ag/unisono
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth implemented

Browse Source
This commit is contained in:
AG
2025-10-13 18:18:34 +03:00
parent 6e587e8aa7
commit 60e9c24440
28 changed files with 1251 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/.env
View File

@@ -1,2 +1,3 @@
GEMINI_API_KEY=YOUR_GEMINI_API_KEY
ENCRYPTION_KEY=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
GEMINI_API_KEY="AIzaSyDke9H2NhiG6rBwxT0qrdYgnNoNZm_0j58"
ENCRYPTION_KEY=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
AUTH_PASSPHRASE="HonorableHumansPrivilegeIsToBeAllowedHere"

64
backend/dist/api/auth.js vendored Normal file
View File

@@ -0,0 +1,64 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
// backend/src/api/auth.ts
const express_1 = __importDefault(require("express"));
const dotenv = __importStar(require("dotenv"));
const path = __importStar(require("path"));
const AuthService_1 = require("../services/AuthService");
const SessionService_1 = require("../services/SessionService");
const AuthLogger_1 = require("../services/AuthLogger");
dotenv.config({ path: path.resolve(__dirname, '../../.env') });
const SESSION_SECRET = process.env.SESSION_SECRET;
const JWT_SECRET = process.env.JWT_SECRET;
if (!SESSION_SECRET) {
throw new Error('SESSION_SECRET is not defined in the environment variables.');
}
if (!JWT_SECRET) {
throw new Error('JWT_SECRET is not defined in the environment variables.');
}
const router = express_1.default.Router();
router.post('/passphrase', (req, res) => {
const { passphrase } = req.body;
const ipAddress = req.ip || ''; // Get IP address for logging, default to empty string if undefined
if (!passphrase) {
AuthLogger_1.AuthLogger.logAttempt('failure', ipAddress);
return res.status(400).json({ message: 'Passphrase is required.' });
}
if (AuthService_1.AuthService.validatePassphrase(passphrase)) {
const session = SessionService_1.SessionService.createSession();
SessionService_1.SessionService.authenticateSession(session.id);
AuthLogger_1.AuthLogger.logAttempt('success', ipAddress);
return res.status(200).json({ message: 'Authentication successful', sessionToken: session.id });
}
else {
AuthLogger_1.AuthLogger.logAttempt('failure', ipAddress);
return res.status(401).json({ message: 'Invalid passphrase' });
}
});
exports.default = router;

28
backend/dist/index.js vendored Normal file
View File

@@ -0,0 +1,28 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const dotenv_1 = __importDefault(require("dotenv"));
dotenv_1.default.config();
const express_1 = __importDefault(require("express"));
const http_1 = __importDefault(require("http"));
const ws_1 = require("./ws");
const sessions_1 = __importDefault(require("./routes/sessions"));
const auth_1 = __importDefault(require("./api/auth"));
const authMiddleware_1 = require("./middleware/authMiddleware"); // Import the middleware
const cors_1 = __importDefault(require("cors"));
const app = (0, express_1.default)();
const server = http_1.default.createServer(app);
// Middleware
app.use(express_1.default.json());
app.use((0, cors_1.default)());
// API Routes
app.use('/', authMiddleware_1.authMiddleware, sessions_1.default); // Apply middleware to sessionsRouter
app.use('/api/auth', auth_1.default);
// Create and attach WebSocket server
(0, ws_1.createWebSocketServer)(server);
const PORT = process.env.PORT || 8000;
server.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});

18
backend/dist/middleware/authMiddleware.js vendored Normal file
View File

@@ -0,0 +1,18 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.authMiddleware = void 0;
const SessionService_1 = require("../services/SessionService");
const authMiddleware = (req, res, next) => {
const sessionToken = req.headers['x-session-token']; // Assuming token is sent in a header
if (!sessionToken) {
return res.status(401).json({ message: 'No session token provided.' });
}
const session = SessionService_1.SessionService.getSession(sessionToken);
if (!session || !session.isAuthenticated) {
return res.status(401).json({ message: 'Invalid or unauthenticated session.' });
}
// Optionally, attach session to request for further use
req.session = session;
next();
};
exports.authMiddleware = authMiddleware;

86
backend/dist/routes/sessions.js vendored Normal file
View File

@@ -0,0 +1,86 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const express_1 = __importDefault(require("express"));
const uuid_1 = require("uuid");
const ws_1 = require("../ws"); // Import sessions, SessionState, broadcastToSession, and handleWebSocketMessage from ws/index.ts
const router = express_1.default.Router();
router.post('/sessions', (req, res) => {
const sessionId = (0, uuid_1.v4)();
ws_1.sessions.set(sessionId, {
state: ws_1.SessionState.SETUP,
topic: null,
description: null,
expectedResponses: 0,
submittedCount: 0,
responses: new Map(),
clients: new Map(),
finalResult: null,
});
console.log(`New session created: ${sessionId}`);
res.status(201).json({ sessionId });
});
router.post('/sessions/:sessionId/responses', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
const { sessionId } = req.params;
const { userId, wants, accepts, afraidToAsk } = req.body;
if (!ws_1.sessions.has(sessionId)) {
return res.status(404).json({ message: 'Session not found.' });
}
// Create a dummy WebSocket object for the handleWebSocketMessage function.
// This is a workaround to reuse the WebSocket message handling logic.
// In a real application, consider a more robust event-driven architecture.
const dummyWs = {
send: (message) => console.log('Dummy WS send:', message),
readyState: 1, // OPEN
};
const message = {
type: 'SUBMIT_RESPONSE',
clientId: userId,
payload: {
response: { wants, accepts, afraidToAsk },
},
};
try {
yield (0, ws_1.handleWebSocketMessage)(dummyWs, sessionId, message);
res.status(202).json({ message: 'Response submission acknowledged and processed.' });
}
catch (error) {
console.error('Error processing response via HTTP route:', error);
res.status(500).json({ message: 'Error processing response.', error: error.message });
}
}));
router.get('/sessions/:sessionId/results', (req, res) => {
const { sessionId } = req.params;
if (!ws_1.sessions.has(sessionId)) {
return res.status(404).json({ message: 'Session not found.' });
}
const sessionData = ws_1.sessions.get(sessionId);
if (sessionData.state !== ws_1.SessionState.FINAL || !sessionData.finalResult) {
return res.status(200).json({ message: 'Session results not yet finalized.', harmonizedIdeas: [] });
}
// Assuming finalResult directly contains the harmonized ideas as per openapi.yaml
res.status(200).json({ sessionId, harmonizedIdeas: sessionData.finalResult });
});
router.post('/sessions/:sessionId/terminate', (req, res) => {
const { sessionId } = req.params;
if (!ws_1.sessions.has(sessionId)) {
return res.status(404).json({ message: 'Session not found.' });
}
ws_1.sessions.delete(sessionId);
// Log the purging event
// logEvent('session_terminated_and_purged', sessionId);
console.log(`Session ${sessionId} terminated and data purged.`);
res.status(200).json({ message: 'Session terminated and data purged successfully.' });
});
exports.default = router;

47
backend/dist/services/AuthLogger.js vendored Normal file
View File

@@ -0,0 +1,47 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthLogger = void 0;
// backend/src/services/AuthLogger.ts
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const LOG_FILE_PATH = path.join(__dirname, '../../logs/auth.log');
class AuthLogger {
static ensureLogFileExists() {
const logDir = path.dirname(LOG_FILE_PATH);
if (!fs.existsSync(logDir)) {
fs.mkdirSync(logDir, { recursive: true });
}
if (!fs.existsSync(LOG_FILE_PATH)) {
fs.writeFileSync(LOG_FILE_PATH, '', { encoding: 'utf8' });
}
}
static logAttempt(type, ipAddress, timestamp = new Date()) {
AuthLogger.ensureLogFileExists();
const logEntry = `${timestamp.toISOString()} - ${type.toUpperCase()} - IP: ${ipAddress}\n`;
fs.appendFileSync(LOG_FILE_PATH, logEntry, { encoding: 'utf8' });
}
}
exports.AuthLogger = AuthLogger;

46
backend/dist/services/AuthService.js vendored Normal file
View File

@@ -0,0 +1,46 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthService = void 0;
// backend/src/services/AuthService.ts
const dotenv = __importStar(require("dotenv"));
const path = __importStar(require("path"));
dotenv.config({ path: path.resolve(__dirname, '../../.env') });
class AuthService {
static getPassphrase() {
return AuthService.passphrase;
}
static isAuthEnabled() {
return !!AuthService.passphrase && AuthService.passphrase.trim() !== '';
}
static validatePassphrase(inputPassphrase) {
if (!AuthService.isAuthEnabled()) {
return true; // If auth is not enabled, any passphrase is "valid"
}
return inputPassphrase === AuthService.passphrase;
}
}
exports.AuthService = AuthService;
AuthService.passphrase = process.env.AUTH_PASSPHRASE;

38
backend/dist/services/EncryptionService.js vendored Normal file
View File

@@ -0,0 +1,38 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.EncryptionService = void 0;
const crypto_1 = __importDefault(require("crypto"));
const algorithm = 'aes-256-cbc';
const ivLength = 16; // For AES, this is always 16
// Key should be a 32-byte (256-bit) key
// In a real application, this would be loaded securely from environment variables
// or a key management service.
const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY || crypto_1.default.randomBytes(32).toString('hex');
class EncryptionService {
constructor(encryptionKey) {
if (!encryptionKey || encryptionKey.length !== 64) { // 32 bytes in hex is 64 chars
throw new Error('Encryption key must be a 64-character hex string (32 bytes).');
}
this.key = Buffer.from(encryptionKey, 'hex');
}
encrypt(text) {
const iv = crypto_1.default.randomBytes(ivLength);
const cipher = crypto_1.default.createCipheriv(algorithm, this.key, iv);
let encrypted = cipher.update(text);
encrypted = Buffer.concat([encrypted, cipher.final()]);
return iv.toString('hex') + ':' + encrypted.toString('hex');
}
decrypt(text) {
const textParts = text.split(':');
const iv = Buffer.from(textParts.shift(), 'hex');
const encryptedText = Buffer.from(textParts.join(':'), 'hex');
const decipher = crypto_1.default.createDecipheriv(algorithm, this.key, iv);
let decrypted = decipher.update(encryptedText);
decrypted = Buffer.concat([decrypted, decipher.final()]);
return decrypted.toString();
}
}
exports.EncryptionService = EncryptionService;

101
backend/dist/services/LLMService.js vendored Normal file
View File

@@ -0,0 +1,101 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.LLMService = void 0;
const generative_ai_1 = require("@google/generative-ai");
class LLMService {
constructor(apiKey) {
this.genAI = new generative_ai_1.GoogleGenerativeAI(apiKey);
this.model = this.genAI.getGenerativeModel({ model: "gemini-2.5-flash-lite" });
}
analyzeDesires(desireSets) {
return __awaiter(this, void 0, void 0, function* () {
const prompt = `
You are an AI assistant that analyzes and synthesizes cooperative decisions from a group's desires. Given a list of desire sets from multiple participants, your task is to generate a concise, synthesized text for each of the following categories, reflecting the collective opinion.
Each participant's desire set includes 'wants', 'accepts', 'noGoes', and an 'afraidToAsk' field. The 'afraidToAsk' field contains a sensitive idea that the participant is hesitant to express publicly.
Here are the rules for categorization and synthesis, with special handling for 'afraidToAsk' ideas:
- "goTo": Synthesize a text describing what ALL participants want without contradictions. This should include 'afraidToAsk' ideas that semantically match all other participant's 'wants' or 'afraidToAsk'. If an 'afraidToAsk' idea matches, it should be treated as a 'want' for the submitting participant. Use the more specific opinions and leave all the specific options if they do not contradict each other drastically.
- "alsoGood": Synthesize a text describing what at least one participant wants (including matched 'afraidToAsk' ideas), not everyone wants but all other participants at least accept, and is not a "noGoes" for anyone. This should reflect a generally agreeable outcome. Use the more specific opinions and leave all the specific options if they do not contradict each other drastically.
- "considerable": Synthesize a text describing what is wanted or accepted by some, but not all, participants (including matched 'afraidToAsk' ideas), and is not a "noGoes" for anyone. This should highlight areas of partial agreement or options that could be explored. Use the more specific opinions and leave all the specific options if they do not contradict each other drastically.
- "noGoes": Synthesize a text describing what at least ONE participant does not want. This should clearly state the collective exclusions. Use the more broad opinions summarizing all the specific options if they do not contradict each other drastically.
- "needsDiscussion": Synthesize a text describing where there is a direct conflict (e.g., one participant wants it, another does not want it). This should highlight areas requiring further negotiation. Do not include 'afraidToAsk' in this category.
'AfraidToAsk' ideas that do NOT semantically match any other participant's 'wants' or 'accepts' very closely should remain private and NOT be included in any of the synthesized categories. Matching must use minimal level of generalization.
Formulate common ideas from the point of 'us', e.g. "We are going to...", or "We want to...", or "We think...", or "We do not...".
The input will be a JSON object containing a list of desire sets. Each desire set has a participantId (implicitly handled by the array index) and four arrays/strings: "wants", "accepts", "noGoes", and "afraidToAsk".
The output should be a JSON object with the following structure, where each category contains a single synthesized text:
{
"goTo": "Synthesized text for go-to items.",
"alsoGood": "Synthesized text for also good items.",
"considerable": "Synthesized text for considerable items.",
"noGoes": "Synthesized text for no-goes items.",
"needsDiscussion": "Synthesized text for needs discussion items."
}
Here is the input data:
${JSON.stringify(desireSets)}
`;
try {
const result = yield this.model.generateContent(prompt);
const response = result.response;
let text = response.text();
// Clean the response to ensure it is valid JSON
const jsonMatch = text.match(/\{.*?\}/s);
if (jsonMatch) {
text = jsonMatch[0];
}
else {
// Handle cases where no JSON is found
console.error("LLM did not return a valid JSON object. Response:", text);
throw new Error('Failed to parse LLM response as JSON.');
}
return JSON.parse(text);
}
catch (error) {
console.error("Error calling Gemini API or parsing response:", error);
throw error;
}
});
}
checkForInnerContradictions(desireSet) {
return __awaiter(this, void 0, void 0, function* () {
const prompt = `
You are an AI assistant that detects contradictions in a list of desires. Given a JSON object with three lists of desires (wants, accepts, noGoes), determine if there are any contradictions WITHIN each list and across the lists. For example, "I want a dog" and "I don't want any pets" in the same "wants" list is a contradiction; "Pizza" in "wants" and "food" in "do not want" is a contradiction.
If a contradiction is found, respond with a concise, single-sentence description of the contradiction. If no contradiction is found, respond with "null".
Here is the desire set:
${JSON.stringify(desireSet)}
`;
try {
const result = yield this.model.generateContent(prompt);
const response = result.response;
const text = response.text().trim();
if (text.toLowerCase() === 'null') {
return null;
}
else {
return text;
}
}
catch (error) {
console.error("Error calling Gemini API for contradiction check:", error);
throw error;
}
});
}
}
exports.LLMService = LLMService;

34
backend/dist/services/SessionService.js vendored Normal file
View File

@@ -0,0 +1,34 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SessionService = void 0;
// backend/src/services/SessionService.ts
const uuid_1 = require("uuid");
const sessions = new Map();
class SessionService {
static createSession() {
const id = (0, uuid_1.v4)();
const newSession = {
id,
isAuthenticated: false,
createdAt: new Date(),
};
sessions.set(id, newSession);
return newSession;
}
static getSession(id) {
return sessions.get(id);
}
static authenticateSession(id) {
const session = sessions.get(id);
if (session) {
session.isAuthenticated = true;
sessions.set(id, session);
return true;
}
return false;
}
static destroySession(id) {
sessions.delete(id);
}
}
exports.SessionService = SessionService;

250
backend/dist/ws/index.js vendored Normal file
View File

@@ -0,0 +1,250 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.handleWebSocketMessage = exports.createWebSocketServer = exports.broadcastToSession = exports.sessions = exports.SessionState = void 0;
const ws_1 = require("ws");
const LLMService_1 = require("../services/LLMService");
const EncryptionService_1 = require("../services/EncryptionService");
// Initialize Encryption Service
const encryptionService = new EncryptionService_1.EncryptionService(process.env.ENCRYPTION_KEY || '');
// Define the SessionState enum
var SessionState;
(function (SessionState) {
SessionState["SETUP"] = "SETUP";
SessionState["GATHERING"] = "GATHERING";
SessionState["HARMONIZING"] = "HARMONIZING";
SessionState["FINAL"] = "FINAL";
SessionState["ERROR"] = "ERROR";
})(SessionState = exports.SessionState || (exports.SessionState = {}));
exports.sessions = new Map();
// Initialize LLM Service (API key from environment)
const llmService = new LLMService_1.LLMService(process.env.GEMINI_API_KEY || '');
// Structured logging function
const logEvent = (eventName, sessionId, details = {}) => {
console.log(JSON.stringify(Object.assign({ timestamp: new Date().toISOString(), eventName, sessionId }, details)));
};
// Metrics recording function
const recordMetric = (metricName, value, sessionId, details = {}) => {
console.log(JSON.stringify(Object.assign({ timestamp: new Date().toISOString(), metricName, value, sessionId }, details)));
};
// Helper to create a serializable version of the session state
const getSerializableSession = (sessionData, currentClientId = null) => {
const filteredResponses = new Map();
sessionData.responses.forEach((response, clientId) => {
if (clientId === currentClientId) {
// For the current client, decrypt and send their own full response
const decryptedWants = response.wants.map((d) => encryptionService.decrypt(d));
const decryptedAccepts = response.accepts.map((d) => encryptionService.decrypt(d));
const decryptedNoGoes = response.noGoes.map((d) => encryptionService.decrypt(d));
const decryptedAfraidToAsk = encryptionService.decrypt(response.afraidToAsk);
filteredResponses.set(clientId, { wants: decryptedWants, accepts: decryptedAccepts, noGoes: decryptedNoGoes, afraidToAsk: decryptedAfraidToAsk });
}
else {
// For other clients, only send non-AfraidToAsk parts (wants, accepts, noGoes without AfraidToAsk)
const decryptedWants = response.wants.map((d) => encryptionService.decrypt(d));
const decryptedAccepts = response.accepts.map((d) => encryptionService.decrypt(d));
const decryptedNoGoes = response.noGoes.map((d) => encryptionService.decrypt(d));
filteredResponses.set(clientId, { wants: decryptedWants, accepts: decryptedAccepts, noGoes: decryptedNoGoes, afraidToAsk: "" }); // Hide afraidToAsk for other clients
}
});
return Object.assign(Object.assign({}, sessionData), { responses: Object.fromEntries(filteredResponses), clients: Array.from(sessionData.clients.keys()) });
};
const broadcastToSession = (sessionId, message, excludeClientId = null) => {
const sessionData = exports.sessions.get(sessionId);
if (sessionData) {
sessionData.clients.forEach((client, clientId) => {
if (clientId !== excludeClientId && client.readyState === ws_1.WebSocket.OPEN) {
const serializableMessage = Object.assign(Object.assign({}, message), { payload: Object.assign(Object.assign({}, message.payload), { session: getSerializableSession(sessionData, clientId) }) });
client.send(JSON.stringify(serializableMessage));
}
});
}
};
exports.broadcastToSession = broadcastToSession;
const createWebSocketServer = (server) => {
const wss = new ws_1.WebSocketServer({ server });
wss.on('connection', (ws, req) => {
const url = new URL(req.url || '', `http://${req.headers.host}`);
const sessionId = url.pathname.split('/').pop();
if (!sessionId) {
ws.close(1008, 'Invalid session ID');
return;
}
if (!exports.sessions.has(sessionId)) {
exports.sessions.set(sessionId, {
state: SessionState.SETUP,
topic: null,
description: null,
expectedResponses: 0,
submittedCount: 0,
responses: new Map(),
clients: new Map(),
finalResult: null,
});
}
const sessionData = exports.sessions.get(sessionId);
console.log(`Client connecting to session: ${sessionId}`);
ws.on('message', (message) => __awaiter(void 0, void 0, void 0, function* () {
const parsedMessage = JSON.parse(message.toString());
const { type, clientId, payload } = parsedMessage;
if (!clientId) {
console.error(`Received message without clientId in session ${sessionId}. Type: ${type}`);
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: 'clientId is required' } }));
return;
}
if (!sessionData.clients.has(clientId)) {
sessionData.clients.set(clientId, ws);
console.log(`Client ${clientId} registered for session: ${sessionId}. Total clients: ${sessionData.clients.size}`);
ws.send(JSON.stringify({ type: 'STATE_UPDATE', payload: { session: getSerializableSession(sessionData, clientId) } }));
}
console.log(`Received message from ${clientId} in session ${sessionId}:`, type);
yield (0, exports.handleWebSocketMessage)(ws, sessionId, parsedMessage);
}));
ws.on('close', () => {
let disconnectedClientId = null;
for (const [clientId, clientWs] of sessionData.clients.entries()) {
if (clientWs === ws) {
disconnectedClientId = clientId;
break;
}
}
if (disconnectedClientId) {
sessionData.clients.delete(disconnectedClientId);
console.log(`Client ${disconnectedClientId} disconnected from session: ${sessionId}. Remaining clients: ${sessionData.clients.size}`);
}
else {
console.log(`An unregistered client disconnected from session: ${sessionId}.`);
}
if (sessionData.clients.size === 0) {
exports.sessions.delete(sessionId);
logEvent('session_purged', sessionId);
console.log(`Session ${sessionId} closed and state cleared.`);
}
});
ws.on('error', (error) => {
console.error(`WebSocket error in session ${sessionId}:`, error);
});
});
return wss;
};
exports.createWebSocketServer = createWebSocketServer;
const handleWebSocketMessage = (ws, sessionId, parsedMessage) => __awaiter(void 0, void 0, void 0, function* () {
const { type, clientId, payload } = parsedMessage;
if (!clientId) {
console.error(`Received message without clientId in session ${sessionId}. Type: ${type}`);
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: 'clientId is required' } }));
return;
}
const sessionData = exports.sessions.get(sessionId);
if (!sessionData.clients.has(clientId)) {
sessionData.clients.set(clientId, ws);
console.log(`Client ${clientId} registered for session: ${sessionId}. Total clients: ${sessionData.clients.size}`);
ws.send(JSON.stringify({ type: 'STATE_UPDATE', payload: { session: getSerializableSession(sessionData, clientId) } }));
}
console.log(`Received message from ${clientId} in session ${sessionId}:`, type);
switch (type) {
case 'REGISTER_CLIENT':
console.log(`Client ${clientId} registered successfully for session ${sessionId}.`);
break;
case 'SETUP_SESSION':
if (sessionData.state === SessionState.SETUP) {
const { expectedResponses, topic, description } = payload;
if (typeof expectedResponses !== 'number' || expectedResponses <= 0) {
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: 'Invalid expectedResponses' } }));
return;
}
sessionData.expectedResponses = expectedResponses;
sessionData.topic = topic || 'Untitled Session';
sessionData.description = description || null;
sessionData.state = SessionState.GATHERING;
(0, exports.broadcastToSession)(sessionId, { type: 'STATE_UPDATE', payload: {} });
console.log(`Session ${sessionId} moved to GATHERING with topic "${sessionData.topic}" and ${expectedResponses} expected responses.`);
}
else {
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: `Session is not in SETUP state. Current state: ${sessionData.state}` } }));
}
break;
case 'SUBMIT_RESPONSE':
if (sessionData.state === SessionState.GATHERING) {
if (sessionData.responses.has(clientId)) {
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: 'You have already submitted a response for this session.' } }));
return;
}
const { wants, accepts, noGoes, afraidToAsk } = payload.response;
if ([...wants, ...accepts, ...noGoes].some(desire => desire.length > 500) || afraidToAsk.length > 500) {
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: 'One of your desires or afraidToAsk exceeds the 500 character limit.' } }));
return;
}
const hasContradictionsGist = yield llmService.checkForInnerContradictions(payload.response);
if (hasContradictionsGist) {
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: `Your submission contains inner contradictions: ${hasContradictionsGist} Please resolve them and submit again.` } }));
return;
}
const encryptedWants = wants.map((d) => encryptionService.encrypt(d));
const encryptedAccepts = accepts.map((d) => encryptionService.encrypt(d));
const encryptedNoGoes = noGoes.map((d) => encryptionService.encrypt(d));
const encryptedAfraidToAsk = encryptionService.encrypt(afraidToAsk);
sessionData.responses.set(clientId, { wants: encryptedWants, accepts: encryptedAccepts, noGoes: encryptedNoGoes, afraidToAsk: encryptedAfraidToAsk });
sessionData.submittedCount++;
logEvent('response_submitted', sessionId, { clientId, submittedCount: sessionData.submittedCount });
console.log(`Client ${clientId} submitted response. Submitted count: ${sessionData.submittedCount}/${sessionData.expectedResponses}`);
if (sessionData.submittedCount === sessionData.expectedResponses) {
sessionData.state = SessionState.HARMONIZING;
(0, exports.broadcastToSession)(sessionId, { type: 'STATE_UPDATE', payload: {} });
logEvent('session_harmonizing', sessionId, { expectedResponses: sessionData.expectedResponses });
console.log(`Session ${sessionId} moved to HARMONIZING. Triggering LLM analysis.`);
// Perform LLM analysis asynchronously
(() => __awaiter(void 0, void 0, void 0, function* () {
let durationMs = 0; // Declare here
try {
logEvent('llm_analysis_started', sessionId);
const startTime = process.hrtime.bigint();
const allDecryptedDesires = Array.from(sessionData.responses.values()).map(encryptedResponse => {
const decryptedWants = encryptedResponse.wants.map((d) => encryptionService.decrypt(d));
const decryptedAccepts = encryptedResponse.accepts.map((d) => encryptionService.decrypt(d));
const decryptedNoGoes = encryptedResponse.noGoes.map((d) => encryptionService.decrypt(d));
const decryptedAfraidToAsk = encryptionService.decrypt(encryptedResponse.afraidToAsk);
return { wants: decryptedWants, accepts: decryptedAccepts, noGoes: decryptedNoGoes, afraidToAsk: decryptedAfraidToAsk };
});
const decision = yield llmService.analyzeDesires(allDecryptedDesires);
sessionData.finalResult = decision;
sessionData.state = SessionState.FINAL;
(0, exports.broadcastToSession)(sessionId, { type: 'STATE_UPDATE', payload: {} });
logEvent('llm_analysis_completed', sessionId, { result: decision });
recordMetric('llm_analysis_duration', durationMs, sessionId, { status: 'success' });
recordMetric('llm_analysis_availability', 'available', sessionId);
console.log(`Analysis complete for session ${sessionId}. Result:`, decision);
}
catch (error) {
console.error(`Error during analysis for session ${sessionId}:`, error.message);
sessionData.state = SessionState.ERROR;
(0, exports.broadcastToSession)(sessionId, { type: 'STATE_UPDATE', payload: {} });
logEvent('llm_analysis_error', sessionId, { error: error.message });
recordMetric('llm_analysis_availability', 'unavailable', sessionId, { error: error.message });
}
}))();
}
else {
// Only broadcast the latest count if the session is not yet harmonizing
(0, exports.broadcastToSession)(sessionId, { type: 'STATE_UPDATE', payload: {} });
}
}
else {
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: `Session is not in GATHERING state. Current state: ${sessionData.state}` } }));
}
break;
default:
console.warn(`Unknown message type: ${type} from client ${clientId} in session ${sessionId}`);
ws.send(JSON.stringify({ type: 'ERROR', payload: { message: `Unknown message type: ${type}` } }));
break;
}
});
exports.handleWebSocketMessage = handleWebSocketMessage;

44
backend/src/api/auth.ts Normal file
View File

@@ -0,0 +1,44 @@
// backend/src/api/auth.ts
import express from 'express';
import * as dotenv from 'dotenv';
import * as path from 'path';
import { AuthService } from '../services/AuthService';
import { SessionService } from '../services/SessionService';
import { AuthLogger } from '../services/AuthLogger';
dotenv.config({ path: path.resolve(__dirname, '../../.env') });
const SESSION_SECRET = process.env.SESSION_SECRET;
const JWT_SECRET = process.env.JWT_SECRET;
if (!SESSION_SECRET) {
throw new Error('SESSION_SECRET is not defined in the environment variables.');
}
if (!JWT_SECRET) {
throw new Error('JWT_SECRET is not defined in the environment variables.');
}
const router = express.Router();
router.post('/passphrase', (req, res) => {
const { passphrase } = req.body;
const ipAddress = req.ip || ''; // Get IP address for logging, default to empty string if undefined
if (!passphrase) {
AuthLogger.logAttempt('failure', ipAddress);
return res.status(400).json({ message: 'Passphrase is required.' });
}
if (AuthService.validatePassphrase(passphrase)) {
const session = SessionService.createSession();
SessionService.authenticateSession(session.id);
AuthLogger.logAttempt('success', ipAddress);
return res.status(200).json({ message: 'Authentication successful', sessionToken: session.id });
} else {
AuthLogger.logAttempt('failure', ipAddress);
return res.status(401).json({ message: 'Invalid passphrase' });
}
});
export default router;

32
backend/src/index.ts
View File

@@ -5,7 +5,15 @@ import express from 'express';
import http from 'http';
import { createWebSocketServer } from './ws';
import sessionsRouter from './routes/sessions';
import authRouter from './api/auth';
import { authMiddleware } from './middleware/authMiddleware'; // Import the middleware
import cors from 'cors';
import { v4 as uuidv4 } from 'uuid';
import { sessions, SessionState } from './ws'; // Import sessions and SessionState from ws/index.ts
console.log('index.ts: AUTH_PASSPHRASE:', process.env.AUTH_PASSPHRASE);
console.log('index.ts: SESSION_SECRET:', process.env.SESSION_SECRET);
console.log('index.ts: JWT_SECRET:', process.env.JWT_SECRET);
const app = express();
const server = http.createServer(app);
@@ -14,8 +22,28 @@ const server = http.createServer(app);
app.use(express.json());
app.use(cors());
// API Routes
app.use('/', sessionsRouter);
// Public API Routes
app.use('/api/auth', authRouter);
// Public route for creating a new session
app.post('/sessions', (req, res) => {
const sessionId = uuidv4();
sessions.set(sessionId, {
state: SessionState.SETUP,
topic: null,
description: null,
expectedResponses: 0,
submittedCount: 0,
responses: new Map(),
clients: new Map(),
finalResult: null,
});
console.log(`New session created: ${sessionId}`);
res.status(201).json({ sessionId });
});
// Protected API Routes
app.use('/sessions', authMiddleware, sessionsRouter);
// Create and attach WebSocket server
createWebSocketServer(server);

21
backend/src/middleware/authMiddleware.ts Normal file
View File

@@ -0,0 +1,21 @@
// backend/src/middleware/authMiddleware.ts
import { Request, Response, NextFunction } from 'express';
import { SessionService } from '../services/SessionService';
export const authMiddleware = (req: Request, res: Response, next: NextFunction) => {
const sessionToken = req.headers['x-session-token'] as string; // Assuming token is sent in a header
if (!sessionToken) {
return res.status(401).json({ message: 'No session token provided.' });
}
const session = SessionService.getSession(sessionToken);
if (!session || !session.isAuthenticated) {
return res.status(401).json({ message: 'Invalid or unauthenticated session.' });
}
// Optionally, attach session to request for further use
(req as any).session = session;
next();
};

16
backend/src/routes/sessions.ts
View File

@@ -4,22 +4,6 @@ import { sessions, SessionState, broadcastToSession, handleWebSocketMessage } fr
const router = express.Router();
router.post('/sessions', (req, res) => {
const sessionId = uuidv4();
sessions.set(sessionId, {
state: SessionState.SETUP,
topic: null,
description: null,
expectedResponses: 0,
submittedCount: 0,
responses: new Map(),
clients: new Map(),
finalResult: null,
});
console.log(`New session created: ${sessionId}`);
res.status(201).json({ sessionId });
});
router.post('/sessions/:sessionId/responses', async (req, res) => {
const { sessionId } = req.params;
const { userId, wants, accepts, afraidToAsk } = req.body;

27
backend/src/services/AuthLogger.ts Normal file
View File

@@ -0,0 +1,27 @@
// backend/src/services/AuthLogger.ts
import * as fs from 'fs';
import * as path from 'path';
const LOG_FILE_PATH = path.join(__dirname, '../../logs/auth.log');
export class AuthLogger {
private static ensureLogFileExists() {
const logDir = path.dirname(LOG_FILE_PATH);
if (!fs.existsSync(logDir)) {
fs.mkdirSync(logDir, { recursive: true });
}
if (!fs.existsSync(LOG_FILE_PATH)) {
fs.writeFileSync(LOG_FILE_PATH, '', { encoding: 'utf8' });
}
}
public static logAttempt(
type: 'success' | 'failure',
ipAddress: string,
timestamp: Date = new Date()
): void {
AuthLogger.ensureLogFileExists();
const logEntry = `${timestamp.toISOString()} - ${type.toUpperCase()} - IP: ${ipAddress}\n`;
fs.appendFileSync(LOG_FILE_PATH, logEntry, { encoding: 'utf8' });
}
}

26
backend/src/services/AuthService.ts Normal file
View File

@@ -0,0 +1,26 @@
// backend/src/services/AuthService.ts
import * as dotenv from 'dotenv';
import * as path from 'path';
dotenv.config({ path: path.resolve(__dirname, '../../.env') });
export class AuthService {
private static passphrase: string | undefined = process.env.AUTH_PASSPHRASE;
public static getPassphrase(): string | undefined {
return AuthService.passphrase;
}
public static isAuthEnabled(): boolean {
return !!AuthService.passphrase && AuthService.passphrase.trim() !== '';
}
public static validatePassphrase(inputPassphrase: string): boolean {
console.log('AuthService: AUTH_PASSPHRASE from process.env:', process.env.AUTH_PASSPHRASE);
console.log('AuthService: Stored passphrase:', AuthService.passphrase);
if (!AuthService.isAuthEnabled()) {
return true; // If auth is not enabled, any passphrase is "valid"
}
return inputPassphrase === AuthService.passphrase;
}
}

41
backend/src/services/SessionService.ts Normal file
View File

@@ -0,0 +1,41 @@
// backend/src/services/SessionService.ts
import { v4 as uuidv4 } from 'uuid';
interface Session {
id: string;
isAuthenticated: boolean;
createdAt: Date;
}
const sessions = new Map<string, Session>();
export class SessionService {
public static createSession(): Session {
const id = uuidv4();
const newSession: Session = {
id,
isAuthenticated: false,
createdAt: new Date(),
};
sessions.set(id, newSession);
return newSession;
}
public static getSession(id: string): Session | undefined {
return sessions.get(id);
}
public static authenticateSession(id: string): boolean {
const session = sessions.get(id);
if (session) {
session.isAuthenticated = true;
sessions.set(id, session);
return true;
}
return false;
}
public static destroySession(id: string): void {
sessions.delete(id);
}
}

68
backend/tests/auth.test.ts Normal file
View File

@@ -0,0 +1,68 @@
// backend/tests/auth.test.ts
import request from 'supertest';
import express from 'express';
import authRouter from '../src/api/auth';
import { AuthService } from '../src/services/AuthService';
import { SessionService } from '../src/services/SessionService';
import { AuthLogger } from '../src/services/AuthLogger';
// Mock dependencies
jest.mock('../src/services/AuthService');
jest.mock('../src/services/SessionService');
jest.mock('../src/services/AuthLogger');
const app = express();
app.use(express.json());
app.use('/api/auth', authRouter);
describe('POST /api/auth/passphrase - Success Case', () => {
beforeEach(() => {
// Reset mocks before each test
jest.clearAllMocks();
(AuthService.validatePassphrase as jest.Mock).mockReturnValue(true);
(SessionService.createSession as jest.Mock).mockReturnValue({ id: 'test-session-id', isAuthenticated: false, createdAt: new Date() });
(SessionService.authenticateSession as jest.Mock).mockReturnValue(true);
});
it('should return 200 and a session token for a valid passphrase', async () => {
const response = await request(app)
.post('/api/auth/passphrase')
.send({ passphrase: 'correct-passphrase' });
expect(response.statusCode).toBe(200);
expect(response.body.message).toBe('Authentication successful');
expect(response.body.sessionToken).toBe('test-session-id');
expect(AuthService.validatePassphrase).toHaveBeenCalledWith('correct-passphrase');
expect(SessionService.createSession).toHaveBeenCalledTimes(1);
expect(SessionService.authenticateSession).toHaveBeenCalledWith('test-session-id');
expect(AuthLogger.logAttempt).toHaveBeenCalledWith('success', expect.any(String));
});
it('should return 400 if passphrase is not provided', async () => {
const response = await request(app)
.post('/api/auth/passphrase')
.send({});
expect(response.statusCode).toBe(400);
expect(response.body.message).toBe('Passphrase is required.');
expect(AuthService.validatePassphrase).not.toHaveBeenCalled();
expect(SessionService.createSession).not.toHaveBeenCalled();
expect(SessionService.authenticateSession).not.toHaveBeenCalled();
expect(AuthLogger.logAttempt).toHaveBeenCalledWith('failure', expect.any(String));
});
it('should return 401 for an invalid passphrase', async () => {
(AuthService.validatePassphrase as jest.Mock).mockReturnValue(false); // Simulate invalid passphrase
const response = await request(app)
.post('/api/auth/passphrase')
.send({ passphrase: 'incorrect-passphrase' });
expect(response.statusCode).toBe(401);
expect(response.body.message).toBe('Invalid passphrase');
expect(AuthService.validatePassphrase).toHaveBeenCalledWith('incorrect-passphrase');
expect(SessionService.createSession).not.toHaveBeenCalled();
expect(SessionService.authenticateSession).not.toHaveBeenCalled();
expect(AuthLogger.logAttempt).toHaveBeenCalledWith('failure', expect.any(String));
});
});