@chevre/domain 22.11.0-alpha.1 → 22.11.0-alpha.11

package/example/src/chevre/stockHolder/checkRedisKeyCount.ts

@@ -38,7 +38,6 @@ function countRedisKeyByProject(params: {
             {
                 'project.id': {
                     $eq: params.project.id
-                    // $in: useMongoAsStockHolderProjects
                 },
                 // startDate: {
                 //     $gte: params.now
@@ -93,30 +92,22 @@ function countRedisKeyByProject(params: {
 async function main() {
     const eventRepo = await chevre.repository.Event.createInstance(mongoose.connection);
     const projectRepo = await chevre.repository.Project.createInstance(mongoose.connection);
-    const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
+    // const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
     const stockHolderRepo = await chevre.repository.StockHolder.createInstance(
         client,
         mongoose.connection
     );
 
-    const setting = await settingRepo.findOne(
-        { project: { id: { $eq: '*' } } },
-        ['useMongoAsStockHolderProjects', 'useMongoAsStockHolder']
-    );
-    const useMongoAsStockHolder = setting?.useMongoAsStockHolder === true;
-    let useMongoAsStockHolderProjects =
-        (Array.isArray(setting?.useMongoAsStockHolderProjects)) ? setting?.useMongoAsStockHolderProjects : [];
-    if (useMongoAsStockHolder) {
-        // 全プロジェクト
-        useMongoAsStockHolderProjects = (await projectRepo.projectFields(
-            {
-                // id: { $eq: 'xxx' }
-            },
-            ['id']
-        )).map(({ id }) => id);
-    }
+    let checkingProjects: string[] = [];
+    // 全プロジェクト
+    checkingProjects = (await projectRepo.projectFields(
+        {
+            // id: { $eq: 'xxx' }
+        },
+        ['id']
+    )).map(({ id }) => id);
 
-    useMongoAsStockHolderProjects = useMongoAsStockHolderProjects.filter((id) => id.slice(0, 6) !== 'sskts-');
+    checkingProjects = checkingProjects.filter((id) => id.slice(0, 6) !== 'sskts-');
 
     const results: {
         project: { id: string };
@@ -127,7 +118,7 @@ async function main() {
     const now = moment()
         .add(0, 'days')
         .toDate();
-    for (const projectId of useMongoAsStockHolderProjects) {
+    for (const projectId of checkingProjects) {
         const { checkedCount, redisKeyCount } = await countRedisKeyByProject({
             project: { id: projectId },
             now

package/example/src/chevre/unsetUnnecessaryFields.ts

@@ -9,17 +9,20 @@ import { chevre } from '../../../lib/index';
 async function main() {
     await mongoose.connect(<string>process.env.MONGOLAB_URI, { autoIndex: false });
 
-    const aggregateOfferRepo = await chevre.repository.AggregateOffer.createInstance(mongoose.connection);
+    const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
 
     let updateResult: any;
 
-    updateResult = await aggregateOfferRepo.unsetUnnecessaryFields({
+    updateResult = await settingRepo.unsetUnnecessaryFields({
         filter: {
-            'offers.includedInDataCatalog.id': { $exists: true }
-            // _id: { $eq: 'blj55y1mo' }
+            'project.id': { $eq: '*' }
         },
         $unset: {
-            'offers.0.includedInDataCatalog': 1
+            useMongoAsStockHolder: 1,
+            useMongoAsStockHolderProjects: 1
+            // useMongo4confirmationNumberFrom: 1,
+            // useMongo4orderNumberFrom: 1,
+            // useMongo4transactionNumberFrom: 1
         }
     });
     console.log(updateResult);

package/example/src/idaas/auth0/adminApplications.ts

@@ -0,0 +1,183 @@
+// tslint:disable:no-implicit-dependencies no-console no-magic-numbers
+import { ManagementClient } from 'auth0';
+import { readFileSync } from 'fs';
+import * as moment from 'moment';
+// import * as crypto from 'crypto'; // client_secret 生成用 (PKJWTなしの場合)
+// import { JWK, importPKCS8, generateKeyPair, SignJWT } from 'jose'; // Private Key JWT 用
+
+const PUBLIC_KEY_FILE_PATH = `${__dirname}/../../samplePublicKey.pem`;
+const { AUTH0_DOMAIN, AUTH0_MGMT_CLIENT_ID, AUTH0_MGMT_CLIENT_SECRET, AUTH0_MGMT_API_AUDIENCE, AUTH0_AUDIENCE } = process.env;
+
+if (typeof AUTH0_DOMAIN !== 'string'
+    || typeof AUTH0_MGMT_CLIENT_ID !== 'string'
+    || typeof AUTH0_MGMT_CLIENT_SECRET !== 'string'
+    || typeof AUTH0_MGMT_API_AUDIENCE !== 'string'
+    || typeof AUTH0_AUDIENCE !== 'string'
+) {
+    throw new Error('set envs!');
+}
+
+// --- Auth0 ManagementClient の初期化 ---
+const management = new ManagementClient({
+    domain: AUTH0_DOMAIN,
+    clientId: AUTH0_MGMT_CLIENT_ID,
+    clientSecret: AUTH0_MGMT_CLIENT_SECRET,
+    audience: AUTH0_MGMT_API_AUDIENCE
+    // scope: 'read:clients create:clients' // 必要なスコープを明示
+});
+
+async function sleep(waitInSeconds: number) {
+    await new Promise<void>((resolve) => {
+        setTimeout(
+            () => {
+                resolve();
+            },
+            waitInSeconds
+        );
+    });
+}
+
+/**
+ * アプリケーションを検索し、存在しなければ作成します。
+ * Private Key JWT 認証を使用する前提。
+ */
+async function findOrCreateServiceAccount(
+    appName: string,
+    projectId: string,
+    roles: string[],
+    audience: string
+) {
+    try {
+        console.log('getting organization...');
+        const getOrganizationResponse = await management.organizations.getByName({
+            name: projectId
+        });
+        const organization = getOrganizationResponse.data;
+        console.log('organization exists.', organization);
+
+        const newClient = (await management.clients.create({
+            name: appName,
+            app_type: 'non_interactive', // Machine to Machine アプリケーション
+            jwt_configuration: { // Private Key JWT の設定
+                alg: 'RS256' // 署名アルゴリズム
+            },
+            // token_endpoint_auth_method: 'client_secret_post',
+            client_authentication_methods: {
+                private_key_jwt: {
+                    credentials: [{
+                        alg: 'RS256',
+                        /**
+                         * Credential type. Supported types: public_key.
+                         *
+                         */
+                        credential_type: 'public_key',
+                        // name?: string;
+                        pem: readFileSync(PUBLIC_KEY_FILE_PATH, 'utf8')
+
+                    }]
+                }
+            },
+            grant_types: ['client_credentials'],
+            organization_usage: 'require', // 組織での利用を許可
+            default_organization: {
+                organization_id: organization.id,
+                flows: ['client_credentials']
+            },
+            oidc_conformant: true,
+            client_metadata: {
+                roles: JSON.stringify(roles)
+            }
+        })).data;
+        console.log(`Successfully created new application: ${newClient.client_id} (${newClient.name})`);
+
+        console.log(`checking clientGrant... ${newClient.client_id} (${newClient.name})`);
+        await sleep(3000);
+
+        let clientGrant = (await management.clientGrants.getAll({
+            audience,
+            client_id: newClient.client_id
+        })).data.shift();
+        if (clientGrant === undefined) {
+            clientGrant = (await management.clientGrants.create({
+                client_id: newClient.client_id,
+                audience,
+                organization_usage: 'require',
+                allow_any_organization: false,
+                scope: ['iam.members.me.read']
+            })).data;
+            console.log(`clientGrant created. ${newClient.client_id} (${newClient.name})`);
+        } else {
+            console.log(`clientGrant already exists. ${newClient.client_id} (${newClient.name})`);
+        }
+
+        console.log(`checking organizationClientGrant... ${newClient.client_id} (${newClient.name})`);
+        await sleep(3000);
+        const organizationClientGrant = (await management.organizations.getOrganizationClientGrants({
+            id: organization.id,
+            audience: 'https://development.apis.smart-theater.com',
+            client_id: newClient.client_id
+        })).data.shift();
+        if (organizationClientGrant === undefined) {
+            await management.organizations.postOrganizationClientGrants(
+                {
+                    id: organization.id
+                },
+                {
+                    grant_id: clientGrant.id
+                }
+            );
+            console.log(`organizationClientGrant created. ${newClient.client_id} (${newClient.name})`);
+        } else {
+            console.log(`organizationClientGrant already exists. ${newClient.client_id} (${newClient.name})`);
+        }
+
+        // 1. アプリケーションを検索 (名前で検索するのが一般的)
+        console.log('searching for applications...');
+        await sleep(3000);
+
+        await searchClients({ organization });
+    } catch (error) {
+        console.error(`Error finding or creating application: ${error.message}`);
+        throw error;
+    }
+}
+
+async function searchClients(params: {
+    organization: { id: string };
+}) {
+    const existingApps = await management.clients.getAll({
+        include_totals: true,
+        // app_type: 'non_interactive',
+        // is_global: false,
+        // page: 0,
+        // per_page: 50,
+        // q: `name:"${appName}"`, // 名前で検索
+        q: `client_grant.organization_id:"${params.organization.id}"`,
+        // from: undefined,
+        take: 50
+        // is_client_credentials: true // Machine to Machine アプリケーションに絞る
+    });
+    const clients = existingApps.data.clients;
+    console.log(clients.length, 'existingApps exist.', clients);
+    console.log(clients.length, 'clients found.');
+}
+
+export async function run() {
+    if (typeof AUTH0_AUDIENCE !== 'string') {
+        throw new Error('set envs!');
+    }
+
+    try {
+        await findOrCreateServiceAccount(
+            `sampleServiceAccount-${moment()
+                .format('YYYY-MM-DDTHH:mm:ss')}`,
+            'cinerino',
+            ['inventoryManager', 'user'],
+            AUTH0_AUDIENCE
+        );
+    } catch (error) {
+        console.error('Failed to run provisioning script:', error);
+    }
+}
+
+run();

package/example/src/idaas/auth0/getToken.ts

@@ -0,0 +1,55 @@
+// tslint:disable:no-implicit-dependencies no-console
+interface IAuth0Config {
+    auth0Domain: string;
+    clientId: string;
+    clientSecret: string;
+    audience: string;
+}
+
+// 環境変数から機密情報を取得することを強く推奨します
+const config: IAuth0Config = {
+    auth0Domain: String(process.env.AUTH0_DOMAIN),
+    clientId: String(process.env.AUTH0_CLIENT_ID),
+    clientSecret: String(process.env.AUTH0_CLIENT_SECRET),
+    audience: String(process.env.AUTH0_AUDIENCE)
+    // scopes: process.env.OKTA_SCOPES || 'api_access_scope openid', // 必要なスコープを指定
+    // authServerId: 'aussd9v86wlIar3cX697', // デフォルト承認サーバーを使用する場合はコメントアウトまたは指定しない
+};
+
+async function getToken() {
+    try {
+        const response = await fetch(
+            `https://${config.auth0Domain}/oauth/token`,
+            {
+                method: 'POST',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({
+                    client_id: config.clientId,
+                    client_secret: config.clientSecret,
+                    audience: config.audience,
+                    grant_type: 'client_credentials'
+                    // organization: 'org_zuMP9ng42QSgZ5Kn'
+                })
+            });
+
+        if (!response.ok) {
+            console.log(await response.json());
+            throw new Error('Network response was not ok');
+        }
+
+        const data = await response.json();
+        console.log(data);
+
+        return data;
+    } catch (error) {
+        console.error('Error fetching token:', error);
+    }
+}
+
+export async function main() {
+    const token = await getToken();
+    console.log(token);
+}
+
+main()
+    .catch(console.error);

package/example/src/idaas/auth0/getTokenByPrivateKeyJWT.ts

@@ -0,0 +1,84 @@
+// tslint:disable:no-implicit-dependencies no-console
+import * as crypto from 'crypto';
+import { readFileSync } from 'fs';
+import { SignJWT } from 'jose';
+import * as uuid from 'uuid';
+
+const PRIVATE_KEY_FILE_PATH = `${__dirname}/../../samplePrivateKey.pem`;
+
+interface IAuth0Config {
+    auth0Domain: string;
+    clientId: string;
+    privateKeyContent: string; // PEM形式の秘密鍵の内容 (例: fs.readFileSync('private_key.pem', 'utf8'))
+    audience: string;
+}
+
+// 環境変数から機密情報を取得することを強く推奨します
+const auth0config: IAuth0Config = {
+    auth0Domain: String(process.env.AUTH0_DOMAIN),
+    clientId: String(process.env.AUTH0_CLIENT_ID),
+    // keyId: 'xxx',
+    privateKeyContent: readFileSync(PRIVATE_KEY_FILE_PATH, 'utf8'), // 秘密鍵の内容を読み込む
+    audience: String(process.env.AUTH0_AUDIENCE)
+    // scopes: process.env.OKTA_SCOPES || 'api_access_scope openid', // 必要なスコープを指定
+    // authServerId: 'aussd9v86wlIar3cX697', // デフォルト承認サーバーを使用する場合はコメントアウトまたは指定しない
+};
+
+async function generateJwtAssertion(config: IAuth0Config) {
+    const privateKeyPEM = crypto.createPrivateKey(readFileSync(PRIVATE_KEY_FILE_PATH, 'utf8'));
+
+    return new SignJWT({})
+        .setProtectedHeader({
+            alg: 'RS256' // or RS384 or PS256
+            // kid: '(OPTIONAL) KID_GENERATED_BY_AUTH0'
+        })
+        .setIssuedAt()
+        .setIssuer(config.clientId)
+        .setSubject(config.clientId)
+        .setAudience(`https://${config.auth0Domain}/`)
+        .setExpirationTime('1m')
+        .setJti(uuid.v4())
+        .sign(privateKeyPEM);
+}
+
+async function getToken() {
+    try {
+        const jwtAssertion = await generateJwtAssertion(auth0config);
+        console.log('jwtAssertion:', jwtAssertion);
+
+        const body = new URLSearchParams({
+            grant_type: 'client_credentials',
+            client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+            client_assertion: jwtAssertion,
+            audience: auth0config.audience
+            // scope: config.scopes,
+        }).toString();
+        const response = await fetch(
+            `https://${auth0config.auth0Domain}/oauth/token`,
+            {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: body
+            });
+
+        if (!response.ok) {
+            console.log(await response.json());
+            throw new Error('Network response was not ok');
+        }
+
+        const data = await response.json();
+        console.log(data);
+
+        return data;
+    } catch (error) {
+        console.error('Error fetching token:', error);
+    }
+}
+
+export async function main() {
+    const token = await getToken();
+    console.log(token);
+}
+
+main()
+    .catch(console.error);

package/lib/chevre/index.d.ts

@@ -3,7 +3,6 @@
  */
 import type * as COAService from '@motionpicture/coa-service';
 import type * as GMOService from '@motionpicture/gmo-service';
-import type * as AdminAuth from './adminAuth';
 import type * as Pecorinoapi from './pecorinoapi';
 import { credentials } from './credentials';
 import * as errorHandler from './errorHandler';
@@ -13,7 +12,6 @@ import * as repository from './repository';
 import * as service from './service';
 import * as settings from './settings';
 export { credentials, errorHandler, eventEmitter, factory, repository, service, settings };
-export declare function loadAdminAuth(): Promise<typeof AdminAuth>;
 export declare function loadPecorinoapi(): Promise<typeof Pecorinoapi>;
 export type COA = typeof COAService;
 export declare function loadCOA(): Promise<typeof COAService>;

package/lib/chevre/index.js

@@ -10,7 +10,6 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.settings = exports.service = exports.repository = exports.factory = exports.eventEmitter = exports.errorHandler = exports.credentials = void 0;
-exports.loadAdminAuth = loadAdminAuth;
 exports.loadPecorinoapi = loadPecorinoapi;
 exports.loadCOA = loadCOA;
 exports.loadGMO = loadGMO;
@@ -28,15 +27,6 @@ const service = require("./service");
 exports.service = service;
 const settings = require("./settings");
 exports.settings = settings;
-let adminAuth;
-function loadAdminAuth() {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (adminAuth === undefined) {
-            adminAuth = yield Promise.resolve().then(() => require('./adminAuth'));
-        }
-        return adminAuth;
-    });
-}
 let pecorinoapi;
 function loadPecorinoapi() {
     return __awaiter(this, void 0, void 0, function* () {

package/lib/chevre/repo/acceptedOffer.d.ts

@@ -20,7 +20,9 @@ export declare class AcceptedOfferRepo {
     /**
      * オファー展開の注文検索
      */
-    searchWithUnwoundAcceptedOffers(params: factory.order.ISearchConditions, projection?: IProjection4searchWithUnwoundAcceptedOffers): Promise<factory.order.IOrder[]>;
+    searchWithUnwoundAcceptedOffers(params: factory.order.ISearchConditions, projection: IProjection4searchWithUnwoundAcceptedOffers, options: {
+        useLimitAfterSkip: boolean;
+    }): Promise<factory.order.IOrder[]>;
     aggreateOwnershipInfosByOrder(filter: {
         orderNumber: {
             $eq: string;

package/lib/chevre/repo/acceptedOffer.js

@@ -24,9 +24,10 @@ class AcceptedOfferRepo {
     /**
      * オファー展開の注文検索
      */
-    searchWithUnwoundAcceptedOffers(params, projection) {
+    searchWithUnwoundAcceptedOffers(params, projection, options) {
         return __awaiter(this, void 0, void 0, function* () {
             var _a;
+            const { useLimitAfterSkip } = options;
             const conditions = order_2.OrderRepo.CREATE_MONGO_CONDITIONS(params);
             const aggregate = this.orderModel.aggregate();
             // pipelineの順序に注意
@@ -43,8 +44,15 @@ class AcceptedOfferRepo {
             aggregate.project(Object.assign(Object.assign({}, projection), { acceptedOffers: ['$acceptedOffers'] }));
             if (typeof params.limit === 'number' && params.limit > 0) {
                 const page = (typeof params.page === 'number' && params.page > 0) ? params.page : 1;
-                aggregate.limit(params.limit * page)
-                    .skip(params.limit * (page - 1));
+                // support skip -> limit(2025-07-09~)
+                if (useLimitAfterSkip) {
+                    aggregate.skip(params.limit * (page - 1))
+                        .limit(params.limit);
+                }
+                else {
+                    aggregate.limit(params.limit * page)
+                        .skip(params.limit * (page - 1));
+                }
             }
             return aggregate
                 // .allowDiskUse(true) // false化(2023-11-30~)

package/lib/chevre/repo/confirmationNumber.d.ts

@@ -1,14 +1,10 @@
 import type { Connection } from 'mongoose';
-import { RedisClientType } from 'redis';
-import { ISetting } from './mongoose/schemas/setting';
 /**
  * 確認番号リポジトリ
  */
 export declare class ConfirmationNumberRepo {
-    private readonly settingModel;
     private readonly counterRepo;
     constructor(params: {
-        redisClient: RedisClientType;
         connection: Connection;
     });
     private static alignDigits;
@@ -20,11 +16,4 @@ export declare class ConfirmationNumberRepo {
     publish(params: {
         orderDate: Date;
     }): Promise<string>;
-    /**
-     * DB移行時のみに使用目的の設定更新
-     */
-    setUseMongo4confirmationNumberFrom(params: {
-        useMongo4confirmationNumberFrom: Date;
-    }): Promise<Pick<ISetting, "useMongo4confirmationNumberFrom"> | null>;
-    private useMongoBySettings;
 }

package/lib/chevre/repo/confirmationNumber.js

@@ -12,9 +12,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ConfirmationNumberRepo = void 0;
 const cdigit = require("cdigit");
 const moment = require("moment-timezone");
+// import { RedisClientType } from 'redis';
 // tslint:disable-next-line:no-require-imports no-var-requires
 const fpe = require('node-fpe');
-const setting_1 = require("./mongoose/schemas/setting");
+// import { createSchema as createSettingSchema, modelName as settingModelName } from './mongoose/schemas/setting';
 const transactionNumber_1 = require("./mongoose/schemas/transactionNumber");
 const transactionNumberCounter_1 = require("./transactionNumberCounter");
 const CONFIRMATION_NUMBER_MIN_LENGH = 4;
@@ -24,8 +25,8 @@ const TIMEZONE = 'Asia/Tokyo';
  */
 class ConfirmationNumberRepo {
     constructor(params) {
-        const { connection } = params;
-        this.settingModel = connection.model(setting_1.modelName, (0, setting_1.createSchema)());
+        // const { connection } = params;
+        // this.settingModel = connection.model(settingModelName, createSettingSchema());
         this.counterRepo = new transactionNumberCounter_1.TransactionNumberCounterRepo(params);
     }
     static alignDigits(params) {
@@ -72,59 +73,19 @@ class ConfirmationNumberRepo {
             const dataFeedIdentifier = ConfirmationNumberRepo.createDataFeedIdentifier({ orderDate: params.orderDate });
             let incrReply;
             // support publishByMongo(2025-05-23~)
-            const useMongoBySettings = yield this.useMongoBySettings(params);
-            if (useMongoBySettings) {
-                // データ保管期間はとりあえず2 months
-                dataFeedExpires = moment(params.orderDate)
-                    // tslint:disable-next-line:no-magic-numbers
-                    .add(2, 'months')
-                    .toDate();
-                incrReply = yield this.counterRepo.incrementByMongo({
-                    identifier: dataFeedIdentifier,
-                    includedInDataCatalog: { identifier: transactionNumber_1.DataCatalogIdentifier.confirmationNumber },
-                    expires: dataFeedExpires
-                });
-            }
-            else {
-                // データ保管期間はとりあえず一か月
-                dataFeedExpires = moment(params.orderDate)
-                    .add(1, 'month')
-                    .toDate();
-                incrReply = yield this.counterRepo.incrementByRedis({
-                    identifier: dataFeedIdentifier,
-                    includedInDataCatalog: { identifier: transactionNumber_1.DataCatalogIdentifier.confirmationNumber },
-                    expires: dataFeedExpires
-                });
-            }
+            // const useMongoBySettings = await this.useMongoBySettings(params);
+            // データ保管期間はとりあえず2 months
+            dataFeedExpires = moment(params.orderDate)
+                // tslint:disable-next-line:no-magic-numbers
+                .add(2, 'months')
+                .toDate();
+            incrReply = yield this.counterRepo.incrementByMongo({
+                identifier: dataFeedIdentifier,
+                includedInDataCatalog: { identifier: transactionNumber_1.DataCatalogIdentifier.confirmationNumber },
+                expires: dataFeedExpires
+            });
             return ConfirmationNumberRepo.count2confirmationNumber({ count: incrReply });
         });
     }
-    /**
-     * DB移行時のみに使用目的の設定更新
-     */
-    setUseMongo4confirmationNumberFrom(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { useMongo4confirmationNumberFrom } = params;
-            return this.settingModel.findOneAndUpdate({ 'project.id': { $eq: '*' } }, {
-                $set: { useMongo4confirmationNumberFrom }
-            }, { projection: { _id: 0, useMongo4confirmationNumberFrom: 1 } })
-                .lean()
-                .exec();
-        });
-    }
-    useMongoBySettings(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const setting = yield this.settingModel.findOne({ 'project.id': { $eq: '*' } }, {
-                _id: 0,
-                useMongo4confirmationNumberFrom: 1
-            })
-                .lean()
-                .exec();
-            const useMongo4confirmationNumberFrom = setting === null || setting === void 0 ? void 0 : setting.useMongo4confirmationNumberFrom;
-            return useMongo4confirmationNumberFrom instanceof Date
-                && moment(params.orderDate)
-                    .isSameOrAfter(moment(useMongo4confirmationNumberFrom));
-        });
-    }
 }
 exports.ConfirmationNumberRepo = ConfirmationNumberRepo;