npm - @chevre/domain - Versions diffs - 22.11.0-alpha.2 → 22.11.0-alpha.20 - Mend

@chevre/domain 22.11.0-alpha.2 → 22.11.0-alpha.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/example/src/chevre/roles/removeConsolePermissionIfExists.ts ADDED Viewed

@@ -0,0 +1,38 @@
+// tslint:disable:no-console
+import * as mongoose from 'mongoose';
+import { chevre } from '../../../../lib/index';
+async function main() {
+    await mongoose.connect(<string>process.env.MONGOLAB_URI, { autoIndex: false });
+    const roleRepo = await chevre.repository.Role.createInstance(mongoose.connection);
+    const permissions = [
+        'assetTransactions.cancelReservation.write',
+        'orders.read',
+        'orders.update',
+        'reservations.attended',
+        'reservations.read'
+    ];
+    for (const permission of permissions) {
+        const roles = await roleRepo.projectFields(
+            {
+                permissions: { $eq: permission }
+            },
+            ['roleName']
+        );
+        console.log(roles, permission);
+        for (const { roleName } of roles) {
+            const result = await roleRepo.removePermissionIfExists({
+                roleName: { $eq: roleName },
+                permission
+            });
+            console.log('permission removed.', permission, result, roleName);
+        }
+    }
+}
+main()
+    .then()
+    .catch(console.error);

package/example/src/chevre/roles/removePermissionFromAPIRoles.ts ADDED Viewed

@@ -0,0 +1,46 @@
+// tslint:disable:no-console
+import * as mongoose from 'mongoose';
+import { chevre } from '../../../../lib/index';
+async function main() {
+    await mongoose.connect(<string>process.env.MONGOLAB_URI, { autoIndex: false });
+    const roleRepo = await chevre.repository.Role.createInstance(mongoose.connection);
+    const permissions = [
+        'categoryCodes.read',
+        'creativeWorks.read',
+        'events.read',
+        'places.read',
+        'products.read',
+        'sellers.read'
+    ];
+    for (const permission of permissions) {
+        const roles = await roleRepo.projectFields(
+            {
+                permissions: { $eq: permission },
+                roleName: {
+                    $in: [
+                        chevre.factory.role.organizationRole.RoleName.Customer,
+                        chevre.factory.role.organizationRole.RoleName.POS,
+                        chevre.factory.role.organizationRole.RoleName.EventsViewer
+                    ]
+                }
+            },
+            ['roleName']
+        );
+        console.log('roles found.', roles, permission);
+        for (const { roleName } of roles) {
+            const result = await roleRepo.removePermissionIfExists({
+                roleName: { $eq: roleName },
+                permission
+            });
+            console.log('permission removed.', permission, result, roleName);
+        }
+    }
+}
+main()
+    .then()
+    .catch(console.error);

package/example/src/chevre/roles/removePermissionIfExists.ts ADDED Viewed

@@ -0,0 +1,39 @@
+// tslint:disable:no-console
+import * as mongoose from 'mongoose';
+import { chevre } from '../../../../lib/index';
+async function main() {
+    await mongoose.connect(<string>process.env.MONGOLAB_URI, { autoIndex: false });
+    const roleRepo = await chevre.repository.Role.createInstance(mongoose.connection);
+    const permissions = [
+        'tokens',
+        'authorizations.create',
+        'permits.read',
+        'tasks.read',
+        'transactionNumbers.write',
+        'chevre.admin'
+    ];
+    for (const permission of permissions) {
+        const roles = await roleRepo.projectFields(
+            {
+                permissions: { $eq: permission }
+            },
+            ['roleName']
+        );
+        console.log(roles, permission);
+        for (const { roleName } of roles) {
+            const result = await roleRepo.removePermissionIfExists({
+                roleName: { $eq: roleName },
+                permission
+            });
+            console.log('permission removed.', permission, result, roleName);
+        }
+    }
+}
+main()
+    .then()
+    .catch(console.error);

package/example/src/chevre/settings/addSettings.ts CHANGED Viewed

@@ -3,28 +3,34 @@ import * as mongoose from 'mongoose';
 import { chevre } from '../../../../lib/index';
+const { INFORM_TASK_AGG_URL } = process.env;
+if (typeof INFORM_TASK_AGG_URL !== 'string') {
+    throw new Error('INFORM_TASK_AGG_URL required');
+}
 async function main() {
     await mongoose.connect(<string>process.env.MONGOLAB_URI, { autoIndex: false });
     const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
-    const setting = await settingRepo.findOne({ project: { id: { $eq: '*' } } }, ['onOrderStatusChanged']);
-    const useInformReturnAction = (<any>setting)?.onOrderStatusChanged?.useInformReturnAction === true;
-    if (useInformReturnAction) {
-        console.log('already useInformReturnAction:true');
-    } else {
-        // update
-        await settingRepo.updateByProject4migration(
-            { project: { id: { $eq: '*' } } },
-            {
-                $set: {
-                    'onOrderStatusChanged.useInformReturnAction': true
-                }
+    // const setting = await settingRepo.findOne({ project: { id: { $eq: '*' } } }, ['onTaskStatusChanged']);
+    // update
+    await settingRepo.updateByProject(
+        { project: { id: { $eq: '*' } } },
+        {
+            onTaskStatusChanged: {
+                informTask: [{
+                    recipient: {
+                        name: 'Aggregation Service',
+                        url: INFORM_TASK_AGG_URL
+                    }
+                }],
+                informTaskNames: [
+                    chevre.factory.taskName.Pay
+                ]
             }
-        );
-        console.log('updated.');
-    }
+        }
+    );
+    console.log('updated.');
 }
 main()

package/example/src/chevre/stockHolder/checkRedisKeyCount.ts CHANGED Viewed

@@ -38,7 +38,6 @@ function countRedisKeyByProject(params: {
             {
                 'project.id': {
                     $eq: params.project.id
-                    // $in: useMongoAsStockHolderProjects
                 },
                 // startDate: {
                 //     $gte: params.now
@@ -93,30 +92,22 @@ function countRedisKeyByProject(params: {
 async function main() {
     const eventRepo = await chevre.repository.Event.createInstance(mongoose.connection);
     const projectRepo = await chevre.repository.Project.createInstance(mongoose.connection);
-    const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
+    // const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
     const stockHolderRepo = await chevre.repository.StockHolder.createInstance(
         client,
         mongoose.connection
     );
-    const setting = await settingRepo.findOne(
-        { project: { id: { $eq: '*' } } },
-        ['useMongoAsStockHolderProjects', 'useMongoAsStockHolder']
-    );
-    const useMongoAsStockHolder = setting?.useMongoAsStockHolder === true;
-    let useMongoAsStockHolderProjects =
-        (Array.isArray(setting?.useMongoAsStockHolderProjects)) ? setting?.useMongoAsStockHolderProjects : [];
-    if (useMongoAsStockHolder) {
-        // 全プロジェクト
-        useMongoAsStockHolderProjects = (await projectRepo.projectFields(
-            {
-                // id: { $eq: 'xxx' }
-            },
-            ['id']
-        )).map(({ id }) => id);
-    }
+    let checkingProjects: string[] = [];
+    // 全プロジェクト
+    checkingProjects = (await projectRepo.projectFields(
+        {
+            // id: { $eq: 'xxx' }
+        },
+        ['id']
+    )).map(({ id }) => id);
-    useMongoAsStockHolderProjects = useMongoAsStockHolderProjects.filter((id) => id.slice(0, 6) !== 'sskts-');
+    checkingProjects = checkingProjects.filter((id) => id.slice(0, 6) !== 'sskts-');
     const results: {
         project: { id: string };
@@ -127,7 +118,7 @@ async function main() {
     const now = moment()
         .add(0, 'days')
         .toDate();
-    for (const projectId of useMongoAsStockHolderProjects) {
+    for (const projectId of checkingProjects) {
         const { checkedCount, redisKeyCount } = await countRedisKeyByProject({
             project: { id: projectId },
             now

package/example/src/chevre/unsetUnnecessaryFields.ts CHANGED Viewed

@@ -9,17 +9,20 @@ import { chevre } from '../../../lib/index';
 async function main() {
     await mongoose.connect(<string>process.env.MONGOLAB_URI, { autoIndex: false });
-    const aggregateOfferRepo = await chevre.repository.AggregateOffer.createInstance(mongoose.connection);
+    const settingRepo = await chevre.repository.Setting.createInstance(mongoose.connection);
     let updateResult: any;
-    updateResult = await aggregateOfferRepo.unsetUnnecessaryFields({
+    updateResult = await settingRepo.unsetUnnecessaryFields({
         filter: {
-            'offers.includedInDataCatalog.id': { $exists: true }
-            // _id: { $eq: 'blj55y1mo' }
+            'project.id': { $eq: '*' }
         },
         $unset: {
-            'offers.0.includedInDataCatalog': 1
+            useMongoAsStockHolder: 1,
+            useMongoAsStockHolderProjects: 1
+            // useMongo4confirmationNumberFrom: 1,
+            // useMongo4orderNumberFrom: 1,
+            // useMongo4transactionNumberFrom: 1
         }
     });
     console.log(updateResult);

package/example/src/idaas/auth0/adminApplications.ts ADDED Viewed

@@ -0,0 +1,183 @@
+// tslint:disable:no-implicit-dependencies no-console no-magic-numbers
+import { ManagementClient } from 'auth0';
+import { readFileSync } from 'fs';
+import * as moment from 'moment';
+// import * as crypto from 'crypto'; // client_secret 生成用 (PKJWTなしの場合)
+// import { JWK, importPKCS8, generateKeyPair, SignJWT } from 'jose'; // Private Key JWT 用
+const PUBLIC_KEY_FILE_PATH = `${__dirname}/../../samplePublicKey.pem`;
+const { AUTH0_DOMAIN, AUTH0_MGMT_CLIENT_ID, AUTH0_MGMT_CLIENT_SECRET, AUTH0_MGMT_API_AUDIENCE, AUTH0_AUDIENCE } = process.env;
+if (typeof AUTH0_DOMAIN !== 'string'
+    || typeof AUTH0_MGMT_CLIENT_ID !== 'string'
+    || typeof AUTH0_MGMT_CLIENT_SECRET !== 'string'
+    || typeof AUTH0_MGMT_API_AUDIENCE !== 'string'
+    || typeof AUTH0_AUDIENCE !== 'string'
+) {
+    throw new Error('set envs!');
+}
+// --- Auth0 ManagementClient の初期化 ---
+const management = new ManagementClient({
+    domain: AUTH0_DOMAIN,
+    clientId: AUTH0_MGMT_CLIENT_ID,
+    clientSecret: AUTH0_MGMT_CLIENT_SECRET,
+    audience: AUTH0_MGMT_API_AUDIENCE
+    // scope: 'read:clients create:clients' // 必要なスコープを明示
+});
+async function sleep(waitInSeconds: number) {
+    await new Promise<void>((resolve) => {
+        setTimeout(
+            () => {
+                resolve();
+            },
+            waitInSeconds
+        );
+    });
+}
+/**
+ * アプリケーションを検索し、存在しなければ作成します。
+ * Private Key JWT 認証を使用する前提。
+ */
+async function findOrCreateServiceAccount(
+    appName: string,
+    projectId: string,
+    roles: string[],
+    audience: string
+) {
+    try {
+        console.log('getting organization...');
+        const getOrganizationResponse = await management.organizations.getByName({
+            name: projectId
+        });
+        const organization = getOrganizationResponse.data;
+        console.log('organization exists.', organization);
+        const newClient = (await management.clients.create({
+            name: appName,
+            app_type: 'non_interactive', // Machine to Machine アプリケーション
+            jwt_configuration: { // Private Key JWT の設定
+                alg: 'RS256' // 署名アルゴリズム
+            },
+            // token_endpoint_auth_method: 'client_secret_post',
+            client_authentication_methods: {
+                private_key_jwt: {
+                    credentials: [{
+                        alg: 'RS256',
+                        /**
+                         * Credential type. Supported types: public_key.
+                         *
+                         */
+                        credential_type: 'public_key',
+                        // name?: string;
+                        pem: readFileSync(PUBLIC_KEY_FILE_PATH, 'utf8')
+                    }]
+                }
+            },
+            grant_types: ['client_credentials'],
+            organization_usage: 'require', // 組織での利用を許可
+            default_organization: {
+                organization_id: organization.id,
+                flows: ['client_credentials']
+            },
+            oidc_conformant: true,
+            client_metadata: {
+                roles: JSON.stringify(roles)
+            }
+        })).data;
+        console.log(`Successfully created new application: ${newClient.client_id} (${newClient.name})`);
+        console.log(`checking clientGrant... ${newClient.client_id} (${newClient.name})`);
+        await sleep(3000);
+        let clientGrant = (await management.clientGrants.getAll({
+            audience,
+            client_id: newClient.client_id
+        })).data.shift();
+        if (clientGrant === undefined) {
+            clientGrant = (await management.clientGrants.create({
+                client_id: newClient.client_id,
+                audience,
+                organization_usage: 'require',
+                allow_any_organization: false,
+                scope: ['iam.members.me.read']
+            })).data;
+            console.log(`clientGrant created. ${newClient.client_id} (${newClient.name})`);
+        } else {
+            console.log(`clientGrant already exists. ${newClient.client_id} (${newClient.name})`);
+        }
+        console.log(`checking organizationClientGrant... ${newClient.client_id} (${newClient.name})`);
+        await sleep(3000);
+        const organizationClientGrant = (await management.organizations.getOrganizationClientGrants({
+            id: organization.id,
+            audience: 'https://development.apis.smart-theater.com',
+            client_id: newClient.client_id
+        })).data.shift();
+        if (organizationClientGrant === undefined) {
+            await management.organizations.postOrganizationClientGrants(
+                {
+                    id: organization.id
+                },
+                {
+                    grant_id: clientGrant.id
+                }
+            );
+            console.log(`organizationClientGrant created. ${newClient.client_id} (${newClient.name})`);
+        } else {
+            console.log(`organizationClientGrant already exists. ${newClient.client_id} (${newClient.name})`);
+        }
+        // 1. アプリケーションを検索 (名前で検索するのが一般的)
+        console.log('searching for applications...');
+        await sleep(3000);
+        await searchClients({ organization });
+    } catch (error) {
+        console.error(`Error finding or creating application: ${error.message}`);
+        throw error;
+    }
+}
+async function searchClients(params: {
+    organization: { id: string };
+}) {
+    const existingApps = await management.clients.getAll({
+        include_totals: true,
+        // app_type: 'non_interactive',
+        // is_global: false,
+        // page: 0,
+        // per_page: 50,
+        // q: `name:"${appName}"`, // 名前で検索
+        q: `client_grant.organization_id:"${params.organization.id}"`,
+        // from: undefined,
+        take: 50
+        // is_client_credentials: true // Machine to Machine アプリケーションに絞る
+    });
+    const clients = existingApps.data.clients;
+    console.log(clients.length, 'existingApps exist.', clients);
+    console.log(clients.length, 'clients found.');
+}
+export async function run() {
+    if (typeof AUTH0_AUDIENCE !== 'string') {
+        throw new Error('set envs!');
+    }
+    try {
+        await findOrCreateServiceAccount(
+            `sampleServiceAccount-${moment()
+                .format('YYYY-MM-DDTHH:mm:ss')}`,
+            'cinerino',
+            ['inventoryManager', 'user'],
+            AUTH0_AUDIENCE
+        );
+    } catch (error) {
+        console.error('Failed to run provisioning script:', error);
+    }
+}
+run();

package/example/src/idaas/auth0/getToken.ts ADDED Viewed

@@ -0,0 +1,55 @@
+// tslint:disable:no-implicit-dependencies no-console
+interface IAuth0Config {
+    auth0Domain: string;
+    clientId: string;
+    clientSecret: string;
+    audience: string;
+}
+// 環境変数から機密情報を取得することを強く推奨します
+const config: IAuth0Config = {
+    auth0Domain: String(process.env.AUTH0_DOMAIN),
+    clientId: String(process.env.AUTH0_CLIENT_ID),
+    clientSecret: String(process.env.AUTH0_CLIENT_SECRET),
+    audience: String(process.env.AUTH0_AUDIENCE)
+    // scopes: process.env.OKTA_SCOPES || 'api_access_scope openid', // 必要なスコープを指定
+    // authServerId: 'aussd9v86wlIar3cX697', // デフォルト承認サーバーを使用する場合はコメントアウトまたは指定しない
+};
+async function getToken() {
+    try {
+        const response = await fetch(
+            `https://${config.auth0Domain}/oauth/token`,
+            {
+                method: 'POST',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({
+                    client_id: config.clientId,
+                    client_secret: config.clientSecret,
+                    audience: config.audience,
+                    grant_type: 'client_credentials'
+                    // organization: 'org_zuMP9ng42QSgZ5Kn'
+                })
+            });
+        if (!response.ok) {
+            console.log(await response.json());
+            throw new Error('Network response was not ok');
+        }
+        const data = await response.json();
+        console.log(data);
+        return data;
+    } catch (error) {
+        console.error('Error fetching token:', error);
+    }
+}
+export async function main() {
+    const token = await getToken();
+    console.log(token);
+}
+main()
+    .catch(console.error);

package/example/src/idaas/auth0/getTokenByPrivateKeyJWT.ts ADDED Viewed

@@ -0,0 +1,84 @@
+// tslint:disable:no-implicit-dependencies no-console
+import * as crypto from 'crypto';
+import { readFileSync } from 'fs';
+import { SignJWT } from 'jose';
+import * as uuid from 'uuid';
+const PRIVATE_KEY_FILE_PATH = `${__dirname}/../../samplePrivateKey.pem`;
+interface IAuth0Config {
+    auth0Domain: string;
+    clientId: string;
+    privateKeyContent: string; // PEM形式の秘密鍵の内容 (例: fs.readFileSync('private_key.pem', 'utf8'))
+    audience: string;
+}
+// 環境変数から機密情報を取得することを強く推奨します
+const auth0config: IAuth0Config = {
+    auth0Domain: String(process.env.AUTH0_DOMAIN),
+    clientId: String(process.env.AUTH0_CLIENT_ID),
+    // keyId: 'xxx',
+    privateKeyContent: readFileSync(PRIVATE_KEY_FILE_PATH, 'utf8'), // 秘密鍵の内容を読み込む
+    audience: String(process.env.AUTH0_AUDIENCE)
+    // scopes: process.env.OKTA_SCOPES || 'api_access_scope openid', // 必要なスコープを指定
+    // authServerId: 'aussd9v86wlIar3cX697', // デフォルト承認サーバーを使用する場合はコメントアウトまたは指定しない
+};
+async function generateJwtAssertion(config: IAuth0Config) {
+    const privateKeyPEM = crypto.createPrivateKey(readFileSync(PRIVATE_KEY_FILE_PATH, 'utf8'));
+    return new SignJWT({})
+        .setProtectedHeader({
+            alg: 'RS256' // or RS384 or PS256
+            // kid: '(OPTIONAL) KID_GENERATED_BY_AUTH0'
+        })
+        .setIssuedAt()
+        .setIssuer(config.clientId)
+        .setSubject(config.clientId)
+        .setAudience(`https://${config.auth0Domain}/`)
+        .setExpirationTime('1m')
+        .setJti(uuid.v4())
+        .sign(privateKeyPEM);
+}
+async function getToken() {
+    try {
+        const jwtAssertion = await generateJwtAssertion(auth0config);
+        console.log('jwtAssertion:', jwtAssertion);
+        const body = new URLSearchParams({
+            grant_type: 'client_credentials',
+            client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+            client_assertion: jwtAssertion,
+            audience: auth0config.audience
+            // scope: config.scopes,
+        }).toString();
+        const response = await fetch(
+            `https://${auth0config.auth0Domain}/oauth/token`,
+            {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: body
+            });
+        if (!response.ok) {
+            console.log(await response.json());
+            throw new Error('Network response was not ok');
+        }
+        const data = await response.json();
+        console.log(data);
+        return data;
+    } catch (error) {
+        console.error('Error fetching token:', error);
+    }
+}
+export async function main() {
+    const token = await getToken();
+    console.log(token);
+}
+main()
+    .catch(console.error);

package/example/src/regex.ts ADDED Viewed

@@ -0,0 +1,31 @@
+// tslint:disable:no-console
+const projectIdMustBe = /^[0-9a-z-]+$/; // 記号はhyphenのみ許可
+let projectId: string;
+projectId = 'projectId';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = 'projectid';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = 'abcd1234-test';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = 'a-z';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = '0-9';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = '---';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = '-';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = '&';
+console.log(projectId, ':', projectIdMustBe.test(projectId));
+projectId = 'A';
+console.log(projectId, ':', projectIdMustBe.test(projectId));

package/lib/chevre/eventEmitter/task.d.ts CHANGED Viewed

@@ -12,30 +12,39 @@ interface IExecuteSettings {
      */
     redisClient?: RedisClientType;
 }
-type IOperationExecute<T> = (settings: IExecuteSettings) => Promise<T>;
-type INextFunction = (task: Pick<factory.task.ITask<factory.taskName>, 'id'>) => IOperationExecute<void>;
 interface IReadyTask {
     id: string;
     name?: factory.taskName;
     status: factory.taskStatus.Ready;
+    remainingNumberOfTries?: never;
     expires?: Date;
     executionResult?: never;
 }
 interface IRunningTask {
     id: string;
     status: factory.taskStatus.Running;
+    remainingNumberOfTries?: never;
     name?: never;
     expires?: never;
     executionResult?: never;
 }
+/**
+ * 実行されたタスクイベント
+ */
 interface IExecutedTask {
     id: string;
-    status: factory.taskStatus;
+    status: factory.taskStatus.Executed | factory.taskStatus.Running | factory.taskStatus.Aborted;
     executionResult: factory.task.IExecutionResult;
-    name?: never;
+    /**
+     * 実行されたタスクの残り試行回数
+     */
+    remainingNumberOfTries: number;
+    name: factory.taskName;
     expires?: never;
 }
 type IChangedTask = IReadyTask | IRunningTask | IExecutedTask;
+type IOperationExecute<T> = (settings: IExecuteSettings) => Promise<T>;
+type INextFunction = (task: IExecutedTask) => IOperationExecute<void>;
 type IOnTaskStatusChangedListener = (task: IChangedTask, next?: INextFunction) => void;
 /**
  * タスクイベントエミッター

package/lib/chevre/index.d.ts CHANGED Viewed

@@ -3,7 +3,6 @@
  */
 import type * as COAService from '@motionpicture/coa-service';
 import type * as GMOService from '@motionpicture/gmo-service';
-import type * as AdminAuth from './adminAuth';
 import type * as Pecorinoapi from './pecorinoapi';
 import { credentials } from './credentials';
 import * as errorHandler from './errorHandler';
@@ -13,7 +12,6 @@ import * as repository from './repository';
 import * as service from './service';
 import * as settings from './settings';
 export { credentials, errorHandler, eventEmitter, factory, repository, service, settings };
-export declare function loadAdminAuth(): Promise<typeof AdminAuth>;
 export declare function loadPecorinoapi(): Promise<typeof Pecorinoapi>;
 export type COA = typeof COAService;
 export declare function loadCOA(): Promise<typeof COAService>;