fix(auth): update authentication middleware to use async database queries

- Changed `authenticateAdminDashboard` and `authenticateAdminAPI` to async functions for improved database interaction.
- Replaced `getDb` with `getRow` for fetching user roles and details.
- Updated routes to handle async middleware with `asyncHandler` for better error management.
- Enhanced `listClients` to utilize `getAllRows` for fetching client data.

Author: ZoneMix

src/auth/adminApi.js

@@ -6,7 +6,7 @@
 
 import jwt from 'jsonwebtoken';
 import { isTokenRevoked } from './jwt.js';
-import { getDb } from '../db/authDb.js';
+import { getRow } from '../db/authDb.js';
 import { isAdmin } from './permissions.js';
 import { throwUnauthorized, throwForbidden } from '../middleware/responseHelpers.js';
 import logger from '../logging/logger.js';
@@ -16,7 +16,7 @@ import logger from '../logging/logger.js';
  * Verifies the user has admin role or admin scope.
  * Returns 401/403 for API calls, redirects for browser requests.
  */
-export const authenticateAdminAPI = (req, res, next) => {
+export const authenticateAdminAPI = async (req, res, next) => {
   let user = null;
 
   // First try JWT authentication
@@ -36,8 +36,7 @@ export const authenticateAdminAPI = (req, res, next) => {
 
   // Fallback to session authentication
   if (!user && req.session && req.session.user) {
-    const db = getDb();
-    const dbUser = db.prepare('SELECT id, username, role, scopes FROM users WHERE id = ? AND is_active = TRUE').get(req.session.user.id);
+    const dbUser = await getRow('SELECT id, username, role, scopes FROM users WHERE id = ? AND is_active = TRUE', [req.session.user.id]);
 
     if (dbUser) {
       // Parse scopes

src/auth/adminDashboard.js

@@ -4,23 +4,22 @@
  * Requires the user to be logged in via session and have admin role.
  */
 
-import { getDb } from '../db/authDb.js';
+import { getRow } from '../db/authDb.js';
 
 /**
  * Middleware to protect admin dashboard page.
  * Checks for session authentication and admin role.
  * Redirects to login if not authenticated or not admin.
  */
-export const authenticateAdminDashboard = (req, res, next) => {
+export const authenticateAdminDashboard = async (req, res, next) => {
   // Check if user has a session
   if (!req.session || !req.session.user) {
     // Redirect to login with return_to parameter
     return res.redirect(`/login?return_to=${encodeURIComponent(req.originalUrl)}`);
   }
 
   // Get user's role from database
-  const db = getDb();
-  const user = db.prepare('SELECT role FROM users WHERE id = ? AND is_active = TRUE').get(req.session.user.id);
+  const user = await getRow('SELECT role FROM users WHERE id = ? AND is_active = TRUE', [req.session.user.id]);
 
   if (!user || user.role !== 'admin') {
     // Non-admin user - redirect to login with error

src/auth/oauth2/client.js

@@ -7,7 +7,7 @@
 
 import bcrypt from 'bcrypt';
 import crypto from 'crypto';
-import { executeQuery, getRow, pruneExpiredCodes } from '../../db/authDb.js';
+import { executeQuery, getRow, getAllRows, pruneExpiredCodes } from '../../db/authDb.js';
 import logger from '../../logging/logger.js';
 import { AuthenticationError } from '../../errors/index.js';
 
@@ -163,7 +163,7 @@ export const generateClientSecret = () => {
  * Returns safe client information for listing.
  */
 export const listClients = async () => {
-  const clients = await executeQuery(`
+  const clients = await getAllRows(`
     SELECT 
       client_id,
       allowed_scopes,
@@ -173,7 +173,7 @@ export const listClients = async () => {
     ORDER BY created_at DESC
   `);
 
-  return clients.rows || [];
+  return clients || [];
 };
 
 /**

src/routes/admin.js

@@ -15,7 +15,7 @@ import { adminLimiter, standardWriteLimiter, deleteLimiter } from '../middleware
 const router = express.Router();
 
 // All admin routes require authentication (JWT or session) and rate limiting
-router.use(authenticateAdminAPI);
+router.use(asyncHandler(authenticateAdminAPI));
 router.use(adminLimiter);
 
 /**
@@ -24,7 +24,7 @@ router.use(adminLimiter);
  * List all OAuth clients (without secrets).
  */
 router.get('/oauth-clients', asyncHandler(async (req, res) => {
-  const clients = listClients();
+  const clients = await listClients();
   sendSuccess(res, { clients });
 }));
 
@@ -35,7 +35,7 @@ router.get('/oauth-clients', asyncHandler(async (req, res) => {
  */
 router.get('/oauth-clients/:clientId', validateParams(ClientIdParamsSchema), asyncHandler(async (req, res) => {
   const { clientId } = req.validatedParams;
-  const client = getClient(clientId);
+  const client = await getClient(clientId);
 
   if (!client) {
     throwNotFound(`OAuth client '${clientId}' not found`);
@@ -110,7 +110,7 @@ router.put('/oauth-clients/:clientId',
  */
 router.delete('/oauth-clients/:clientId', deleteLimiter, validateParams(ClientIdParamsSchema), asyncHandler(async (req, res) => {
   const { clientId } = req.validatedParams;
-  const deleted = deleteClient(clientId);
+  const deleted = await deleteClient(clientId);
 
   if (!deleted) {
     throwNotFound(`OAuth client '${clientId}' not found`);

src/routes/auth.js

@@ -11,7 +11,7 @@ import jwt from 'jsonwebtoken';
 import crypto from 'crypto';
 import { authenticateUser } from '../auth/user.js';
 import { issueTokens, revokeToken, isTokenRevoked, authenticateJWT } from '../auth/jwt.js';
-import { insertToken } from '../db/authDb.js';
+import { insertToken, getRow } from '../db/authDb.js';
 import { ACCESS_TTL_SECONDS } from '../config/index.js';
 import { validateBody } from '../middleware/validation-schemas.js';
 import { LoginSchema, LogoutSchema } from '../middleware/validation-schemas.js';
@@ -43,7 +43,6 @@ router.post('/login', loginLimiterWithLogging, validateBody(LoginSchema), async
       }
 
       // Get user's current role and scopes from database
-      const { getRow } = await import('../db/authDb.js');
       const user = await getRow('SELECT role, scopes FROM users WHERE id = ?', [decoded.user_id]);
       const role = user?.role || decoded.role || 'user';
       const scopes = user?.scopes || decoded.scope || 'api';

src/routes/login.js

@@ -8,6 +8,7 @@ import express from 'express';
 import rateLimit from 'express-rate-limit';
 import { authenticateUser } from '../auth/user.js';
 import { authenticateAdminDashboard } from '../auth/adminDashboard.js';
+import { asyncHandler } from '../middleware/asyncHandler.js';
 
 const router = express.Router();
 
@@ -21,7 +22,7 @@ router.get('/login', (req, res) => {
   res.sendFile('./src/public/static/api-login.html', { root: process.cwd() });
 });
 
-router.get('/admin', authenticateAdminDashboard, (req, res) => {
+router.get('/admin', asyncHandler(authenticateAdminDashboard), (req, res) => {
   res.sendFile('./src/public/static/admin.html', { root: process.cwd() });
 });