Merge branch 'main' into production

.env

@@ -11,6 +11,7 @@ NODE_ENV=development
 DATABASE=mysql://cart:cartpw@localhost:3306/cart
 # DATABASE=mysql://cart:cartpw@192.168.0.10:3306/cart_dev
 NEXT_PUBLIC_PUBLIC_URL=https://localhost:3003
+ADMIN_PASSWORD=123456
 
 # // owner: dobromir.popov@gmail.com | Специално Свидетелстване София
 # // https://console.cloud.google.com/apis/credentials/oauthclient/926212607479-d3m8hm8f8esp3rf1639prskn445sa01v.apps.googleusercontent.com?project=grand-forge-108716 

_deploy/deoloy.azure.production.yml

@@ -18,6 +18,7 @@ services:
       - GIT_BRANCH=production
       - GIT_USERNAME=deploy
       - GIT_PASSWORD=L3Kr2R438u4F7
+      - ADMIN_PASSWORD=changeme
     command: sh -c " cd /app && npm install && npm run prod; tail -f /dev/null"
     #command: sh -c " cd /app && tail -f /dev/null"
     tty: true

_deploy/deoloy.azure.staging.yml

@@ -15,6 +15,7 @@ services:
       - GIT_BRANCH=main
       - GIT_USERNAME=deploy
       - GIT_PASSWORD=L3Kr2R438u4F7
+      - ADMIN_PASSWORD=kolichkisofia2024
     command: sh -c " cd /app && npm install && npx next build && npm run start-env; tail -f /dev/null"
     tty: true
     stdin_open: true

_doc/ToDo.md

@@ -250,6 +250,7 @@ in schedule admin - if a publisher is always pair & family is not in the shift -
 [] invalidate one/all user sessions
 [] log deletions
 [] add user permissions [with logging when used]
+[] ? store sessions in DB ?
 
 
 [] improve reports page(s)
@@ -261,3 +262,4 @@ in schedule admin - if a publisher is always pair & family is not in the shift -
 [] allow blocking of inputs (different from publishing)
 [] user - add createdAt field
 
+[] FIX insecure logins

components/PwaManager.tsx

@@ -141,7 +141,8 @@ function PwaManager({ subs }) {
                     body: JSON.stringify({ subscription: sub, id: session.user.id })
                 }).then(async response => {
                     if (!response.ok) {
-                        throw new Error('Failed to save subscription data on server.');
+                        //throw new Error('Failed to save subscription data on server.');
+                        console.log('Failed to save subscription data on server.');
                     }
                     else {
                         console.log('Subscription data saved on server.');

components/PwaManagerNotifications.tsx

@@ -102,7 +102,8 @@ function PwaManagerNotifications() {
                 body: JSON.stringify({ subscription: sub, id: session.user.id })
             }).then(async response => {
                 if (!response.ok) {
-                    throw new Error('Failed to save subscription data on server.');
+                    // throw new Error('Failed to save subscription data on server.');
+                    console.log('Failed to save subscription data on server.');
                 }
                 else {
                     console.log('Subscription data saved on server.');

pages/api/auth/[...nextauth].ts

@@ -72,10 +72,9 @@ export const authOptions: NextAuthOptions = {
         password: { label: "Парола", type: "password" }
       },
       async authorize(credentials, req) {
+
         const users = [
-          { id: "1", name: "admin", email: "admin@example.com", password: "admin123", role: "ADMIN", static: true },
-          { id: "2", name: "krasi", email: "krasi@example.com", password: "krasi123", role: "ADMIN", static: true },
-          { id: "3", name: "popov", email: "popov@example.com", password: "popov123", role: "ADMIN", static: true }
+          { id: "1", name: "admin", email: "admin@example.com", password: process.env.ADMIN_PASSWORD, role: "ADMIN", static: true }
         ];
 
         const user = users.find(user =>
@@ -83,6 +82,11 @@ export const authOptions: NextAuthOptions = {
         );
 
         if (user) {
+          const remoteIP = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
+          const userAgent = req.headers['user-agent'];
+          const message = "login form built-in admin account from ip:" + remoteIP + " user-agent:" + userAgent;
+          console.log(message);
+          logger.info(message);
           return user;
         }
         else {
@@ -118,31 +122,35 @@ export const authOptions: NextAuthOptions = {
             }
           }
           else {
-            const pub = await prisma.publisher.findUnique({ where: { email: credentials.username } });
-            if (pub) {
-              const passHash = await bcrypt.hash(credentials.password, 10);
-              const mailVerifyToken = await bcrypt.hash(pub.email, 10);
-              const date = new Date().getTime();
-              const emailVerifyToken = date + "_" + mailVerifyToken;
-              const newUser = await prisma.user.create({
-                data: {
-                  name: credentials.username,
-                  email: credentials.username,
-                  passwordHashLocalAccount: passHash,
-                  emailVerifyToken: emailVerifyToken
-                }
-              });
-              console.log("New local credential user created for publisher ", pub.firstName, " ", pub.lastName, " (", pub.email, ")");
-              logger.info("New local credential user created for publisher ", pub.firstName, " ", pub.lastName, " (", pub.email, ")");
-              emailHelper.SendEmail_ValidateTemplate(pub.email, emailVerifyToken, pub.firstName, pub.lastName);
-              //return newUser;
-              throw new Error("Моля проверете вашия имейл '" + credentials?.username + "' за да потвърдите регистрацията си.");
-            }
-            else {
+            try {
+              const pub = await prisma.publisher.findUnique({ where: { email: credentials.username } });
+              if (pub) {
+                const passHash = await bcrypt.hash(credentials.password, 10);
+                const mailVerifyToken = await bcrypt.hash(pub.email, 10);
+                const date = new Date().getTime();
+                const emailVerifyToken = date + "_" + mailVerifyToken;
+                const newUser = await prisma.user.create({
+                  data: {
+                    name: credentials.username,
+                    email: credentials.username,
+                    passwordHashLocalAccount: passHash,
+                    emailVerifyToken: emailVerifyToken
+                  }
+                });
+                console.log("New local credential user created for publisher ", pub.firstName, " ", pub.lastName, " (", pub.email, ")");
+                logger.info("New local credential user created for publisher ", pub.firstName, " ", pub.lastName, " (", pub.email, ")");
+                emailHelper.SendEmail_ValidateTemplate(pub.email, emailVerifyToken, pub.firstName, pub.lastName);
+                //return newUser;
+                throw new Error("Моля проверете вашия имейл '" + credentials?.username + "' за да потвърдите регистрацията си.");
+              }
+              else {
 
+                throw new Error("Не можем да намерим твоя имейл '" + credentials?.username + "' в участниците в ССОМ. Моля свържи се с нас за да те регистрираме ако искаш да ползваш този имейл.");
+              }
+            } catch (err) {
+              console.log("Error in credentials authorize:", err);
               throw new Error("Не можем да намерим твоя имейл '" + credentials?.username + "' в участниците в ССОМ. Моля свържи се с нас за да те регистрираме ако искаш да ползваш този имейл.");
             }
-
           }
         }
       }