Initial commit: Shattered Void MMO foundation

- Complete PostgreSQL database schema with 21+ tables - Express.js server with dual authentication (player/admin) - WebSocket support for real-time features - Comprehensive middleware (auth, validation, logging, security) - Game systems: colonies, resources, fleets, research, factions - Plugin-based combat architecture - Admin panel foundation - Production-ready logging and error handling - Docker support and CI/CD ready - Complete project structure following CLAUDE.md patterns 🤖 Generated with Claude Code (https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-02 02:13:05 +00:00 · 2025-08-02 02:13:05 +00:00 · 1a60cf55a3
commit 1a60cf55a3
69 changed files with 24471 additions and 0 deletions
--- a/src/middleware/admin.middleware.js
+++ b/src/middleware/admin.middleware.js
@ -0,0 +1,359 @@
+/**
+ * Admin Authentication Middleware
+ * Handles JWT token validation and permission checking for admin endpoints
+ */
+
+const { verifyAdminToken, extractTokenFromHeader } = require('../utils/jwt');
+const logger = require('../utils/logger');
+
+/**
+ * Middleware to authenticate admin requests
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ * @param {Function} next - Express next function
+ */
+async function authenticateAdmin(req, res, next) {
+    try {
+        const correlationId = req.correlationId;
+        
+        // Extract token from Authorization header
+        const authHeader = req.get('Authorization');
+        const token = extractTokenFromHeader(authHeader);
+
+        if (!token) {
+            logger.warn('Admin authentication failed - no token provided', {
+                correlationId,
+                ip: req.ip,
+                userAgent: req.get('User-Agent'),
+                path: req.path
+            });
+
+            return res.status(401).json({
+                error: 'Authentication required',
+                message: 'No authentication token provided',
+                correlationId
+            });
+        }
+
+        // Verify the token
+        const decoded = verifyAdminToken(token);
+
+        // Add admin information to request object
+        req.user = {
+            adminId: decoded.adminId,
+            email: decoded.email,
+            username: decoded.username,
+            permissions: decoded.permissions || [],
+            type: 'admin',
+            iat: decoded.iat,
+            exp: decoded.exp
+        };
+
+        // Log admin access
+        logger.audit('Admin authenticated', {
+            correlationId,
+            adminId: decoded.adminId,
+            username: decoded.username,
+            permissions: decoded.permissions,
+            path: req.path,
+            method: req.method,
+            ip: req.ip,
+            userAgent: req.get('User-Agent')
+        });
+
+        next();
+
+    } catch (error) {
+        const correlationId = req.correlationId;
+        
+        logger.warn('Admin authentication failed', {
+            correlationId,
+            error: error.message,
+            ip: req.ip,
+            userAgent: req.get('User-Agent'),
+            path: req.path
+        });
+
+        let statusCode = 401;
+        let message = 'Invalid authentication token';
+
+        if (error.message === 'Token expired') {
+            statusCode = 401;
+            message = 'Authentication token has expired';
+        } else if (error.message === 'Invalid token') {
+            statusCode = 401;
+            message = 'Invalid authentication token';
+        }
+
+        return res.status(statusCode).json({
+            error: 'Authentication failed',
+            message,
+            correlationId
+        });
+    }
+}
+
+/**
+ * Middleware factory to check if admin has required permissions
+ * @param {string|Array<string>} requiredPermissions - Permission(s) required
+ * @returns {Function} Express middleware function
+ */
+function requirePermissions(requiredPermissions) {
+    // Normalize to array
+    const permissions = Array.isArray(requiredPermissions) 
+        ? requiredPermissions 
+        : [requiredPermissions];
+
+    return (req, res, next) => {
+        try {
+            const correlationId = req.correlationId;
+            const adminPermissions = req.user?.permissions || [];
+            const adminId = req.user?.adminId;
+            const username = req.user?.username;
+
+            if (!adminId) {
+                logger.warn('Permission check failed - no authenticated admin', {
+                    correlationId,
+                    requiredPermissions: permissions,
+                    path: req.path
+                });
+
+                return res.status(401).json({
+                    error: 'Authentication required',
+                    message: 'Admin authentication required',
+                    correlationId
+                });
+            }
+
+            // Check if admin has super admin permission (bypasses all checks)
+            if (adminPermissions.includes('super_admin')) {
+                logger.info('Permission check passed - super admin', {
+                    correlationId,
+                    adminId,
+                    username,
+                    requiredPermissions: permissions,
+                    path: req.path
+                });
+
+                return next();
+            }
+
+            // Check if admin has all required permissions
+            const hasPermissions = permissions.every(permission => 
+                adminPermissions.includes(permission)
+            );
+
+            if (!hasPermissions) {
+                const missingPermissions = permissions.filter(permission => 
+                    !adminPermissions.includes(permission)
+                );
+
+                logger.warn('Permission check failed - insufficient permissions', {
+                    correlationId,
+                    adminId,
+                    username,
+                    adminPermissions,
+                    requiredPermissions: permissions,
+                    missingPermissions,
+                    path: req.path,
+                    method: req.method
+                });
+
+                return res.status(403).json({
+                    error: 'Insufficient permissions',
+                    message: 'You do not have the required permissions to access this resource',
+                    requiredPermissions: permissions,
+                    correlationId
+                });
+            }
+
+            logger.info('Permission check passed', {
+                correlationId,
+                adminId,
+                username,
+                requiredPermissions: permissions,
+                path: req.path
+            });
+
+            next();
+
+        } catch (error) {
+            logger.error('Permission check error', {
+                correlationId: req.correlationId,
+                error: error.message,
+                stack: error.stack,
+                requiredPermissions: permissions
+            });
+
+            return res.status(500).json({
+                error: 'Internal server error',
+                message: 'Failed to verify permissions',
+                correlationId: req.correlationId
+            });
+        }
+    };
+}
+
+/**
+ * Middleware to check if admin can access player-specific resources
+ * Requires 'player_management' permission or ownership
+ * @param {string} paramName - Parameter name containing the player ID
+ * @returns {Function} Express middleware function
+ */
+function requirePlayerAccess(paramName = 'playerId') {
+    return (req, res, next) => {
+        try {
+            const correlationId = req.correlationId;
+            const adminPermissions = req.user?.permissions || [];
+            const adminId = req.user?.adminId;
+            const username = req.user?.username;
+            const targetPlayerId = req.params[paramName];
+
+            if (!adminId) {
+                return res.status(401).json({
+                    error: 'Authentication required',
+                    correlationId
+                });
+            }
+
+            // Super admin can access everything
+            if (adminPermissions.includes('super_admin')) {
+                return next();
+            }
+
+            // Check for player management permission
+            if (adminPermissions.includes('player_management')) {
+                logger.info('Player access granted - player management permission', {
+                    correlationId,
+                    adminId,
+                    username,
+                    targetPlayerId,
+                    path: req.path
+                });
+                return next();
+            }
+
+            // Check for read-only player data permission for GET requests
+            if (req.method === 'GET' && adminPermissions.includes('player_data_read')) {
+                logger.info('Player access granted - read-only permission', {
+                    correlationId,
+                    adminId,
+                    username,
+                    targetPlayerId,
+                    path: req.path
+                });
+                return next();
+            }
+
+            logger.warn('Player access denied - insufficient permissions', {
+                correlationId,
+                adminId,
+                username,
+                adminPermissions,
+                targetPlayerId,
+                path: req.path,
+                method: req.method
+            });
+
+            return res.status(403).json({
+                error: 'Insufficient permissions',
+                message: 'You do not have permission to access player data',
+                correlationId
+            });
+
+        } catch (error) {
+            logger.error('Player access check error', {
+                correlationId: req.correlationId,
+                error: error.message,
+                stack: error.stack
+            });
+
+            return res.status(500).json({
+                error: 'Internal server error',
+                message: 'Failed to verify player access permissions',
+                correlationId: req.correlationId
+            });
+        }
+    };
+}
+
+/**
+ * Middleware to log admin actions for audit purposes
+ * @param {string} action - Action being performed
+ * @returns {Function} Express middleware function
+ */
+function auditAdminAction(action) {
+    return (req, res, next) => {
+        try {
+            const correlationId = req.correlationId;
+            const adminId = req.user?.adminId;
+            const username = req.user?.username;
+
+            // Log the action
+            logger.audit('Admin action initiated', {
+                correlationId,
+                adminId,
+                username,
+                action,
+                path: req.path,
+                method: req.method,
+                params: req.params,
+                query: req.query,
+                ip: req.ip,
+                userAgent: req.get('User-Agent')
+            });
+
+            // Override res.json to log the response
+            const originalJson = res.json;
+            res.json = function(data) {
+                logger.audit('Admin action completed', {
+                    correlationId,
+                    adminId,
+                    username,
+                    action,
+                    path: req.path,
+                    method: req.method,
+                    statusCode: res.statusCode,
+                    success: res.statusCode < 400
+                });
+
+                return originalJson.call(this, data);
+            };
+
+            next();
+
+        } catch (error) {
+            logger.error('Admin audit logging error', {
+                correlationId: req.correlationId,
+                error: error.message,
+                stack: error.stack,
+                action
+            });
+
+            // Continue even if audit logging fails
+            next();
+        }
+    };
+}
+
+/**
+ * Common admin permission constants
+ */
+const ADMIN_PERMISSIONS = {
+    SUPER_ADMIN: 'super_admin',
+    PLAYER_MANAGEMENT: 'player_management',
+    PLAYER_DATA_READ: 'player_data_read',
+    SYSTEM_MANAGEMENT: 'system_management',
+    GAME_MANAGEMENT: 'game_management',
+    EVENT_MANAGEMENT: 'event_management',
+    ANALYTICS_READ: 'analytics_read',
+    CONTENT_MANAGEMENT: 'content_management'
+};
+
+module.exports = {
+    authenticateAdmin,
+    requirePermissions,
+    requirePlayerAccess,
+    auditAdminAction,
+    ADMIN_PERMISSIONS
+};