@chevre/domain 21.30.0-alpha.30 → 21.30.0-alpha.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/example/src/chevre/findValidAuthorization.ts +3 -1
- package/lib/chevre/credentials.d.ts +0 -4
- package/lib/chevre/credentials.js +3 -6
- package/lib/chevre/repo/code.d.ts +2 -1
- package/lib/chevre/repo/code.js +8 -7
- package/lib/chevre/repo/mongoose/schemas/authorization.js +2 -1
- package/lib/chevre/service/code.d.ts +9 -0
- package/lib/chevre/service/code.js +16 -9
- package/lib/chevre/service/transaction/placeOrderInProgress/confirm.js +2 -1
- package/lib/chevre/service/transaction/placeOrderInProgress/publishCode.d.ts +2 -0
- package/lib/chevre/service/transaction/placeOrderInProgress/publishCode.js +2 -1
- package/package.json +2 -2
|
@@ -27,7 +27,9 @@ async function main() {
|
|
|
27
27
|
const token = await (await chevre.service.code.createService()).getToken({
|
|
28
28
|
project,
|
|
29
29
|
code: CODE,
|
|
30
|
-
expiresIn: 18000
|
|
30
|
+
expiresIn: 18000,
|
|
31
|
+
issuer: 'https://example.com',
|
|
32
|
+
audience: 'https://example.com'
|
|
31
33
|
})({
|
|
32
34
|
authorization: authorizationRepo
|
|
33
35
|
});
|
|
@@ -55,12 +55,9 @@ exports.credentials = {
|
|
|
55
55
|
jwt: {
|
|
56
56
|
secret: process.env.TOKEN_SECRET,
|
|
57
57
|
// RESOURCE_SERVER_IDENTIFIERとは分離して指定可能に拡張(2024-05-02~)
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
issuer: (typeof process.env.TOKEN_ISSUER_BY_AUTHORIZATION === 'string')
|
|
62
|
-
? process.env.TOKEN_ISSUER_BY_AUTHORIZATION
|
|
63
|
-
: process.env.RESOURCE_SERVER_IDENTIFIER,
|
|
58
|
+
// issuer: (typeof process.env.TOKEN_ISSUER_BY_AUTHORIZATION === 'string')
|
|
59
|
+
// ? process.env.TOKEN_ISSUER_BY_AUTHORIZATION
|
|
60
|
+
// : <string>process.env.RESOURCE_SERVER_IDENTIFIER,
|
|
64
61
|
/**
|
|
65
62
|
* トークン検証時の発行者リスト
|
|
66
63
|
*/
|
|
@@ -2,7 +2,7 @@ import type { Connection, FilterQuery } from 'mongoose';
|
|
|
2
2
|
import * as factory from '../factory';
|
|
3
3
|
export type IObject = factory.authorization.IObject;
|
|
4
4
|
export type ICode = string;
|
|
5
|
-
type IFindValidOneResult = Pick<factory.authorization.IAuthorization, 'object' | 'typeOf'> & {
|
|
5
|
+
type IFindValidOneResult = Pick<factory.authorization.IAuthorization, 'object' | 'typeOf' | 'audience'> & {
|
|
6
6
|
id: string;
|
|
7
7
|
};
|
|
8
8
|
/**
|
|
@@ -24,6 +24,7 @@ export declare class AuthorizationRepo {
|
|
|
24
24
|
validFrom: Date;
|
|
25
25
|
expiresInSeconds: number;
|
|
26
26
|
audience?: factory.authorization.IAudience;
|
|
27
|
+
author: factory.authorization.IAuthor;
|
|
27
28
|
}[]): Promise<factory.authorization.IAuthorization[]>;
|
|
28
29
|
/**
|
|
29
30
|
* コードで有効な承認を参照する
|
package/lib/chevre/repo/code.js
CHANGED
|
@@ -101,9 +101,9 @@ class AuthorizationRepo {
|
|
|
101
101
|
*/
|
|
102
102
|
publish(params) {
|
|
103
103
|
return __awaiter(this, void 0, void 0, function* () {
|
|
104
|
-
const saveParams = params.map(({ project, object, validFrom, expiresInSeconds, audience }) => {
|
|
104
|
+
const saveParams = params.map(({ project, object, validFrom, expiresInSeconds, audience, author }) => {
|
|
105
105
|
const code = uuid.v4();
|
|
106
|
-
return { project, code, object, validFrom, expiresInSeconds, audience };
|
|
106
|
+
return { project, code, object, validFrom, expiresInSeconds, audience, author };
|
|
107
107
|
});
|
|
108
108
|
return this.save(saveParams);
|
|
109
109
|
});
|
|
@@ -119,15 +119,15 @@ class AuthorizationRepo {
|
|
|
119
119
|
code: { $eq: String(params.code) },
|
|
120
120
|
validFrom: { $lte: now },
|
|
121
121
|
validUntil: { $gte: now }
|
|
122
|
-
}, { object: 1, _id: 1, typeOf: 1 })
|
|
122
|
+
}, { object: 1, _id: 1, typeOf: 1, audience: 1 })
|
|
123
123
|
// projection的にleanで十分
|
|
124
124
|
// .lean<Pick<factory.authorization.IAuthorization, 'object'>>()
|
|
125
125
|
.exec();
|
|
126
126
|
if (doc === null) {
|
|
127
127
|
throw new factory.errors.NotFound(this.authorizationModel.modelName);
|
|
128
128
|
}
|
|
129
|
-
const { id, object, typeOf } = doc.toObject();
|
|
130
|
-
return { id, object, typeOf };
|
|
129
|
+
const { id, object, typeOf, audience } = doc.toObject();
|
|
130
|
+
return Object.assign({ id, object, typeOf }, (typeof (audience === null || audience === void 0 ? void 0 : audience.id) === 'string') ? { audience } : undefined);
|
|
131
131
|
});
|
|
132
132
|
}
|
|
133
133
|
/**
|
|
@@ -194,11 +194,12 @@ class AuthorizationRepo {
|
|
|
194
194
|
save(params) {
|
|
195
195
|
return __awaiter(this, void 0, void 0, function* () {
|
|
196
196
|
if (params.length > 0) {
|
|
197
|
-
const docs = params.map(({ project, code, object, validFrom, expiresInSeconds, audience }) => {
|
|
197
|
+
const docs = params.map(({ project, code, object, validFrom, expiresInSeconds, audience, author }) => {
|
|
198
198
|
const validUntil = moment(validFrom)
|
|
199
199
|
.add(expiresInSeconds, 'seconds')
|
|
200
200
|
.toDate();
|
|
201
|
-
return Object.assign({ project, typeOf: 'Authorization',
|
|
201
|
+
return Object.assign({ project, typeOf: 'Authorization', author,
|
|
202
|
+
code,
|
|
202
203
|
object,
|
|
203
204
|
validFrom,
|
|
204
205
|
validUntil }, (typeof (audience === null || audience === void 0 ? void 0 : audience.id) === 'string') ? { audience } : undefined);
|
|
@@ -28,7 +28,8 @@ const schemaDefinition = {
|
|
|
28
28
|
type: Date,
|
|
29
29
|
required: true
|
|
30
30
|
},
|
|
31
|
-
audience: mongoose_1.SchemaTypes.Mixed
|
|
31
|
+
audience: mongoose_1.SchemaTypes.Mixed,
|
|
32
|
+
author: mongoose_1.SchemaTypes.Mixed // add(2024-05-02~)
|
|
32
33
|
};
|
|
33
34
|
const schemaOptions = {
|
|
34
35
|
autoIndex: settings_1.MONGO_AUTO_INDEX,
|
|
@@ -5,6 +5,7 @@ type IToken = string;
|
|
|
5
5
|
type ICode = string;
|
|
6
6
|
interface IPayload {
|
|
7
7
|
sub: string;
|
|
8
|
+
aud?: string;
|
|
8
9
|
token_use: string;
|
|
9
10
|
iss: string;
|
|
10
11
|
exp: number;
|
|
@@ -24,6 +25,14 @@ declare function getToken(params: {
|
|
|
24
25
|
};
|
|
25
26
|
code: ICode;
|
|
26
27
|
expiresIn: number;
|
|
28
|
+
/**
|
|
29
|
+
* jtw.payload.iss
|
|
30
|
+
*/
|
|
31
|
+
issuer: string;
|
|
32
|
+
/**
|
|
33
|
+
* jtw.payload.aud
|
|
34
|
+
*/
|
|
35
|
+
audience: string;
|
|
27
36
|
}): (repos: {
|
|
28
37
|
authorization: AuthorizationRepo;
|
|
29
38
|
}) => Promise<IToken>;
|
|
@@ -16,6 +16,7 @@ exports.verifyToken = exports.getToken = void 0;
|
|
|
16
16
|
const jwt = require("jsonwebtoken");
|
|
17
17
|
const factory = require("../factory");
|
|
18
18
|
const credentials_1 = require("../credentials");
|
|
19
|
+
const ALGORITHM = 'HS256';
|
|
19
20
|
/**
|
|
20
21
|
* コードをトークンに変換する
|
|
21
22
|
*/
|
|
@@ -31,16 +32,22 @@ function getToken(params) {
|
|
|
31
32
|
project: { id: params.project.id },
|
|
32
33
|
code: params.code
|
|
33
34
|
});
|
|
35
|
+
const isAuthorize4order = (!Array.isArray(authorization.object) && authorization.object.typeOf === factory.order.OrderType.Order);
|
|
36
|
+
const payload = Object.assign(Object.assign({}, (isAuthorize4order) ? authorization.object : undefined), {
|
|
37
|
+
// sub: authorization.id, // 拡張(2024-05-01~)
|
|
38
|
+
token_use: 'access', version: credentials_1.credentials.jwt.version, 'chevre:typeOf': authorization.typeOf // 拡張(2024-05-01~)
|
|
39
|
+
});
|
|
40
|
+
if (typeof params.issuer !== 'string' || params.issuer.length === 0) {
|
|
41
|
+
throw new factory.errors.ArgumentNull('issuer');
|
|
42
|
+
}
|
|
34
43
|
return new Promise((resolve, reject) => {
|
|
35
44
|
// 所有権を暗号化する
|
|
36
|
-
jwt.sign(
|
|
37
|
-
//
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
subject: authorization.id // 拡張(2024-05-01~)
|
|
43
|
-
}, (err, encoded) => {
|
|
45
|
+
jwt.sign(payload, credentials_1.credentials.jwt.secret, Object.assign({ algorithm: ALGORITHM,
|
|
46
|
+
// issuer: credentials.jwt.issuer,
|
|
47
|
+
issuer: params.issuer, expiresIn: params.expiresIn, subject: authorization.id }, (typeof params.audience === 'string')
|
|
48
|
+
? { audience: params.audience }
|
|
49
|
+
: undefined // 拡張(2024-05-02~)
|
|
50
|
+
), (err, encoded) => {
|
|
44
51
|
if (err instanceof Error) {
|
|
45
52
|
reject(err);
|
|
46
53
|
}
|
|
@@ -76,7 +83,7 @@ function verifyToken(params) {
|
|
|
76
83
|
}
|
|
77
84
|
try {
|
|
78
85
|
payload = yield new Promise((resolve, reject) => {
|
|
79
|
-
jwt.verify(params.token, credentials_1.credentials.jwt.secret, Object.assign({
|
|
86
|
+
jwt.verify(params.token, credentials_1.credentials.jwt.secret, Object.assign({ algorithms: [ALGORITHM],
|
|
80
87
|
// 互換性維持のために複数対応(2024-05-02~)
|
|
81
88
|
// issuer: credentials.jwt.issuer,
|
|
82
89
|
issuer: credentials_1.credentials.jwt.issuers }, (Array.isArray(params.audience)) ? { audience: params.audience } : undefined), (err, decoded) => {
|
|
@@ -68,7 +68,8 @@ function confirm(params) {
|
|
|
68
68
|
project: { id: transaction.project.id },
|
|
69
69
|
object: { orderNumber },
|
|
70
70
|
validFrom: params.result.order.orderDate,
|
|
71
|
-
expiresInSeconds: publishCodeExpiresInSeconds
|
|
71
|
+
expiresInSeconds: publishCodeExpiresInSeconds,
|
|
72
|
+
author: { id: transaction.agent.id, typeOf: transaction.agent.typeOf }
|
|
72
73
|
})(repos);
|
|
73
74
|
}
|
|
74
75
|
let acceptedOffers;
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { AuthorizationRepo } from '../../../repo/code';
|
|
2
|
+
import * as factory from '../../../factory';
|
|
2
3
|
declare function publishCode(params: {
|
|
3
4
|
project: {
|
|
4
5
|
id: string;
|
|
@@ -8,6 +9,7 @@ declare function publishCode(params: {
|
|
|
8
9
|
};
|
|
9
10
|
validFrom: Date;
|
|
10
11
|
expiresInSeconds: number;
|
|
12
|
+
author: factory.authorization.IAuthor;
|
|
11
13
|
}): (repos: {
|
|
12
14
|
authorization: AuthorizationRepo;
|
|
13
15
|
}) => Promise<string>;
|
|
@@ -24,7 +24,8 @@ function publishCode(params) {
|
|
|
24
24
|
project: { id: params.project.id, typeOf: factory.organizationType.Project },
|
|
25
25
|
object: authorizationObject,
|
|
26
26
|
validFrom: params.validFrom,
|
|
27
|
-
expiresInSeconds: params.expiresInSeconds
|
|
27
|
+
expiresInSeconds: params.expiresInSeconds,
|
|
28
|
+
author: params.author
|
|
28
29
|
}]);
|
|
29
30
|
}
|
|
30
31
|
catch (error) {
|
package/package.json
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
],
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@aws-sdk/credential-providers": "3.433.0",
|
|
13
|
-
"@chevre/factory": "4.369.0-alpha.
|
|
13
|
+
"@chevre/factory": "4.369.0-alpha.6",
|
|
14
14
|
"@cinerino/sdk": "5.18.0-alpha.16",
|
|
15
15
|
"@motionpicture/coa-service": "9.4.0",
|
|
16
16
|
"@motionpicture/gmo-service": "5.3.0",
|
|
@@ -110,5 +110,5 @@
|
|
|
110
110
|
"postversion": "git push origin --tags",
|
|
111
111
|
"prepublishOnly": "npm run clean && npm run build && npm test && npm run doc"
|
|
112
112
|
},
|
|
113
|
-
"version": "21.30.0-alpha.
|
|
113
|
+
"version": "21.30.0-alpha.32"
|
|
114
114
|
}
|