Move dashboard server into project

inventory-server/dashboard/auth-server/.env.example

@@ -0,0 +1,10 @@
+# Server Configuration
+NODE_ENV=development
+PORT=3003
+
+# Authentication
+JWT_SECRET=your-secret-key-here
+DASHBOARD_PASSWORD=your-dashboard-password-here
+
+# Cookie Settings
+COOKIE_DOMAIN=localhost # In production: .kent.pw 

inventory-server/dashboard/auth-server/index.js

@@ -0,0 +1,203 @@
+// auth-server/index.js
+const path = require('path');
+require('dotenv').config({ path: path.join(__dirname, '.env') });
+const express = require('express');
+const cors = require('cors');
+const cookieParser = require('cookie-parser');
+const jwt = require('jsonwebtoken');
+
+// Debug environment variables
+console.log('Environment variables loaded from:', path.join(__dirname, '.env'));
+console.log('Current directory:', __dirname);
+console.log('Available env vars:', Object.keys(process.env));
+
+const app = express();
+const PORT = process.env.PORT || 3003;
+const JWT_SECRET = process.env.JWT_SECRET;
+const DASHBOARD_PASSWORD = process.env.DASHBOARD_PASSWORD;
+
+// Validate required environment variables
+if (!JWT_SECRET || !DASHBOARD_PASSWORD) {
+  console.error('Missing required environment variables:');
+  if (!JWT_SECRET) console.error('- JWT_SECRET');
+  if (!DASHBOARD_PASSWORD) console.error('- DASHBOARD_PASSWORD');
+  process.exit(1);
+}
+
+// Middleware
+app.use(express.json());
+app.use(cookieParser());
+
+// Configure CORS
+const corsOptions = {
+  origin: function(origin, callback) {
+    const allowedOrigins = [
+      'http://localhost:3000',
+      'https://dashboard.kent.pw'
+    ];
+    
+    console.log('CORS check for origin:', origin);
+    
+    // Allow local network IPs (192.168.1.xxx)
+    if (origin && origin.match(/^http:\/\/192\.168\.1\.\d{1,3}(:\d+)?$/)) {
+      callback(null, true);
+      return;
+    }
+    
+    // Check if origin is in allowed list
+    if (!origin || allowedOrigins.indexOf(origin) !== -1) {
+      callback(null, true);
+    } else {
+      callback(new Error('Not allowed by CORS'));
+    }
+  },
+  credentials: true,
+  methods: ['GET', 'POST', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'Accept'],
+  exposedHeaders: ['Set-Cookie']
+};
+
+app.use(cors(corsOptions));
+app.options('*', cors(corsOptions));
+
+// Debug logging
+app.use((req, res, next) => {
+  console.log(`${new Date().toISOString()} ${req.method} ${req.url}`);
+  console.log('Headers:', req.headers);
+  console.log('Cookies:', req.cookies);
+  next();
+});
+
+// Health check endpoint
+app.get('/health', (req, res) => {
+  res.json({ 
+    status: 'ok',
+    timestamp: new Date().toISOString()
+  });
+});
+
+// Auth endpoints
+app.post('/login', (req, res) => {
+  console.log('Login attempt received');
+  console.log('Request body:', req.body);
+  console.log('Origin:', req.headers.origin);
+  
+  const { password } = req.body;
+  
+  if (!password) {
+    console.log('No password provided');
+    return res.status(400).json({
+      success: false,
+      message: 'Password is required'
+    });
+  }
+
+  console.log('Comparing passwords...');
+  console.log('Provided password length:', password.length);
+  console.log('Expected password length:', DASHBOARD_PASSWORD.length);
+  
+  if (password === DASHBOARD_PASSWORD) {
+    console.log('Password matched');
+    const token = jwt.sign({ authorized: true }, JWT_SECRET, {
+      expiresIn: '24h'
+    });
+
+    // Determine if request is from local network
+    const isLocalNetwork = req.headers.origin?.includes('192.168.1.') || req.headers.origin?.includes('localhost');
+    
+    const cookieOptions = {
+      httpOnly: true,
+      secure: !isLocalNetwork, // Only use secure for non-local requests
+      sameSite: isLocalNetwork ? 'lax' : 'none',
+      path: '/',
+      maxAge: 24 * 60 * 60 * 1000 // 24 hours
+    };
+
+    // Only set domain for production
+    if (!isLocalNetwork) {
+      cookieOptions.domain = '.kent.pw';
+    }
+
+    console.log('Setting cookie with options:', cookieOptions);
+    res.cookie('token', token, cookieOptions);
+    
+    console.log('Response headers:', res.getHeaders());
+    res.json({ 
+      success: true,
+      debug: { 
+        origin: req.headers.origin,
+        cookieOptions 
+      }
+    });
+  } else {
+    console.log('Password mismatch');
+    res.status(401).json({
+      success: false,
+      message: 'Invalid password'
+    });
+  }
+});
+
+// Modify the check endpoint to log more info
+app.get('/check', (req, res) => {
+  console.log('Auth check received');
+  console.log('All cookies:', req.cookies);
+  console.log('Headers:', req.headers);
+  
+  const token = req.cookies.token;
+  
+  if (!token) {
+    console.log('No token found in cookies');
+    return res.status(401).json({ 
+      authenticated: false,
+      error: 'no_token' 
+    });
+  }
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    console.log('Token verified successfully:', decoded);
+    res.json({ authenticated: true });
+  } catch (err) {
+    console.log('Token verification failed:', err.message);
+    res.status(401).json({ 
+      authenticated: false,
+      error: 'invalid_token',
+      message: err.message
+    });
+  }
+});
+
+app.post('/logout', (req, res) => {
+  const isLocalNetwork = req.headers.origin?.includes('192.168.1.') || req.headers.origin?.includes('localhost');
+  const cookieOptions = {
+    httpOnly: true,
+    secure: !isLocalNetwork,
+    sameSite: isLocalNetwork ? 'lax' : 'none',
+    path: '/',
+    domain: isLocalNetwork ? undefined : '.kent.pw'
+  };
+  
+  console.log('Clearing cookie with options:', cookieOptions);
+  res.clearCookie('token', cookieOptions);
+  res.json({ success: true });
+});
+
+// Error handling middleware
+app.use((err, req, res, next) => {
+  console.error('Server error:', err);
+  res.status(500).json({ 
+    success: false, 
+    message: 'Internal server error',
+    error: err.message 
+  });
+});
+
+// Start server
+app.listen(PORT, () => {
+  console.log(`Auth server running on port ${PORT}`);
+  console.log('Environment:', process.env.NODE_ENV);
+  console.log('CORS origins:', corsOptions.origin);
+  console.log('JWT_SECRET length:', JWT_SECRET?.length);
+  console.log('DASHBOARD_PASSWORD length:', DASHBOARD_PASSWORD?.length);
+});

inventory-server/dashboard/auth-server/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "auth-server",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.5",
+    "date-fns": "^4.1.0",
+    "date-fns-tz": "^3.2.0",
+    "dotenv": "^16.4.7",
+    "express": "^4.21.1",
+    "express-session": "^1.18.1",
+    "jsonwebtoken": "^9.0.2"
+  }
+}