluxDB({ url, token });
const writeApi = client.getWriteApi(org, boatTelemetry, 'ns', {
batchSize: 1,
flushInterval: 0,
maxRetries: 0,
maxBufferLines: 1,
});
/*
* Aggiunge un punto al database
*/
export async function write(point) {
writeApi.writePoint(point);
await writeApi.flush(true);
}
export { Point };

9
api/src/data/redis.js Normal file
View File

@@ -0,0 +1,9 @@
import Redis from 'ioredis';
const client = new Redis({
host: process.env.REDIS_HOST,
port: Number(process.env.REDIS_PORT),
password: process.env.REDIS_PASSWORD,
});
export { client as redis };

10
api/src/index.js
View File

@@ -1,7 +1,13 @@
import express from 'express';
const app = express();
import { sensorsAPIs } from '../src/routes/sensors.js';
app.use('/sensors', sensorsAPIs)
app.get('/', (req, res) => {
res.redirect('/health')
})
app.get('/health', (req, res) => {
res.json({
service: "api",
@@ -14,6 +20,6 @@ app.get('/health', (req, res) => {
});
app.listen(3000, '0.0.0.0', () => {
app.listen('3000', '0.0.0.0', () => {
console.log('API started')
})

20
api/src/middlewares/internalware.js Normal file
View File

@@ -0,0 +1,20 @@
const interalToken = process.env.INTERNAL_API_TOKEN;
export function internalware(req, res, next) {
if (req.headers['x-internal-token'] === interalToken) {
req.internal = true; // La richiesta è interna
return next();
}
return res.status(403).json({error: 'not-internal'});
}
export function userOrInternal(userware) {
return (req, res, next) => {
if (req.headers['x-internal-token'] === interalToken) {
req.internal = true;
return next();
}
return userware(req, res, next);
};
}

47
api/src/middlewares/userware.js Normal file
View File

@@ -0,0 +1,47 @@
import { redis } from "../data/redis.js";
const authURL = process.env.AUTH_INTERNAL_URL;
const cookieName = process.env.COOKIE_NAME;
const cacheTTL = 30;
function hashCookie(cookie) {
return crypto.createHash('sha256').update(cookie).digest('hex').slice(0, 32);
}
export async function userware(req, res, next) {
const token = req.cookies?.[cookieName];
if (!token) return res.status(401).json({ message: 'not authenticated' })
const cacheKey = `auth:cookie:${hashCookie(token)}`
const cached = await redis.get(cacheKey).catch( ()=> null);
if (cached) {
req.user = JSON.parse(cached)
return next();
}
try {
const r = await fetch(`${authURL}/api/users/me`, {
headers: {
cookie: `${cookieName}=${token}`
},
});
if (!r.ok) throw new Error('unauthorized');
const user = await r.json();
req.user = {
id: body.user.id,
sessionId: body.thisSession?.id
};
await redis.set(cacheKey, JSON.stringify(req.user), 'EX', cacheTTL).catch(() => { });
return next();
} catch (error) {
console.error('Userware Middleware: errore in auth:', error.message);
return res.status(503).json({ message: 'Error in auth service', error: error})
}
}
//TODO: Da finire
//TODO: Capire perche le versioni del package manager pnpm sono diverse tra i vari servizi
// TODO: Aggiungere 'private' ai package.json per rendere privati i pacchetti

38
api/src/routes/sensors.js Normal file
View File

@@ -0,0 +1,38 @@
import { Router } from "express";
import crypto from "crypto";
import { sensors } from "../data/db.js";
import { redis } from "../data/redis.js";
import { userware } from "../middlewares/userware.js";
const router = Router();
//TODO: Add sensors routes
router.get('/', async (req, res) => {
const { rows } = await sensors.query('select * from sensors')
res.json(rows)
})
/*
Restituisce tutti i sensori attivi e attualmente connessi da redis.
*/
router.get('/actives', async (req, res) => {
const sensors = redis.scanStream({ match: 'sensor:online:*', count: 100 });
const ids = []
for await (const sensor of sensors) {
for (const key of sensor) ids.push(key.slice('sensor:online'.length));
}
res.json({
sensors: ids,
count: ids.length,
})
})
router.get('/:id', async (req, res) => {
const { id } = req.params
const { rows } = await sensors.query('select * from sensors where id = $1', [id])
res.json(rows[0])
})
export { router as sensorsAPIs }

2
auth/Dockerfile
View File

@@ -1,6 +1,6 @@
FROM node:20-alpine
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@10.26.2 --activate
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile
COPY . .

2
auth/package.json
View File

@@ -10,7 +10,7 @@
"author": "",
"type": "module",
"license": "ISC",
"packageManager": "pnpm@10.26.2",
"packageManager": "pnpm@9.15.0",
"dependencies": {
"bcrypt": "^6.0.0",
"cookie-parser": "^1.4.7",

9
auth/src/core/jwt.js
View File

@@ -15,11 +15,18 @@ export async function verify(token) {
return jwt.verify(token, secret);
}
// In dev (localhost): nessun domain → il cookie è scopato al singolo host (localhost),
// ma viene comunque inviato a tutte le porte (4001 auth, 4003 console, 4000 api).
// In prod: COOKIE_DOMAIN=.server.com → cookie condiviso fra tutti i sottodomini
// (auth.server.com, console.server.com, api.server.com).
const cookieDomain = process.env.COOKIE_DOMAIN || undefined;
export const cookieOptions = {
httpOnly: true,
secure: process.env.NODE_ENV,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
path: '/',
maxAge: ttl_seconds * 1000,
...(cookieDomain ? { domain: cookieDomain } : {}),
};

2
auth/src/data/redis.js
View File

@@ -2,7 +2,7 @@ import Redis from 'ioredis';
const client = new Redis({
host: process.env.REDIS_HOST,
port: process.env.REDIS_PORT,
port: Number(process.env.REDIS_PORT),
password: process.env.REDIS_PASSWORD,
});

45
auth/src/index.js
View File

@@ -1,35 +1,52 @@
import express from 'express';
import cookieParser from 'cookie-parser';
import path from 'path';
import { fileURLToPath } from 'url';
import { authRouter } from './routes/auth.js';
import { userAPIs } from './routes/users.js';
import { sessionsAPIs } from './routes/sessions.js';
import { pagesAPIs } from './routes/pages.js';
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const app = express();
app.use(express.json());
app.use(express.json({ limit: '64kb' }));
app.use(cookieParser());
app.get('/health', (req, res) => {
// Asset statici (CSS, font, JS client). Servito a /static/*
app.use('/static', express.static(path.join(__dirname, 'static'), {
maxAge: process.env.NODE_ENV === 'production' ? '30d' : 0,
fallthrough: true,
}));
app.get('/health', (_req, res) => {
res.send({
status: 'ok',
service: 'auth',
version: {
'major': process.env.V_MAJOR,
'minor': process.env.V_MINOR,
'patch': process.env.V_PATCH,
major: process.env.V_MAJOR,
minor: process.env.V_MINOR,
patch: process.env.V_PATCH,
},
timestamp: new Date().toISOString(),
});
});
// Public web pages
// app.use('/login', authRouter);
// app.use('/profile', profileRouter);
// app.use('/profile/sessions', sessionRouter);
// Pagine web pubbliche (HTML) — /login, /profile, /config.js
app.use('/', pagesAPIs);
// API JSON
app.use('/api', authRouter);
// app.use('/api/users', usersRouter);
// app.use('/api/sessions', sessionRouter);
//
app.use('/api/users', userAPIs);
app.use('/api/sessions', sessionsAPIs);
app.listen('3000', '0.0.0.0', () => {
// Error handler globale
app.use((err, _req, res, _next) => {
console.error('[auth] errore non gestito:', err);
res.status(500).json({ error: 'internal_error' });
});
app.listen(Number(process.env.PORT ?? 3000), '0.0.0.0', () => {
console.log('Auth started');
})
});

35
auth/src/middleware/auth.js
View File

@@ -1,35 +0,0 @@
import { verify } from "../core/jwt";
import { query } from "../data/db";
import { redis } from '../data/redis';
const cookieName = process.env.COOKIE_NAME;
export async function requireUserAuth(req, res, next) {
const token = req.cookies?.[cookieName];
if (!token) return res.status(401).json({ message: 'No token' });
let payload;
try {
payload = await verify(token);
} catch (error) {
return res.status(401).json({ message: 'Invalid token' });
}
// Session
const { rows } = await query(
'select id, user_id, expires_at from sessions where id = $1',
[payload.sessionId]
);
if (!rows[0]) return res.status(401).json({ message: 'Invalid session' });
await query('update sessions set last_activity = now() where id = $1', [payload.sessionId]).catch(() => { });
redis.set(`onlineuser:${payload.sub}`, '1', 'EX', 60).catch(() => { });
req.user = {
id: payload.sub,
name: payload.sessionId,
}
next();
}

9
auth/src/middlewares/internalware.js Normal file
View File

@@ -0,0 +1,9 @@
const token = process.env.INTERNAL_API_TOKEN;
export function internalware(req, res, next) {
const header = req.get('X-Internal-Token');
if (header !== token) {
return res.status(401).json({ message: 'Unauthorized' })
}
next();
}

40
auth/src/middlewares/userware.js Normal file
View File

@@ -0,0 +1,40 @@
import { verify } from "../core/jwt.js";
import { query } from "../data/db.js";
import { redis } from '../data/redis.js';
const cookieName = process.env.COOKIE_NAME;
export async function requireUserAuth(req, res, next) {
const token = req.cookies?.[cookieName];
if (!token) return res.status(401).json({ message: 'No token' });
let payload;
try {
payload = await verify(token);
} catch (error) {
return res.status(401).json({ message: 'Invalid token' });
}
// Session
const { rows } = await query(
'select id, user_id, expires_at from sessions where id = $1 and expires_at > now()',
[payload.sessionId]
);
if (!rows[0]) return res.status(401).json({ message: 'Invalid session' });
const writeKey = `user:lastonline:${payload.sessionId}`;
const acquired = await redis.set(writeKey, '1', 'EX', 30, 'NX').catch(() => null);
if (acquired === 'OK') {
await query('update sessions set last_activity = now() where id = $1', [payload.sessionId]).catch((err) => {
console.error('auth error in last_activity update', err.message);
});
redis.set(`user:online:${payload.sub}`, '1', 'EX', 60).catch(() => { });
}
req.user = {
id: payload.sub,
sessionId: payload.sessionId,
}
next();
}

103
auth/src/pages/login.html
View File

@@ -1,12 +1,93 @@
<!DOCTYPE html>
<html>
<head>
<title>Ciao</title>
</head>
<body>
<h1>Ciao</h1>
<form>
</form>
</body>
<!doctype html>
<html lang="it">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="/static/styles/style.css" />
<title>MEB — Accedi</title>
</head>
<body>
<div class="login-container">
<div class="login-logo">MEB</div>
<h1>Bentornato</h1>
<p>Inserisci le tue credenziali per accedere alla console.</p>
<form class="login-form" id="loginForm">
<div class="input-group">
<label for="username">Username</label>
<input
type="text"
id="username"
name="username"
placeholder="Il tuo username"
autocomplete="username"
/>
</div>
<div class="input-group">
<label for="password">Password</label>
<input
type="password"
id="password"
name="password"
placeholder="La tua password"
autocomplete="current-password"
/>
</div>
<div class="error-message" id="errorMsg"></div>
<button type="submit" class="btn-login" id="loginBtn">
<span class="btn-spinner"></span>
<span class="btn-label">Accedi</span>
</button>
</form>
</div>
<script>
document
.getElementById("loginForm")
.addEventListener("submit", async (e) => {
e.preventDefault();
const errorMsg = document.getElementById("errorMsg");
const btn = document.getElementById("loginBtn");
errorMsg.textContent = "";
btn.disabled = true;
btn.classList.add("loading");
const username = document.getElementById("username").value;
const password = document.getElementById("password").value;
let res;
try {
res = await fetch("/api/login", {
method: "POST",
headers: { "Content-Type": "application/json" },
credentials: "same-origin",
body: JSON.stringify({ username, password }),
});
} catch (err) {
btn.disabled = false;
btn.classList.remove("loading");
errorMsg.textContent = "Errore di rete. Riprova.";
return;
}
btn.disabled = false;
btn.classList.remove("loading");
if (res.ok) {
// Redirect al profilo. Il cookie httpOnly è già stato impostato
// dal server nella response; sarà valido anche per console
// (stesso host:port in dev, stesso dominio padre in prod).
const next = new URLSearchParams(location.search).get("next");
window.location.href = next || "/profile";
} else {
let data = {};
try { data = await res.json(); } catch { /* ignore */ }
errorMsg.textContent =
data.message || "Errore durante il login.";
}
});
</script>
</body>
</html>

249
auth/src/pages/profile.html Normal file
View File

@@ -0,0 +1,249 @@
<!doctype html>
<html lang="it">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="/static/styles/style.css" />
<script src="/config.js"></script>
<title>MEB — Profilo</title>
</head>
<body class="page-profile">
<div class="profile-shell">
<header class="profile-topbar">
<div class="profile-brand">MEB</div>
<nav class="profile-nav" id="quickLinks">
<!-- popolato da JS in base a window.MEB_CONFIG -->
</nav>
<button
type="button"
class="btn-ghost"
id="logoutBtn"
title="Esci"
>
Logout
</button>
</header>
<main class="profile-main">
<section class="profile-hero card">
<div class="avatar" id="avatar">?</div>
<div class="hero-info">
<h1 id="username"></h1>
<p class="muted" id="memberSince">Caricamento…</p>
</div>
</section>
<section class="card">
<div class="card-header">
<h2>Sessioni attive</h2>
<span class="muted" id="sessionsCount"></span>
</div>
<div id="sessionsList" class="sessions-list">
<div class="muted">Caricamento sessioni…</div>
</div>
</section>
<section class="card">
<div class="card-header">
<h2>Informazioni account</h2>
</div>
<dl class="kv-grid">
<dt>ID utente</dt>
<dd id="userId" class="mono"></dd>
<dt>Sessione corrente</dt>
<dd id="currentSessionId" class="mono"></dd>
<dt>Ambiente</dt>
<dd id="envBadge"></dd>
</dl>
</section>
</main>
<div class="toast" id="toast"></div>
</div>
<script>
const cfg = window.MEB_CONFIG || {};
const $ = (id) => document.getElementById(id);
const fmtDate = (iso) => {
if (!iso) return "—";
try {
return new Date(iso).toLocaleString("it-IT", {
dateStyle: "medium",
timeStyle: "short",
});
} catch {
return iso;
}
};
const toast = (msg, kind = "info") => {
const el = $("toast");
el.textContent = msg;
el.className = "toast show " + kind;
clearTimeout(toast._t);
toast._t = setTimeout(() => (el.className = "toast"), 2500);
};
// ──────────────────────────────────────────────────────
// Quick links verso gli altri servizi (env-aware)
// ──────────────────────────────────────────────────────
function renderQuickLinks() {
const nav = $("quickLinks");
const links = [];
if (cfg.console)
links.push({ label: "Console", url: cfg.console });
if (cfg.api) links.push({ label: "API", url: cfg.api });
nav.innerHTML = links
.map(
(l) =>
`<a class="nav-link" href="${l.url}" target="_blank" rel="noopener">${l.label} ↗</a>`,
)
.join("");
$("envBadge").textContent = cfg.env || "development";
}
// ──────────────────────────────────────────────────────
// Carica dati utente. Se 401 → redirect a /login?next=/profile
// ──────────────────────────────────────────────────────
async function loadMe() {
const r = await fetch("/api/users/me", {
credentials: "same-origin",
});
if (r.status === 401) {
location.href =
"/login?next=" + encodeURIComponent(location.pathname);
return null;
}
if (!r.ok) throw new Error("Errore caricamento profilo");
return r.json();
}
async function loadSessions() {
const r = await fetch("/api/sessions", {
credentials: "same-origin",
});
if (!r.ok) throw new Error("Errore caricamento sessioni");
return r.json();
}
function renderProfile(payload) {
const user = payload.user || {};
const thisSession = payload.thisSession || {};
$("username").textContent = user.username || "—";
$("memberSince").textContent =
"Membro da " + fmtDate(user.created_at);
$("userId").textContent = user.id || "—";
$("currentSessionId").textContent = thisSession.id || "—";
const initial = (user.username || "?").slice(0, 1).toUpperCase();
$("avatar").textContent = initial;
}
function renderSessions(sessions) {
const list = $("sessionsList");
$("sessionsCount").textContent =
sessions.length + " session" + (sessions.length === 1 ? "e" : "i");
if (!sessions.length) {
list.innerHTML =
'<div class="muted">Nessuna sessione attiva.</div>';
return;
}
list.innerHTML = sessions
.map(
(s) => `
<div class="session-row ${s.is_current ? "is-current" : ""}" data-id="${s.id}">
<div class="session-info">
<div class="session-title">
${escapeHtml(s.device_name || "Dispositivo sconosciuto")}
${s.is_current ? '<span class="badge">attuale</span>' : ""}
</div>
<div class="session-meta muted">
${escapeHtml(s.device_os || "—")} · ${escapeHtml(s.ip_address || "—")}
</div>
<div class="session-meta muted">
Ultima attività: ${fmtDate(s.last_activity)}
</div>
</div>
${
s.is_current
? ""
: `<button class="btn-revoke" data-id="${s.id}">Revoca</button>`
}
</div>
`,
)
.join("");
list.querySelectorAll(".btn-revoke").forEach((btn) => {
btn.addEventListener("click", () =>
revokeSession(btn.dataset.id, btn),
);
});
}
function escapeHtml(s) {
return String(s).replace(
/[&<>"']/g,
(c) =>
({
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': "&quot;",
"'": "&#39;",
})[c],
);
}
async function revokeSession(id, btn) {
if (!confirm("Vuoi davvero revocare questa sessione?")) return;
btn.disabled = true;
btn.textContent = "...";
try {
const r = await fetch("/api/sessions/" + id, {
method: "DELETE",
credentials: "same-origin",
});
if (!r.ok) throw new Error();
toast("Sessione revocata", "ok");
const sessions = await loadSessions();
renderSessions(sessions);
} catch {
btn.disabled = false;
btn.textContent = "Revoca";
toast("Errore durante la revoca", "err");
}
}
async function logout() {
try {
await fetch("/api/logout", {
method: "POST",
credentials: "same-origin",
});
} catch {
/* ignore: redirigi comunque */
}
location.href = "/login";
}
$("logoutBtn").addEventListener("click", logout);
// Bootstrap
(async () => {
renderQuickLinks();
try {
const me = await loadMe();
if (!me) return; // già redirezionato
renderProfile(me);
const sessions = await loadSessions();
renderSessions(sessions);
} catch (err) {
toast(err.message || "Errore", "err");
}
})();
</script>
</body>
</html>

35
auth/src/routes/auth.js
View File

@@ -3,7 +3,8 @@ import { query } from "../data/db.js";
import { hash, verify } from "../core/securitycore.js";
import { sign, cookieOptions } from "../core/jwt.js";
import crypto from "crypto";
import {redis} from "../data/redis.js";
import { redis } from "../data/redis.js";
import { requireUserAuth } from "../middlewares/userware.js";
const router = Router();
const cookieName = process.env.COOKIE_NAME
@@ -35,7 +36,7 @@ router.post('/login', async (req, res) => {
const user = rows[0];
const ok = user ? await verify(password, user.password_hash) : false;
if (!ok) {
return res.status(400).json({ message: 'Invalid username or password' });
return res.status(401).json({ message: 'Invalid username or password' });
}
const ua = req.headers['user-agent'];
@@ -43,28 +44,36 @@ router.post('/login', async (req, res) => {
const sessionToken = crypto.randomUUID();
const ttlDays = 360;
const expiresAt = new Date(Date.now() + ttlDays * 86_400_000); //expires in 360 days
const { rows: srow } = await query('insert into sessions (user_id, session_token, device_name, device_os, ip_address, expires_at) values ($1, $2, $3, $4, $5, $6) returning id', [user.id, sessionToken, ua.slice(0, 100), '', ip?.slice(0, 45), ttlDays]);
const session_id = srow[0].id;
const jtoken = sign({ sub: user.id, session_id });
const { rows: srow } = await query(
`insert into sessions
(user_id, session_token, device_name, device_os, ip_address, expires_at)
values ($1, $2, $3, $4, $5, $6)
returning id, expires_at`,
[user.id, sessionToken, ua?.slice(0, 100) ?? '', 'macos', ip?.slice(0, 45), expiresAt]
);
const sessionId = srow[0].id;
const jtoken = sign({ sub: user.id, sessionId });
await redis.set(`usersession:${session_id}`, user.id, 'EX', ttlDays * 24 * 3600);
await redis.set(`online:${user.id}`, '1', 'EX', 60);
await redis.set(`user:session:${sessionId}`, user.id, 'EX', ttlDays * 24 * 3600);
await redis.set(`user:online:${user.id}`, '1', 'EX', 60);
res.cookie(cookieName, jtoken, cookieOptions);
res.json({
ok: true,
user: user.id,
session: session_id
session: sessionId
});
})
router.post('/logout', async (req, res) => {
await query('delete from sessions where id = $1', [req.user.sessionID]);
await redis.del(`online:${req.user.id}`);
res.clearCookie(cookieName);
router.post('/logout', requireUserAuth, async (req, res) => {
await query('delete from sessions where id = $1', [req.user.sessionId]);
await redis.del(`user:online:${req.user.id}`);
await redis.del(`user:session:${req.user.sessionId}`);
res.clearCookie(cookieName, { path: '/' });
res.json({ loggedOut: true });
})
export { router as authRouter };
export { router as authRouter };

45
auth/src/routes/pages.js Normal file
View File

@@ -0,0 +1,45 @@
import { Router } from "express";
import path from "path";
import { fileURLToPath } from "url";
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const pagesDirectory = path.join(__dirname, "../pages");
const router = Router();
// Redirect intelligente sulla root: se non loggato → login, altrimenti profile.
// Il check vero è fatto client-side dalla pagina target tramite /api/users/me;
// qui ci basiamo solo sulla presenza del cookie per scegliere la destinazione.
router.get('/', (req, res) => {
const cookieName = process.env.COOKIE_NAME;
if (req.cookies?.[cookieName]) return res.redirect('/profile');
return res.redirect('/login');
});
router.get('/login', (_req, res) => {
res.sendFile(path.join(pagesDirectory, 'login.html'));
});
router.get('/profile', (_req, res) => {
// L'auth è verificata client-side: la pagina fetch-a /api/users/me
// e se 401 redirige a /login. Pattern semplice da SPA.
res.sendFile(path.join(pagesDirectory, 'profile.html'));
});
// Endpoint dinamico che espone la config runtime alle pagine HTML.
// Le pagine fanno <script src="/config.js"></script> e poi leggono window.MEB_CONFIG.
// In questo modo gli URL dei servizi (console, api) sono iniettati dal server e
// cambiano automaticamente fra dev e prod senza toccare l'HTML.
router.get('/config.js', (_req, res) => {
const config = {
env: process.env.NODE_ENV || 'development',
console: process.env.CONSOLE_PUBLIC_URL || 'http://localhost:4003',
api: process.env.API_PUBLIC_URL || 'http://localhost:4000',
auth: process.env.AUTH_PUBLIC_URL || '', // vuoto = same-origin (la pagina è servita da auth)
};
res.type('application/javascript')
.set('Cache-Control', 'no-store')
.send(`window.MEB_CONFIG = Object.freeze(${JSON.stringify(config)});`);
});
export { router as pagesAPIs };

27
auth/src/routes/sessions.js Normal file
View File

@@ -0,0 +1,27 @@
import { Router } from 'express';
import { query } from '../data/db.js';
import { redis } from '../data/redis.js';
import { requireUserAuth} from '../middlewares/userware.js';
const router = Router();
router.get('/', requireUserAuth, async (req, res) => {
const { rows } = await query('select id, device_name, device_os, ip_address, created_at, last_activity, expires_at, (id = $2) as is_current from sessions where user_id = $1 and expires_at > now() order by created_at desc', [req.user.id, req.user.sessionId]);
res.json(rows);
});
router.delete('/:id', requireUserAuth, async (req, res) => {
const sessionID = req.params.id;
const { rows } = await query('select id from sessions where id = $1 and user_id = $2', [sessionID, req.user.id]);
if (!rows[0]) return res.status(404).json({ error: 'session not found' });
await query('delete from sessions where id = $1', [sessionID]);
await redis.del(`user:session:${sessionID}`);
await redis.publish(`user:session:revoked`, sessionID);
res.sendStatus(200);
});
export { router as sessionsAPIs };

31
auth/src/routes/users.js Normal file
View File

@@ -0,0 +1,31 @@
import { Router } from 'express';
import { query } from '../data/db.js';
import { requireUserAuth } from '../middlewares/userware.js';
const router = Router();
router.get('/me', requireUserAuth, async (req, res) => {
const { rows } = await query('select id, username, created_at from users where id = $1', [req.user.id]);
if (!rows[0]) return res.status(404).json({ message: 'User not found' });
res.json({
user: rows[0],
thisSession: { id: req.user.sessionId }
});
});
//ADMIN ONLY
// TODO: require admin-only auth
router.get('/', async (req, res) => {
const { rows } = await query('select id, username, created_at from users');
res.json(rows);
});
router.get('/:id', async (req, res) => {
const { rows } = await query('select id, username, created_at from users where id = $1', [req.params.id]);
if (!rows[0]) return res.status(404).json({ message: 'User not found' });
res.json(rows[0]);
});
export { router as userAPIs };

BIN
auth/src/static/fonts/elmssans.ttf Normal file
View File

Binary file not shown.

585
auth/src/static/styles/style.css Normal file
View File

@@ -0,0 +1,585 @@
@font-face {
font-family: "Elms";
src: url("../fonts/elmssans.ttf");
font-weight: normal;
font-style: normal;
}
*,
*::before,
*::after {
box-sizing: border-box;
margin: 0;
padding: 0;
}
/* ── Variabili tema ── */
:root {
--bg-body: #0f1117;
--bg-card: #1a1d27;
--border: #2a2d3a;
--text-primary: #f0f0f0;
--text-secondary: #6b7280;
--text-label: #9ca3af;
--input-bg: #0f1117;
--input-placeholder: #3d4150;
--accent: #4f8ef7;
--accent-hover: #3b7de8;
--accent-active: #2f6dd4;
--error: #f87171;
--shadow: rgba(0, 0, 0, 0.4);
--grad-1: #0f1117;
--grad-2: #1a1d27;
--grad-3: #0d1520;
--grad-4: #111827;
}
@media (prefers-color-scheme: light) {
:root {
--bg-body: #eef1f7;
--bg-card: #ffffff;
--border: #dde1ec;
--text-primary: #111827;
--text-secondary: #6b7280;
--text-label: #4b5563;
--input-bg: #f5f7fc;
--input-placeholder: #b0b8cc;
--accent: #3b7de8;
--accent-hover: #2f6dd4;
--accent-active: #2260be;
--error: #dc2626;
--shadow: rgba(0, 0, 0, 0.1);
--grad-1: #dce8ff;
--grad-2: #eef1f7;
--grad-3: #d4e4fb;
--grad-4: #e8edf8;
}
}
/* ── Sfondo animato ── */
@keyframes gradientShift {
0% {
background-position: 0% 50%;
}
50% {
background-position: 100% 50%;
}
100% {
background-position: 0% 50%;
}
}
body {
font-family: "Elms", sans-serif;
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
background: linear-gradient(
135deg,
var(--grad-1),
var(--grad-2),
var(--grad-3),
var(--grad-4)
);
background-size: 400% 400%;
animation: gradientShift 12s ease infinite;
}
/* ── Card ── */
.login-container {
width: 100%;
max-width: 400px;
padding: 48px 40px;
background-color: var(--bg-card);
border-radius: 16px;
border: 1px solid var(--border);
box-shadow: 0 24px 48px var(--shadow);
transition:
background-color 0.3s,
border-color 0.3s;
}
.login-logo {
font-size: 13px;
font-weight: bold;
letter-spacing: 4px;
color: var(--accent);
text-transform: uppercase;
margin-bottom: 24px;
}
.login-container h1 {
font-size: 26px;
color: var(--text-primary);
margin-bottom: 8px;
transition: color 0.3s;
}
.login-container p {
font-size: 14px;
color: var(--text-secondary);
margin-bottom: 32px;
line-height: 1.5;
transition: color 0.3s;
}
/* ── Form ── */
.login-form {
display: flex;
flex-direction: column;
gap: 20px;
}
.input-group {
display: flex;
flex-direction: column;
gap: 6px;
}
.input-group label {
font-size: 13px;
color: var(--text-label);
letter-spacing: 0.3px;
transition: color 0.3s;
}
.input-group input {
width: 100%;
padding: 12px 14px;
background-color: var(--input-bg);
border: 1px solid var(--border);
border-radius: 8px;
color: var(--text-primary);
font-family: "Elms", sans-serif;
font-size: 15px;
outline: none;
transition:
border-color 0.2s,
background-color 0.3s,
color 0.3s;
}
.input-group input::placeholder {
color: var(--input-placeholder);
}
.input-group input:focus {
border-color: var(--accent);
}
.error-message {
font-size: 13px;
color: var(--error);
min-height: 18px;
transition: color 0.3s;
}
/* ── Bottone ── */
@keyframes btnPulse {
0% {
box-shadow: 0 0 0 0 rgba(79, 142, 247, 0.5);
}
70% {
box-shadow: 0 0 0 10px rgba(79, 142, 247, 0);
}
100% {
box-shadow: 0 0 0 0 rgba(79, 142, 247, 0);
}
}
@keyframes btnSpin {
to {
transform: rotate(360deg);
}
}
.btn-login {
width: 100%;
padding: 13px;
background-color: var(--accent);
color: #fff;
border: none;
border-radius: 8px;
font-family: "Elms", sans-serif;
font-size: 15px;
cursor: pointer;
position: relative;
overflow: hidden;
display: flex;
align-items: center;
justify-content: center;
gap: 8px;
transition:
background-color 0.2s,
transform 0.15s,
box-shadow 0.2s;
}
.btn-login::after {
content: "";
position: absolute;
width: 100%;
height: 100%;
background: rgba(255, 255, 255, 0.08);
top: 0;
left: -100%;
transition: left 0.3s ease;
}
.btn-login:hover::after {
left: 0;
}
.btn-login:hover {
background-color: var(--accent-hover);
transform: translateY(-2px);
box-shadow: 0 6px 20px rgba(79, 142, 247, 0.35);
}
.btn-login:active {
background-color: var(--accent-active);
transform: translateY(0px);
box-shadow: none;
animation: btnPulse 0.4s ease-out;
}
.btn-login:disabled {
opacity: 0.6;
cursor: not-allowed;
transform: none;
box-shadow: none;
}
.btn-spinner {
width: 16px;
height: 16px;
border: 2px solid rgba(255, 255, 255, 0.3);
border-top-color: #fff;
border-radius: 50%;
animation: btnSpin 0.7s linear infinite;
display: none;
flex-shrink: 0;
}
.btn-login.loading .btn-spinner {
display: block;
}
.btn-login.loading .btn-label {
opacity: 0.7;
}
/* ════════════════════════════════════════════════════════════
PAGINA PROFILO
════════════════════════════════════════════════════════════ */
body.page-profile {
display: block;
align-items: stretch;
justify-content: stretch;
}
.profile-shell {
max-width: 960px;
margin: 0 auto;
padding: 32px 20px 80px;
}
/* ── Topbar ── */
.profile-topbar {
display: flex;
align-items: center;
gap: 24px;
padding: 12px 0 28px;
border-bottom: 1px solid var(--border);
margin-bottom: 32px;
}
.profile-brand {
font-size: 13px;
font-weight: bold;
letter-spacing: 4px;
color: var(--accent);
text-transform: uppercase;
}
.profile-nav {
display: flex;
gap: 8px;
flex: 1;
}
.nav-link {
padding: 8px 14px;
border-radius: 8px;
border: 1px solid var(--border);
color: var(--text-primary);
text-decoration: none;
font-size: 13px;
transition:
background 0.15s,
border-color 0.15s,
transform 0.1s;
}
.nav-link:hover {
border-color: var(--accent);
background: var(--input-bg);
transform: translateY(-1px);
}
.btn-ghost {
padding: 8px 16px;
background: transparent;
color: var(--text-primary);
border: 1px solid var(--border);
border-radius: 8px;
cursor: pointer;
font-family: "Elms", sans-serif;
font-size: 13px;
transition:
background 0.15s,
border-color 0.15s,
color 0.15s;
}
.btn-ghost:hover {
border-color: var(--error);
color: var(--error);
}
/* ── Main grid ── */
.profile-main {
display: grid;
gap: 24px;
}
/* ── Card base ── */
.card {
background-color: var(--bg-card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 28px;
box-shadow: 0 8px 24px var(--shadow);
}
.card-header {
display: flex;
align-items: baseline;
justify-content: space-between;
margin-bottom: 20px;
}
.card-header h2 {
font-size: 16px;
font-weight: 500;
color: var(--text-primary);
}
.muted {
color: var(--text-secondary);
font-size: 13px;
}
/* ── Hero ── */
.profile-hero {
display: flex;
align-items: center;
gap: 24px;
}
.avatar {
width: 72px;
height: 72px;
border-radius: 50%;
background: linear-gradient(
135deg,
var(--accent),
var(--accent-active)
);
color: #fff;
display: flex;
align-items: center;
justify-content: center;
font-size: 30px;
font-weight: bold;
flex-shrink: 0;
box-shadow: 0 4px 14px rgba(79, 142, 247, 0.35);
}
.hero-info h1 {
font-size: 24px;
color: var(--text-primary);
margin-bottom: 4px;
}
/* ── Sessions list ── */
.sessions-list {
display: flex;
flex-direction: column;
gap: 12px;
}
.session-row {
display: flex;
align-items: center;
justify-content: space-between;
gap: 16px;
padding: 16px;
border: 1px solid var(--border);
border-radius: 10px;
background: var(--input-bg);
transition: border-color 0.15s;
}
.session-row.is-current {
border-color: var(--accent);
background: rgba(79, 142, 247, 0.05);
}
.session-info {
flex: 1;
min-width: 0;
}
.session-title {
font-size: 14px;
color: var(--text-primary);
margin-bottom: 4px;
display: flex;
align-items: center;
gap: 8px;
}
.session-meta {
font-size: 12px;
line-height: 1.6;
}
.badge {
font-size: 10px;
padding: 2px 8px;
border-radius: 10px;
background: var(--accent);
color: #fff;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.btn-revoke {
padding: 8px 14px;
background: transparent;
color: var(--error);
border: 1px solid var(--border);
border-radius: 8px;
cursor: pointer;
font-family: "Elms", sans-serif;
font-size: 12px;
transition:
background 0.15s,
border-color 0.15s;
}
.btn-revoke:hover:not(:disabled) {
background: rgba(248, 113, 113, 0.1);
border-color: var(--error);
}
.btn-revoke:disabled {
opacity: 0.6;
cursor: wait;
}
/* ── kv grid (account info) ── */
.kv-grid {
display: grid;
grid-template-columns: 180px 1fr;
gap: 12px 20px;
font-size: 13px;
}
.kv-grid dt {
color: var(--text-label);
}
.kv-grid dd {
color: var(--text-primary);
}
.mono {
font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
font-size: 12px;
word-break: break-all;
}
/* ── Toast ── */
.toast {
position: fixed;
bottom: 24px;
left: 50%;
transform: translateX(-50%) translateY(20px);
padding: 12px 20px;
border-radius: 10px;
background: var(--bg-card);
border: 1px solid var(--border);
color: var(--text-primary);
box-shadow: 0 8px 24px var(--shadow);
opacity: 0;
pointer-events: none;
transition:
opacity 0.2s,
transform 0.2s;
font-size: 13px;
}
.toast.show {
opacity: 1;
transform: translateX(-50%) translateY(0);
}
.toast.ok {
border-color: #22c55e;
}
.toast.err {
border-color: var(--error);
}
/* ── Responsive ── */
@media (max-width: 600px) {
.profile-topbar {
flex-wrap: wrap;
gap: 12px;
}
.profile-nav {
order: 3;
width: 100%;
}
.profile-hero {
flex-direction: column;
text-align: center;
}
.kv-grid {
grid-template-columns: 1fr;
gap: 4px 0;
}
.kv-grid dt {
margin-top: 12px;
}
.session-row {
flex-direction: column;
align-items: stretch;
}
.btn-revoke {
width: 100%;
}
}

12
console/package.json Normal file
View File

@@ -0,0 +1,12 @@
{
"name": "console",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC"
}

1
console/src/index.js Normal file
View File

@@ -0,0 +1 @@

8
stream/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM node:20-alpine
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
COPY package.json ./
RUN pnpm install
COPY . .
EXPOSE 3000
CMD ["pnpm", "exec", "nodemon", "src/index.js"]

24
stream/package.json Normal file
View File

@@ -0,0 +1,24 @@
{
"name": "stream",
"version": "1.0.0",
"description": "MEB stream service — sensor WebSocket ingest to InfluxDB",
"main": "src/index.js",
"scripts": {
"start": "node src/index.js",
"dev": "nodemon src/index.js"
},
"type": "module",
"license": "ISC",
"packageManager": "pnpm@9.15.0",
"dependencies": {
"@influxdata/influxdb-client": "^1.35.0",
"@msgpack/msgpack": "^3.1.2",
"express": "^5.2.1",
"ioredis": "^5.10.1",
"pg": "^8.21.0",
"ws": "^8.18.0"
},
"devDependencies": {
"nodemon": "^3.1.14"
}
}

28
stream/src/core/securitycore.js Normal file
View File

@@ -0,0 +1,28 @@
import crypto from 'crypto';
const SECRET = process.env.SENSOR_SECURITY_SECRET;
/**
* Calcola l'HMAC-SHA256 del codice sensore con il secret token server-side.
* - return {String} l'hash in formato hex
*/
export function getHmac(code) {
return crypto.createHmac('sha256', SECRET || '').update(code).digest('hex');
}
/**
* Verifica timing-safe del codice a partire dal suo hash salvato..
* - return {Boolean} true se il codice è valido, false altrimenti
*/
export function verify(code, hash) {
if (!code || !hash || !SECRET) return false;
try {
const computed = getHmac(code);
const a = Buffer.from(computed, 'hex');
const b = Buffer.from(hash, 'hex');
if (a.length !== b.length) return false;
return crypto.timingSafeEqual(a, b);
} catch {
return false;
}
}

26
stream/src/core/sessioncore.js Normal file
View File

@@ -0,0 +1,26 @@
import { queryData as data } from '../data/db.js'
const maxTries = 10;
/*
Generates a random, unique session ID like `s00123`.
*/
function makeID() {
const n = Math.floor(Math.random() * 100_000).toString().padStart(5, '0');
return `s${n}`;
}
/*
Creates a new session by generating a unique ID and checking for conflicts in the database.
*/
export async function newSession() {
for (let i = 0; i < maxTries; i++) {
const id = makeID();
const { rows } = await data(`select 1 from telemetrysessions where session_id = $1 and ended_at is null`, [id]);
if (rows.length === 0) {
return id;
}
}
throw new Error('Failed to create session');
}

32
stream/src/data/db.js Normal file
View File

@@ -0,0 +1,32 @@
import pg from 'pg';
// Pool per il database "sensors": lookup sensori + verifica code_hash
export const sensorsDb = new pg.Pool({
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
host: process.env.DB_HOST,
port: process.env.DB_PORT,
database: 'sensors',
max: 5,
idleTimeoutMillis: 30_000,
});
// Pool per il database "data": gestione tabella telemetrysessions
export const dataDb = new pg.Pool({
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
host: process.env.DB_HOST,
port: process.env.DB_PORT,
database: 'data',
max: 10,
idleTimeoutMillis: 30_000,
});
export function querySensors(text, params) {
return sensorsDb.query(text, params);
}
export function queryData(text, params) {
return dataDb.query(text, params);
}

32
stream/src/data/influx.js Normal file
View File

@@ -0,0 +1,32 @@
import { InfluxDB, Point } from '@influxdata/influxdb-client';
const url = process.env.INFLUX_URL;
const token = process.env.INFLUX_TOKEN;
const org = process.env.INFLUX_ORG;
const bucket = process.env.INFLUX_BUCKET;
if (!url || !token || !org || !bucket) {
console.error('[influx] configurazione mancante — verifica INFLUX_URL/INFLUX_TOKEN/INFLUX_ORG/INFLUX_BUCKET');
}
const influxDB = new InfluxDB({ url, token });
// Configurazione write API: sincrono, no batching, no retry interno (lasciamo che il
// fallimento si propaghi così possiamo chiudere il WS e far ripartire il plugin)
const writeApi = influxDB.getWriteApi(org, bucket, 'ns', {
batchSize: 1,
flushInterval: 0,
maxRetries: 0,
maxBufferLines: 1, // niente accumulo locale
});
/**
* Scrive un Point su InfluxDB in modo sincrono.
* Lancia su errore — il chiamante deve gestire (chiusura WS).
*/
export async function writePoint(point) {
writeApi.writePoint(point);
await writeApi.flush(true); // true = throw on error
}
export { Point };

18
stream/src/data/redis.js Normal file
View File

@@ -0,0 +1,18 @@
import Redis from 'ioredis';
const baseOpts = {
host: process.env.REDIS_HOST,
port: Number(process.env.REDIS_PORT),
password: process.env.REDIS_PASSWORD,
};
// Client principale: SET/GET/SETEX/GETDEL/INCR/PUBLISH
const client = new Redis(baseOpts);
// Client dedicato per SUBSCRIBE (ioredis non permette comandi normali su un client subscribed)
const sub = new Redis(baseOpts);
client.on('error', (e) => console.error('[redis] client error', e.message));
sub.on('error', (e) => console.error('[redis] sub error', e.message));
export { client as redis, sub as redisSub };

44
stream/src/routes/connect.js Normal file
View File

@@ -0,0 +1,44 @@
import { Router } from 'express';
import crypto from 'crypto';
import { querySensors as sensors } from '../data/db.js';
import { redis } from '../data/redis.js';
import { verify } from '../core/securitycore.js';
const router = Router();
const rateLimiter = 10;
const rateLimitWindow = 60;
router.post('/connect', async (req, res) => {
const { sensorID, code } = req.body;
const ip = (req.headers['x-forwarded-for']?.split(',')[0]?.trim()) || req.socket.remoteAddress || 'unknown';
const tryKey = `streamconnect:fail:${ip}`;
const fails = Number(await redis.get(tryKey).catch(() => 0));
if (fails >= rateLimiter) {
return res.status(429).json({ error: 'Too many failed attempts' });
}
if (!sensorID || !code) {
await redis.multi().incr(tryKey).expire(tryKey, rateLimitWindow).exec().catch(() => { });
return res.status(400).json({ error: 'sensor and code are required' });
}
const { rows } = await sensors('select id, name, code_hash from sensors where id = $1', [sensorID]);
if (rows.length === 0) {
return res.status(404).json({ error: 'sensor not found' });
}
if (!rows[0] || !verify(code, rows[0].code_hash)) {
await redis.multi().incr(tryKey).expire(tryKey, rateLimitWindow).exec().catch(() => { });
return res.status(401).json({ error: 'invalid code' });
}
const token = crypto.randomUUID();
await redis.set(`sensor:pending:${token}`, rows[0].id, 'EX', 5);
res.json({
token,
expiresIn: 5
})
})
export { router as connectsAPI }

3
stream/src/ws/connection.js Normal file
View File

@@ -0,0 +1,3 @@
import { encode, decode } from '@msgpack/msgpack';
import { queryData as datas } from '../data/db.js';
import { write, point } from '';

44
stream/src/ws/upgrade.js Normal file
View File

@@ -0,0 +1,44 @@
import { URL } from 'url';
import { redis } from '../data/redis';
import { querySensors as sensors } from '../data/db';
export function buildUpgradeHandler(wss) {
return async function upgradeHandler(req, socket, head) {
try {
const url = new URL(req.url, 'http://localhost');
const token = url.searchParams.get('token');
if (!token) {
socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
return socket.destroy();
}
const pendingSensor = await redis.getdel(`sensors:pending:${token}`);
if (!pendingSensor) {
socket.write('HTTP/1.1 404 Not Found\r\n\r\n');
return socket.destroy();
}
const { rows } = await sensors('select id, name from sensors where id = $1', [pendingSensor]);
const sensor = rows[0];
if (!sensor) {
socket.write('HTTP/1.1 404 Not Found\r\n\r\n');
return socket.destroy();
}
wss.handleUpgrade(req, socket, head, (ws) => {
ws._sensor = sensor;
wss.emit('connection', ws, req);
});
} catch (error) {
console.error('error in upgrading conenction with sensor to ws with error: ', error);
try {
socket.destroy();
} catch (destroyError) {
console.error('error destroying socket: ', destroyError);
}
}
};
}