Add JWT authentication support alongside existing API key auth

Author: ralyodio

public/js/api-client.js

@@ -128,15 +128,18 @@ export class ApiClient {
     url.searchParams.append('limit', limit.toString());
     url.searchParams.append('offset', offset.toString());
 
-    // Get API key from localStorage
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
 
     const headers = {
       'Accept': 'application/json',
     };
 
-    // Add Authorization header if API key exists
-    if (apiKey) {
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 
@@ -205,15 +208,18 @@ export class ApiClient {
    * @private
    */
   static async fetchBinaryResponse(url, body) {
-    // Get API key from localStorage
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
 
     const headers = {
       'Content-Type': 'application/json',
     };
 
-    // Add Authorization header if API key exists
-    if (apiKey) {
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 
@@ -239,15 +245,18 @@ export class ApiClient {
    * @private
    */
   static async fetchJsonResponse(url, body) {
-    // Get API key from localStorage
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
 
     const headers = {
       'Content-Type': 'application/json',
     };
 
-    // Add Authorization header if API key exists
-    if (apiKey) {
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 
@@ -296,9 +305,14 @@ export class ApiClient {
       'Accept': 'application/json',
     };
 
-    // Add Authorization header if API key exists
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
-    if (apiKey) {
+    
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 
@@ -328,9 +342,14 @@ export class ApiClient {
       'Accept': 'application/json',
     };
 
-    // Add Authorization header if API key exists
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
-    if (apiKey) {
+    
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 
@@ -362,9 +381,14 @@ export class ApiClient {
       'Accept': 'application/json',
     };
 
-    // Add Authorization header if API key exists
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
-    if (apiKey) {
+    
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 
@@ -394,9 +418,14 @@ export class ApiClient {
       'Accept': 'application/json',
     };
 
-    // Add Authorization header if API key exists
+    // Get authentication tokens from localStorage
+    const jwtToken = localStorage.getItem('jwt_token');
     const apiKey = localStorage.getItem('api_key');
-    if (apiKey) {
+    
+    // Add Authorization header with JWT token if available, otherwise use API key
+    if (jwtToken) {
+      headers['Authorization'] = `Bearer ${jwtToken}`;
+    } else if (apiKey) {
       headers['Authorization'] = `Bearer ${apiKey}`;
     }
 

public/js/auth-ui.js

@@ -85,6 +85,7 @@ function logout() {
   // Clear authentication data
   localStorage.removeItem('api_key');
   localStorage.removeItem('username');
+  localStorage.removeItem('jwt_token'); // Also clear JWT token
 
   // Update UI
   updateNavbar();

public/js/main.js

@@ -184,12 +184,34 @@ function initLoginPage() {
       // Import the API client
       const { ApiClient } = await import('./api-client.js');
 
-      // Check subscription status
+      // Import Supabase client for JWT authentication
+      const { createClient } = await import('https://cdn.jsdelivr.net/npm/@supabase/supabase-js@2/+esm');
+      const supabaseUrl = 'https://arokhsfbkdnfuklmqajh.supabase.co'; // Should match server config
+      const supabaseAnonKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFyb2toc2Zia2RuZnVrbG1xYWpoIiwicm9sZSI6ImFub24iLCJpYXQiOjE2ODI0NTI4MDAsImV4cCI6MTk5ODAyODgwMH0.KxwHdxWXLLrJtFzLAYI-fwzgz8m5xsHD4XGdNw_xJm8'; // Public anon key
+      const supabase = createClient(supabaseUrl, supabaseAnonKey);
+      
+      // Sign in with Supabase to get JWT token
+      const { data: authData, error: authError } = await supabase.auth.signInWithPassword({
+        email,
+        password
+      });
+      
+      if (authError) {
+        console.error('Supabase auth error:', authError);
+        // Continue with subscription check even if Supabase auth fails
+        // This allows backward compatibility with existing users
+      } else if (authData && authData.session) {
+        // Store JWT token in localStorage
+        localStorage.setItem('jwt_token', authData.session.access_token);
+        console.log('JWT token stored successfully');
+      }
+      
+      // Check subscription status (existing flow)
       const subscriptionStatus = await ApiClient.checkSubscriptionStatus(email);
       console.log('Subscription status:', subscriptionStatus);
 
       if (subscriptionStatus.has_subscription) {
-        // User has an active subscription, store the email as an API key
+        // User has an active subscription, store the email as an API key (for backward compatibility)
         localStorage.setItem('api_key', email);
         localStorage.setItem('username', email);
         localStorage.setItem('subscription_data', JSON.stringify(subscriptionStatus));
@@ -302,6 +324,34 @@ function initRegisterPage() {
       // Import the API client
       const { ApiClient } = await import('./api-client.js');
 
+      // Import Supabase client for JWT authentication
+      const { createClient } = await import('https://cdn.jsdelivr.net/npm/@supabase/supabase-js@2/+esm');
+      const supabaseUrl = 'https://arokhsfbkdnfuklmqajh.supabase.co'; // Should match server config
+      const supabaseAnonKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFyb2toc2Zia2RuZnVrbG1xYWpoIiwicm9sZSI6ImFub24iLCJpYXQiOjE2ODI0NTI4MDAsImV4cCI6MTk5ODAyODgwMH0.KxwHdxWXLLrJtFzLAYI-fwzgz8m5xsHD4XGdNw_xJm8'; // Public anon key
+      const supabase = createClient(supabaseUrl, supabaseAnonKey);
+      
+      // Register user with Supabase to get JWT token
+      const { data: authData, error: authError } = await supabase.auth.signUp({
+        email,
+        password,
+        options: {
+          data: {
+            plan: selectedPlan,
+            payment_method: selectedPayment
+          }
+        }
+      });
+      
+      if (authError) {
+        console.error('Supabase auth error:', authError);
+        // Continue with subscription creation even if Supabase auth fails
+        // This allows backward compatibility with existing users
+      } else if (authData && authData.session) {
+        // Store JWT token in localStorage
+        localStorage.setItem('jwt_token', authData.session.access_token);
+        console.log('JWT token stored successfully');
+      }
+      
       // Create subscription using the API
       const subscriptionData = await ApiClient.createSubscription(email, selectedPlan, selectedPayment);
       console.log('Subscription created:', subscriptionData);
@@ -342,19 +392,19 @@ function initRegisterPage() {
           <div style="margin-bottom: 15px;">
             <label style="display: block; font-weight: 600; margin-bottom: 5px;">Amount:</label>
             <div style="display: flex; align-items: center;">
-              <input type="text" value="${cryptoAmount} ${coin}" readonly 
+              <input type="text" value="${cryptoAmount} ${coin}" readonly
                 style="flex: 1; padding: 8px; border: 1px solid #d1d5db; border-radius: 4px; background-color: #f9fafb;">
-              <button onclick="navigator.clipboard.writeText('${cryptoAmount} ${coin}').then(() => this.textContent = 'Copied!'); setTimeout(() => this.textContent = 'Copy', 2000)" 
+              <button onclick="navigator.clipboard.writeText('${cryptoAmount} ${coin}').then(() => this.textContent = 'Copied!'); setTimeout(() => this.textContent = 'Copy', 2000)"
                 style="margin-left: 8px; padding: 8px 12px; background-color: #f3f4f6; border: 1px solid #d1d5db; border-radius: 4px; cursor: pointer;">Copy</button>
             </div>
           </div>
           
           <div style="margin-bottom: 15px;">
             <label style="display: block; font-weight: 600; margin-bottom: 5px;">Address:</label>
             <div style="display: flex; align-items: center;">
-              <input type="text" value="${paymentAddress}" readonly 
+              <input type="text" value="${paymentAddress}" readonly
                 style="flex: 1; padding: 8px; border: 1px solid #d1d5db; border-radius: 4px; background-color: #f9fafb;">
-              <button onclick="navigator.clipboard.writeText('${paymentAddress}').then(() => this.textContent = 'Copied!'); setTimeout(() => this.textContent = 'Copy', 2000)" 
+              <button onclick="navigator.clipboard.writeText('${paymentAddress}').then(() => this.textContent = 'Copied!'); setTimeout(() => this.textContent = 'Copy', 2000)"
                 style="margin-left: 8px; padding: 8px 12px; background-color: #f3f4f6; border: 1px solid #d1d5db; border-radius: 4px; cursor: pointer;">Copy</button>
             </div>
           </div>

src/middleware/auth-middleware.js

@@ -1,5 +1,6 @@
 import { apiKeyService } from '../services/api-key-service.js';
 import { errorUtils } from '../utils/error-utils.js';
+import { supabase, supabaseUtils } from '../utils/supabase.js';
 
 /**
  * Authentication middleware
@@ -28,15 +29,38 @@ export async function authMiddleware(c, next) {
 
     // Check Authorization header (Bearer token)
     if (authHeader && authHeader.startsWith('Bearer ')) {
-      const apiKey = authHeader.substring(7);
-      user = await apiKeyService.validateApiKey(apiKey);
-    } 
+      const token = authHeader.substring(7);
+      
+      // First, try to validate as JWT token
+      try {
+        // Verify JWT token with Supabase
+        const supabaseUser = await supabaseUtils.verifyJwtToken(token);
+        
+        if (supabaseUser) {
+          // Get user from database using email
+          user = await apiKeyService._getUserByEmail(supabaseUser.email);
+          
+          if (!user) {
+            // Create user if not exists
+            user = await apiKeyService._createUserIfNotExists(supabaseUser.email);
+          }
+        }
+      } catch (jwtError) {
+        console.log('JWT validation failed, trying as API key:', jwtError.message);
+      }
+      
+      // If JWT validation failed, try as API key
+      if (!user) {
+        // Try to validate as API key
+        user = await apiKeyService.validateApiKey(token);
+      }
+    }
     // Check X-API-Key header (for backward compatibility)
     else if (apiKeyHeader) {
       // If it looks like an API key (starts with pfs_), validate it
       if (apiKeyHeader.startsWith('pfs_')) {
         user = await apiKeyService.validateApiKey(apiKeyHeader);
-      } 
+      }
       // Otherwise, treat it as an email address (legacy behavior)
       else {
         const email = apiKeyHeader;
@@ -49,8 +73,8 @@ export async function authMiddleware(c, next) {
     }
 
     if (!user) {
-      return c.json({ 
-        error: 'Unauthorized. Valid API key required.', 
+      return c.json({
+        error: 'Unauthorized. Valid API key or JWT token required.',
         subscription_required: true,
         subscription_url: `${process.env.API_BASE_URL || 'https://pdf.profullstack.com'}/subscription`
       }, 401);

src/utils/supabase.js

@@ -1,61 +1,28 @@
 import { createClient } from '@supabase/supabase-js';
-import fs from 'fs';
+import dotenvFlow from 'dotenv-flow';
 import path from 'path';
 import { fileURLToPath } from 'url';
 
-/**
- * Read environment variables directly from .env file
- */
-function readEnvFile() {
-  try {
-    const __dirname = path.dirname(fileURLToPath(import.meta.url));
-    const envPath = path.resolve(__dirname, '../../.env');
-    
-    if (fs.existsSync(envPath)) {
-      const envContent = fs.readFileSync(envPath, 'utf8');
-      const envVars = {};
-      
-      envContent.split('\n').forEach(line => {
-        // Skip comments and empty lines
-        if (line.startsWith('#') || !line.trim()) return;
-        
-        // Parse key=value pairs
-        const match = line.match(/^([^=]+)=(.*)$/);
-        if (match) {
-          const key = match[1].trim();
-          const value = match[2].trim();
-          envVars[key] = value;
-        }
-      });
-      
-      return envVars;
-    }
-  } catch (error) {
-    console.error('Error reading .env file:', error);
-  }
-  
-  return {};
-}
-
-const envVars = readEnvFile();
+// Load environment variables from .env files
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const rootDir = path.resolve(__dirname, '../../');
+dotenvFlow.config({ path: rootDir });
 
 /**
  * Supabase configuration
  */
-const supabaseUrl = envVars.SUPABASE_URL || process.env.SUPABASE_URL || 'https://arokhsfbkdnfuklmqajh.supabase.co';
+const supabaseUrl = process.env.SUPABASE_URL || 'https://arokhsfbkdnfuklmqajh.supabase.co';
 // Use service role key for server-side operations to bypass RLS
-const supabaseKey = envVars.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_SERVICE_ROLE_KEY || envVars.SUPABASE_KEY || process.env.SUPABASE_KEY;
+const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_KEY;
 
 // Log environment variables for debugging
 console.log('Supabase configuration:');
 console.log('SUPABASE_URL:', supabaseUrl);
 console.log('SUPABASE_KEY exists:', !!supabaseKey);
-console.log('SUPABASE_KEY from .env file:', !!envVars.SUPABASE_KEY);
 console.log('SUPABASE_KEY from process.env:', !!process.env.SUPABASE_KEY);
-console.log('SUPABASE_SERVICE_ROLE_KEY from .env file:', !!envVars.SUPABASE_SERVICE_ROLE_KEY);
 console.log('SUPABASE_SERVICE_ROLE_KEY from process.env:', !!process.env.SUPABASE_SERVICE_ROLE_KEY);
 console.log('SUPABASE_KEY length:', supabaseKey ? supabaseKey.length : 0);
-console.log('Using service role key:', !!(envVars.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_SERVICE_ROLE_KEY));
+console.log('Using service role key:', !!process.env.SUPABASE_SERVICE_ROLE_KEY);
 console.log('NODE_ENV:', process.env.NODE_ENV);
 
 // Log all environment variables for debugging (without showing sensitive values)
@@ -102,6 +69,27 @@ export const supabase = supabaseClient;
  * Utility functions for Supabase operations
  */
 export const supabaseUtils = {
+  /**
+   * Verify a JWT token
+   * @param {string} token - JWT token to verify
+   * @returns {Promise<Object|null>} - User data if valid, null otherwise
+   */
+  async verifyJwtToken(token) {
+    try {
+      const { data, error } = await supabase.auth.getUser(token);
+      
+      if (error) {
+        console.error('JWT verification error:', error);
+        return null;
+      }
+      
+      return data.user;
+    } catch (error) {
+      console.error('Error verifying JWT token:', error);
+      return null;
+    }
+  },
+
   /**
    * Store a document in Supabase storage
    * @param {Buffer} buffer - Document buffer