Imported libraries, removed next-basics.

src/lib/auth.ts

@@ -1,26 +1,30 @@
+import bcrypt from 'bcryptjs';
 import { Report } from '@prisma/client';
 import { getClient, redisEnabled } from '@umami/redis-client';
 import debug from 'debug';
 import { PERMISSIONS, ROLE_PERMISSIONS, ROLES, SHARE_TOKEN_HEADER } from 'lib/constants';
-import { secret } from 'lib/crypto';
-import { NextApiRequest } from 'next';
-import {
-  createSecureToken,
-  ensureArray,
-  getRandomChars,
-  parseSecureToken,
-  parseToken,
-} from 'next-basics';
+import { secret, getRandomChars } from 'lib/crypto';
+import { createSecureToken, parseSecureToken, parseToken } from 'lib/jwt';
+import { ensureArray } from 'lib/utils';
 import { getTeamUser, getUser, getWebsite } from 'queries';
 import { Auth } from './types';
 
 const log = debug('umami:auth');
 const cloudMode = process.env.CLOUD_MODE;
+const SALT_ROUNDS = 10;
+
+export function hashPassword(password: string, rounds = SALT_ROUNDS) {
+  return bcrypt.hashSync(password, rounds);
+}
+
+export function checkPassword(password: string, passwordHash: string) {
+  return bcrypt.compareSync(password, passwordHash);
+}
 
 export async function checkAuth(request: Request) {
   const token = request.headers.get('authorization')?.split(' ')?.[1];
   const payload = parseSecureToken(token, secret());
-  const shareToken = await parseShareToken(request as any);
+  const shareToken = await parseShareToken(request.headers);
 
   let user = null;
   const { userId, authKey, grant } = payload || {};
@@ -73,17 +77,9 @@ export async function saveAuth(data: any, expire = 0) {
   return createSecureToken({ authKey }, secret());
 }
 
-export function getAuthToken(req: NextApiRequest) {
+export function parseShareToken(headers: Headers) {
   try {
-    return req.headers.authorization.split(' ')[1];
-  } catch {
-    return null;
-  }
-}
-
-export function parseShareToken(req: Request) {
-  try {
-    return parseToken(req.headers[SHARE_TOKEN_HEADER], secret());
+    return parseToken(headers.get(SHARE_TOKEN_HEADER), secret());
   } catch (e) {
     log(e);
     return null;

src/lib/client.ts

@@ -1,4 +1,4 @@
-import { getItem, setItem, removeItem } from 'next-basics';
+import { getItem, setItem, removeItem } from 'lib/storage';
 import { AUTH_TOKEN } from './constants';
 
 export function getClientAuthToken() {

src/lib/crypto.ts

@@ -1,7 +1,78 @@
+import crypto from 'crypto';
 import { startOfHour, startOfMonth } from 'date-fns';
-import { hash } from 'next-basics';
+import prand from 'pure-rand';
 import { v4, v5 } from 'uuid';
 
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 16;
+const SALT_LENGTH = 64;
+const TAG_LENGTH = 16;
+const TAG_POSITION = SALT_LENGTH + IV_LENGTH;
+const ENC_POSITION = TAG_POSITION + TAG_LENGTH;
+
+const HASH_ALGO = 'sha512';
+const HASH_ENCODING = 'hex';
+
+const seed = Date.now() ^ (Math.random() * 0x100000000);
+const rng = prand.xoroshiro128plus(seed);
+
+export function random(min: number, max: number) {
+  return prand.unsafeUniformIntDistribution(min, max, rng);
+}
+
+export function getRandomChars(
+  n: number,
+  chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
+) {
+  const arr = chars.split('');
+  let s = '';
+  for (let i = 0; i < n; i++) {
+    s += arr[random(0, arr.length - 1)];
+  }
+  return s;
+}
+
+const getKey = (password: string, salt: Buffer) =>
+  crypto.pbkdf2Sync(password, salt, 10000, 32, 'sha512');
+
+export function encrypt(value: any, secret: any) {
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const key = getKey(secret, salt);
+
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+
+  const encrypted = Buffer.concat([cipher.update(String(value), 'utf8'), cipher.final()]);
+
+  const tag = cipher.getAuthTag();
+
+  return Buffer.concat([salt, iv, tag, encrypted]).toString('base64');
+}
+
+export function decrypt(value: any, secret: any) {
+  const str = Buffer.from(String(value), 'base64');
+  const salt = str.subarray(0, SALT_LENGTH);
+  const iv = str.subarray(SALT_LENGTH, TAG_POSITION);
+  const tag = str.subarray(TAG_POSITION, ENC_POSITION);
+  const encrypted = str.subarray(ENC_POSITION);
+
+  const key = getKey(secret, salt);
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+
+  decipher.setAuthTag(tag);
+
+  return decipher.update(encrypted) + decipher.final('utf8');
+}
+
+export function hash(...args: string[]) {
+  return crypto.createHash(HASH_ALGO).update(args.join('')).digest(HASH_ENCODING);
+}
+
+export function md5(...args: string[]) {
+  return crypto.createHash('md5').update(args.join('')).digest('hex');
+}
+
 export function secret() {
   return hash(process.env.APP_SECRET || process.env.DATABASE_URL);
 }

src/lib/fetch.ts

@@ -0,0 +1,31 @@
+import { buildUrl } from 'lib/url';
+
+export async function request(method: string, url: string, body?: string, headers: object = {}) {
+  const res = await fetch(url, {
+    method,
+    cache: 'no-cache',
+    headers: {
+      Accept: 'application/json',
+      'Content-Type': 'application/json',
+      ...headers,
+    },
+    body,
+  });
+  return res.json();
+}
+
+export function httpGet(url: string, params: object = {}, headers: object = {}) {
+  return request('GET', buildUrl(url, params), undefined, headers);
+}
+
+export function httpDelete(url: string, params: object = {}, headers: object = {}) {
+  return request('DELETE', buildUrl(url, params), undefined, headers);
+}
+
+export function httpPost(url: string, params: object = {}, headers: object = {}) {
+  return request('POST', url, JSON.stringify(params), headers);
+}
+
+export function httpPut(url: string, params: object = {}, headers: object = {}) {
+  return request('PUT', url, JSON.stringify(params), headers);
+}

src/lib/jwt.ts

@@ -0,0 +1,36 @@
+import jwt from 'jsonwebtoken';
+import { decrypt, encrypt } from 'lib/crypto';
+
+export function createToken(payload: any, secret: any, options?: any) {
+  return jwt.sign(payload, secret, options);
+}
+
+export function parseToken(token: string, secret: any) {
+  try {
+    return jwt.verify(token, secret);
+  } catch {
+    return null;
+  }
+}
+
+export function createSecureToken(payload: any, secret: any, options?: any) {
+  return encrypt(createToken(payload, secret, options), secret);
+}
+
+export function parseSecureToken(token: string, secret: any) {
+  try {
+    return jwt.verify(decrypt(token, secret), secret);
+  } catch {
+    return null;
+  }
+}
+
+export async function parseAuthToken(req: Request, secret: string) {
+  try {
+    const token = req.headers.get('authorization')?.split(' ')?.[1];
+
+    return parseSecureToken(token as string, secret);
+  } catch {
+    return null;
+  }
+}

src/lib/request.ts

@@ -1,9 +1,9 @@
 import { ZodObject } from 'zod';
 import { FILTER_COLUMNS } from 'lib/constants';
 import { badRequest, unauthorized } from 'lib/response';
-import { getAllowedUnits, getMinimumUnit } from './date';
-import { getWebsiteDateRange } from '../queries';
+import { getAllowedUnits, getMinimumUnit } from 'lib/date';
 import { checkAuth } from 'lib/auth';
+import { getWebsiteDateRange } from 'queries';
 
 export async function getJsonBody(request: Request) {
   try {

src/lib/storage.ts

@@ -0,0 +1,21 @@
+export function setItem(key: string, data: any, session?: boolean): void {
+  if (typeof window !== 'undefined' && data) {
+    return (session ? sessionStorage : localStorage).setItem(key, JSON.stringify(data));
+  }
+}
+
+export function getItem(key: string, session?: boolean): any {
+  if (typeof window !== 'undefined') {
+    const value = (session ? sessionStorage : localStorage).getItem(key);
+
+    if (value !== 'undefined' && value !== null) {
+      return JSON.parse(value);
+    }
+  }
+}
+
+export function removeItem(key: string, session?: boolean): void {
+  if (typeof window !== 'undefined') {
+    return (session ? sessionStorage : localStorage).removeItem(key);
+  }
+}

src/lib/url.ts

@@ -0,0 +1,40 @@
+export function getQueryString(params: object = {}): string {
+  const searchParams = new URLSearchParams();
+
+  Object.entries(params).forEach(([key, value]) => {
+    if (value !== undefined) {
+      searchParams.append(key, value);
+    }
+  });
+
+  return searchParams.toString();
+}
+
+export function buildUrl(url: string, params: object = {}): string {
+  const queryString = getQueryString(params);
+  return `${url}${queryString && '?' + queryString}`;
+}
+
+export function safeDecodeURI(s: string | undefined | null): string | undefined | null {
+  if (s === undefined || s === null) {
+    return s;
+  }
+
+  try {
+    return decodeURI(s);
+  } catch (e) {
+    return s;
+  }
+}
+
+export function safeDecodeURIComponent(s: string | undefined | null): string | undefined | null {
+  if (s === undefined || s === null) {
+    return s;
+  }
+
+  try {
+    return decodeURIComponent(s);
+  } catch (e) {
+    return s;
+  }
+}

src/lib/utils.ts

@@ -0,0 +1,46 @@
+export function hook(
+  _this: { [x: string]: any },
+  method: string | number,
+  callback: (arg0: any) => void,
+) {
+  const orig = _this[method];
+
+  return (...args: any) => {
+    callback.apply(_this, args);
+
+    return orig.apply(_this, args);
+  };
+}
+
+export function sleep(ms: number | undefined) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+export function shuffleArray(a) {
+  const arr = a.slice();
+  for (let i = arr.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    const temp = arr[i];
+    arr[i] = arr[j];
+    arr[j] = temp;
+  }
+  return arr;
+}
+
+export function chunkArray(arr: any[], size: number) {
+  const chunks: any[] = [];
+
+  let index = 0;
+  while (index < arr.length) {
+    chunks.push(arr.slice(index, size + index));
+    index += size;
+  }
+
+  return chunks;
+}
+
+export function ensureArray(arr?: any) {
+  if (arr === undefined || arr === null) return [];
+  if (Array.isArray(arr)) return arr;
+  return [arr];
+}