@cloudbase/oauth 0.0.5-alpha.0 → 1.0.0-alpha.2

package/src/auth/apis.ts

@@ -24,16 +24,27 @@ import {
   UnbindProviderRequest,
   CheckPasswordrRequest,
   BindPhoneRequest,
+  BindEmailRequest,
   SetPasswordRequest,
   ChangeBindedProviderRequest,
   ChangeBindedProviderResponse,
-  QueryUserProfileReq,
+  UpdatePasswordRequest,
+  SudoResponse,
+  SudoRequest,
+  GetCustomSignTicketFn,
+  QueryUserProfileRequest,
+  QueryUserProfileResponse,
+  ResetPasswordRequest,
+  DeviceAuthorizeRequest,
+  DeviceAuthorizeResponse,
+  CheckUsernameRequest,
+  CheckIfUserExistRequest,
+  CheckIfUserExistResponse
 } from './models';
 import { SimpleStorage, RequestFunction } from '../oauth2client/interface';
 import { OAuth2Client, defaultStorage } from '../oauth2client/oauth2client';
 import { Credentials } from '../oauth2client/models';
 import { Captcha } from '../captcha/captcha';
-import { ICloudbase } from '@cloudbase/types';
 
 
 export interface AuthOptions {
@@ -42,7 +53,6 @@ export interface AuthOptions {
   credentialsClient?: OAuth2Client;
   request?: RequestFunction;
   storage?: SimpleStorage;
-  _fromApp?: ICloudbase // 所属cloudbase app对象
 }
 
 /**
@@ -50,6 +60,8 @@ export interface AuthOptions {
  */
 export class Auth {
   private _config: AuthOptions;
+  private _getCustomSignTicketFn?: GetCustomSignTicketFn;
+
 
   /**
    * constructor
@@ -90,7 +102,6 @@ export class Auth {
    * @return {Promise<Credentials>} A Promise<Credentials> object.
    */
   public async signIn(params: SignInRequest): Promise<Credentials> {
-    params.client_id = this._config.clientId;
     const credentials: Credentials = await this._config.request<Credentials>(
       ApiUrls.AUTH_SIGN_IN_URL,
       {
@@ -111,9 +122,7 @@ export class Auth {
       ApiUrls.AUTH_SIGN_IN_ANONYMOUSLY_URL,
       {
         method: 'POST',
-        body: {
-          client_id: this._config.clientId
-        }
+        body: {}
       },
     );
     await this._config.credentialsClient.setCredentials(credentials);
@@ -125,8 +134,7 @@ export class Auth {
    * @param {SignUpRequest} params A SignUpRequest Object.
    * @return {Promise<Credentials>} A Promise<Credentials> object.
    */
-  protected async signUp(params: SignUpRequest): Promise<Credentials> {
-    params.client_id = this._config.clientId;
+  public async signUp(params: SignUpRequest): Promise<Credentials> {
     const data: Credentials = await this._config.request<Credentials>(
       ApiUrls.AUTH_SIGN_UP_URL,
       {
@@ -147,7 +155,6 @@ export class Auth {
     const data = await this._config.request(ApiUrls.AUTH_REVOKE_URL, {
       method: 'POST',
       body: {
-        client_id: this._config.clientId,
         token: accessToken,
       },
     });
@@ -163,13 +170,23 @@ export class Auth {
   public async getVerification(
     params: GetVerificationRequest,
   ): Promise<GetVerificationResponse> {
-    params.client_id = this._config.clientId;
+    let withCredentials = false;
+    // 发送短信时，如果时给当前用户发，则需要带上鉴权信息
+    if (params.target == 'CUR_USER') {
+      withCredentials = true
+    } else {
+      const hasLogin = await this.hasLoginState()
+      if (hasLogin) {
+        withCredentials = true
+      }
+    }
     return this._config.request<GetVerificationResponse>(
       ApiUrls.VERIFICATION_URL,
       {
         method: 'POST',
         body: params,
-        withCaptcha: true
+        withCaptcha: true,
+        withCredentials: withCredentials,
       },
     );
   }
@@ -180,7 +197,6 @@ export class Auth {
    * @return {Promise<VerifyResponse>} A Promise<VerifyResponse> object.
    */
   public async verify(params: VerifyRequest): Promise<VerifyResponse> {
-    params.client_id = this._config.clientId;
     return this._config.request<VerifyResponse>(ApiUrls.VERIFY_URL, {
       method: 'POST',
       body: params,
@@ -221,7 +237,6 @@ export class Auth {
   public async grantProviderToken(
     params: GrantProviderTokenRequest,
   ): Promise<GrantProviderTokenResponse> {
-    params.client_id = this._config.clientId;
     return this._config.request<GrantProviderTokenResponse>(
       ApiUrls.PROVIDER_TOKEN_URL,
       {
@@ -239,7 +254,6 @@ export class Auth {
   public async patchProviderToken(
     params: PatchProviderTokenRequest,
   ): Promise<PatchProviderTokenResponse> {
-    params.client_id = this._config.clientId;
     return this._config.request<PatchProviderTokenResponse>(
       ApiUrls.PROVIDER_TOKEN_URL,
       {
@@ -257,7 +271,6 @@ export class Auth {
   public async signInWithProvider(
     params: SignInWithProviderRequest,
   ): Promise<Credentials> {
-    params.client_id = this._config.clientId;
     const credentials: Credentials = await this._config.request<Credentials>(
       ApiUrls.AUTH_SIGN_IN_WITH_PROVIDER_URL,
       {
@@ -277,7 +290,6 @@ export class Auth {
   public async bindWithProvider(
     params: BindWithProviderRequest,
   ): Promise<void> {
-    params.client_id = this._config.clientId;
     return this._config.request<any>(ApiUrls.PROVIDER_BIND_URL, {
       method: 'POST',
       body: params,
@@ -310,9 +322,6 @@ export class Auth {
       userInfo.uid = userInfo.sub
     }
 
-    if (userInfo.name) {
-      userInfo.username = userInfo.name
-    }
     return userInfo;
   }
 
@@ -362,7 +371,6 @@ export class Auth {
    * @return {Promise<Credentials>} A Promise<Credentials> object.
    */
   public async grantToken(params: GrantTokenRequest): Promise<Credentials> {
-    params.client_id = this._config.clientId;
     return this._config.request<Credentials>(ApiUrls.AUTH_TOKEN_URL, {
       method: 'POST',
       body: params,
@@ -386,7 +394,6 @@ export class Auth {
    * @return {Promise<any>}
    */
   public async unbindProvider(params: UnbindProviderRequest): Promise<void> {
-    params.client_id = this._config.clientId;
     return this._config.request<any>(
       `${ApiUrls.PROVIDER_UNBIND_URL}/${params.provider_id}`,
       {
@@ -415,7 +422,20 @@ export class Auth {
    * @return {Promise<any>}
    */
   public async bindPhone(params: BindPhoneRequest): Promise<void> {
-    return this._config.request<any>(`${ApiUrls.BIND_PHONE_URL}`, {
+    return this._config.request<any>(`${ApiUrls.BIND_CONTACT_URL}`, {
+      method: 'PATCH',
+      withCredentials: true,
+      body: params,
+    });
+  }
+
+  /**
+   * check Password.
+   * @param {CheckPasswordrRequest} params
+   * @return {Promise<any>}
+   */
+  public async bindEmail(params: BindEmailRequest): Promise<void> {
+    return this._config.request<any>(`${ApiUrls.BIND_CONTACT_URL}`, {
       method: 'PATCH',
       withCredentials: true,
       body: params,
@@ -435,6 +455,33 @@ export class Auth {
     });
   }
 
+  /**
+ * updatePasswordByOld 使用旧密码修改密码，如果已经绑定手机号，请先：sudo，再修改密码
+ * @param {SetPasswordrRequest} params
+ * @return {Promise<any>}
+ */
+  public async updatePasswordByOld(params: UpdatePasswordRequest): Promise<void> {
+    const sudoToken = await this.sudo({ password: params.old_password })
+    return this.setPassword({
+      sudo_token: sudoToken.sudo_token,
+      new_password: params.new_password,
+    })
+  }
+
+
+  /**
+   * sudo
+   * @param {sudo} params
+   * @return {Promise<any>}
+   */
+  public async sudo(params: SudoRequest): Promise<SudoResponse> {
+    return this._config.request<SudoResponse>(`${ApiUrls.SUDO_URL}`, {
+      method: 'POST',
+      withCredentials: true,
+      body: params,
+    });
+  }
+
   /**
    * Get the current user verification.
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
@@ -443,7 +490,6 @@ export class Auth {
   public async getCurUserVerification(
     params: GetVerificationRequest,
   ): Promise<GetVerificationResponse> {
-    params.client_id = this._config.clientId;
     params.target = 'CUR_USER';
     return this._config.request<GetVerificationResponse>(
       ApiUrls.VERIFICATION_URL,
@@ -464,7 +510,6 @@ export class Auth {
   public async changeBindedProvider(
     params: ChangeBindedProviderRequest,
   ): Promise<ChangeBindedProviderResponse> {
-    params.client_id = this._config.clientId;
     return this._config.request<ChangeBindedProviderResponse>(
       `${ApiUrls.PROVIDER_LIST}/${params.provider_id}/trans`,
       {
@@ -496,12 +541,81 @@ export class Auth {
    * @return {Promise<UserProfile>} A Promise<UserProfile> object.
    */
   public async queryUserProfile(
-    appended_params: QueryUserProfileReq,
-  ): Promise<UserProfile> {
-    const url = `${ApiUrls.USER_QUERY_URL}${appended_params}`;
-    return this._config.request<UserProfile>(url, {
+    params: QueryUserProfileRequest,
+  ): Promise<QueryUserProfileResponse> {
+    // let url = new URL(ApiUrls.USER_QUERY_URL);
+    const searchParams = new URLSearchParams(params as any);
+    // url.search = searchParams.toString();
+    return this._config.request<QueryUserProfileResponse>(`${ApiUrls.USER_QUERY_URL}?${searchParams.toString()}`, {
       method: 'GET',
       withCredentials: true,
     });
   }
+
+  /**
+   * setCustomSignFunc set the get ticket function
+   * @param getTickFn
+   */
+  public setCustomSignFunc(getTickFn: GetCustomSignTicketFn) {
+    this._getCustomSignTicketFn = getTickFn
+  }
+
+  /**
+   * SignInWithCustomTicket custom signIn
+   * @constructor
+   */
+  public async signInWithCustomTicket(): Promise<Credentials> {
+    const customTicket = await this._getCustomSignTicketFn()
+    return this.signInWithProvider({
+      provider_id: 'custom',
+      provider_token: customTicket
+    })
+  }
+
+  /**
+   * Reset password
+   * @param {ResetPasswordRequest} params
+   * @returns {Promise<void>}
+   * @memberof Auth
+   */
+  public async resetPassword(params: ResetPasswordRequest): Promise<void> {
+    return this._config.request(ApiUrls.AUTH_SET_PASSWORD, {
+      method: 'POST',
+      body: params,
+      // withCredentials: true
+    })
+  }
+
+  /**
+   * device authorization
+   * @param {DeviceAuthorizeRequest} params
+   * @returns {Promise<DeviceAuthorizeResponse>}
+   * @memberof Auth
+   */
+  public async deviceAuthorize(params: DeviceAuthorizeRequest): Promise<DeviceAuthorizeResponse> {
+    return this._config.request(ApiUrls.AUTH_GET_DEVICE_CODE, {
+      method: 'POST',
+      body: params,
+      withCredentials: true
+    })
+  }
+
+  public async checkUsername(params: CheckUsernameRequest): Promise<void> {
+    return this._config.request(ApiUrls.CHECK_USERNAME, {
+      method: 'GET',
+      body: params,
+      withCredentials: true
+    })
+  }
+
+  public async checkIfUserExist(params: CheckIfUserExistRequest): Promise<CheckIfUserExistResponse> {
+    return this._config.request<CheckIfUserExistResponse>(ApiUrls.CHECK_IF_USER_EXIST, {
+      method: 'POST',
+      body: params,
+    });
+  }
+
+  public async loginScope(): Promise<string> {
+    return this._config.credentialsClient.getScope()
+  }
 }

package/src/auth/consts.ts

@@ -17,8 +17,13 @@ export enum ApiUrls {
   PROVIDER_LIST = '/auth/v1/user/provider',
   PROVIDER_UNBIND_URL = '/auth/v1/user/provider',
   CHECK_PWD_URL = '/auth/v1/user/sudo',
-  BIND_PHONE_URL = '/auth/v1/user/contact',
+  SUDO_URL = '/auth/v1/user/sudo',
+  BIND_CONTACT_URL = '/auth/v1/user/contact',
   AUTH_SET_PASSWORD = '/auth/v1/user/password',
+  AUTH_RESET_PASSWORD = '/auth/v1/reset',
+  AUTH_GET_DEVICE_CODE = '/auth/v1/device/code',
+  CHECK_USERNAME = '/auth/v1/checkUsername',
+  CHECK_IF_USER_EXIST = '/auth/v1/checkIfUserExist'
 }
 
 export enum VerificationUsages {
@@ -28,3 +33,25 @@ export enum VerificationUsages {
   EMAIL_ADDRESS_CHANGE = 'EMAIL_ADDRESS_CHANGE',
   PHONE_NUMBER_CHANGE = 'PHONE_NUMBER_CHANGE',
 }
+
+export enum ErrorType {
+  INVALID_ARGUMENT = 'invalid_argument',
+  DEADLINE_EXCEEDED = 'deadline_exceeded',
+  NOT_FOUND = 'not_found',
+  ALREADY_EXISTS = 'already_exists',
+  PERMISSION_DENIED = 'permission_denied',
+  ABORTED = 'aborted',
+  OUT_OF_RANGE = 'out_of_range',
+  UNIMPLEMENTED = 'unimplemented',
+  INTERNAL = 'internal',
+  UNAVAILABLE = 'unavailable',
+  DATA_LOSS = 'data_loss',
+  // CommonError
+  CAPTCHA_REQUIRED = 'captcha_required',
+  CAPTCHA_INVALID = 'captcha_invalid',
+  INVALID_PASSWORD = 'invalid_password',
+  PASSWORD_NOT_SET = 'password_not_set',
+  INVALID_STATUS = 'invalid_status',
+  USER_PENDING = 'user_pending',
+  USER_BLOCKED = 'user_blocked',
+}

package/src/auth/models.ts

@@ -2,10 +2,11 @@ interface BaseRequest {
   client_id?: string;
 }
 
+export type GetCustomSignTicketFn = () => Promise<string>;
+
 export interface SignInRequest extends BaseRequest {
   username?: string;
   password?: string;
-  verification_code?: string;
   verification_token?: string;
 }
 
@@ -124,6 +125,18 @@ export interface UserProfile {
   created_from?: string;
   sub?: string
   uid?: string
+  address?: {
+    formatted?: string,
+    street_address?: string,
+    locality?: string,
+    region?: string,
+    postal_code?: string,
+    country?: string
+  }
+  nickName?: string // TODO:
+  province?: string // TODO:
+  country?: string // TODO:
+  city?: string // TODO:
 }
 
 export type UserInfo = UserProfile;
@@ -176,3 +189,253 @@ export type ChangeBindedProviderResponse = BaseRequest
 export interface QueryUserProfileReq extends BaseRequest {
   appended_params: string;
 }
+
+export interface SignInWithProviderRequest {
+  provider_token: string;
+  provider_id?: string;
+}
+
+export interface SignUpRequest {
+  phone_number?: string;
+  email?: string;
+
+  verification_code?: string;
+  verification_token?: string;
+  provider_token?: string;
+
+  password?: string;
+  name?: string;
+  gender?: string;
+  picture?: string;
+  locale?: string;
+}
+
+export interface GetVerificationRequest {
+  phone_number?: string;
+  email?: string;
+  // 可选 ANY，USER，NOT_USER, CUR_USER;
+  target?: string | 'ANY';
+  usage?: string;
+}
+
+export interface GetVerificationResponse {
+  verification_id?: string;
+  is_user?: boolean | false;
+}
+
+export interface VerifyResponse {
+  verification_token?: string;
+}
+
+export interface VerifyRequest {
+  verification_code: string;
+  verification_id?: string;
+}
+
+export interface ProviderBindRequest {
+  provider_token: string;
+}
+
+export interface GrantProviderTokenRequest {
+  provider_id: string;
+  provider_redirect_uri?: string;
+  provider_code?: string;
+  provider_access_token?: string;
+  provider_id_token?: string;
+}
+
+export interface GrantProviderTokenResponse {
+  provider_token: string;
+  expires_in: number;
+}
+
+export interface PatchProviderTokenRequest {
+  provider_token: string;
+  provider_params: {
+    encryptedData: string;
+    iv: string;
+  };
+}
+
+export interface PatchProviderTokenResponse {
+  provider_token: string;
+  expires_in: number;
+  provider_profile: ProviderProfile;
+}
+
+export interface GenProviderRedirectUriRequest {
+  provider_id: string;
+  provider_redirect_uri: string;
+  state: string;
+  other_params?: {
+    sign_out_uri?: string;
+  };
+}
+
+export interface GenProviderRedirectUriResponse {
+  uri: string;
+  signout_uri?: string;
+}
+
+export interface BindWithProviderRequest {
+  provider_token: string;
+}
+
+export interface BindWithProviderRequest {
+  provider_token: string;
+}
+
+export interface UserProfileProvider {
+  id?: string;
+  provider_user_id?: string;
+  name?: string;
+}
+
+export interface UserProfile {
+  name?: string;
+  picture?: string;
+  username?: string;
+  email?: string;
+  email_verified?: boolean;
+  phone_number?: string;
+  providers?: [UserProfileProvider];
+  gender?: string;
+  birthdate?: string;
+  zoneinfo?: string;
+  locale?: string;
+  created_from?: string;
+}
+
+export interface ProviderProfile {
+  provider_id: string;
+  phone_number?: string;
+}
+
+export interface TransByProviderRequest {
+  provider_token: string;
+}
+
+export interface GrantTokenRequest {
+  client_secret?: string;
+  code?: string;
+  grant_type?: string;
+  redirect_uri?: string;
+  nonce?: string;
+  refresh_token?: string;
+  scope?: string;
+}
+
+export interface UnbindProviderRequest {
+  provider_id: string;
+}
+
+export interface CheckPasswordrRequest {
+  password: string;
+}
+
+export interface BindPhoneRequest {
+  phone_number: string;
+  sudo_token: string;
+  verification_token: string;
+  conflict_resolution: string
+  // 1. DEFAULT 0, 默认提示用户手机号已被绑定
+  // 2. DELETE_ACCOUNT_TRANSFER 1, 标记原账号已被注销，并将手机换绑给自己
+  // 3. TRANSFER 2, 仅换绑手机号，不注销原有账号（换绑后原账号无法登录时，则自动注销原账号）
+}
+
+export interface BindEmailRequest {
+  email: string;
+  sudo_token: string;
+  verification_token: string;
+}
+
+export interface SetPasswordRequest {
+  new_password: string;
+  sudo_token: string;
+}
+
+
+export interface SetPasswordRequest {
+  new_password: string;
+  sudo_token: string;
+}
+
+export interface UpdatePasswordRequest {
+  old_password: string;
+  new_password: string;
+}
+
+// password 和 verification_token 而选一，如果绑定了手机号，则必须使用verification_token 进行sudo
+export interface SudoRequest {
+  password?: string;
+  verification_token?: string
+}
+
+export interface SudoResponse {
+  sudo_token?: string
+}
+
+
+export interface ChangeBoundProviderRequest {
+  trans_token: string;
+  provider_id: string;
+}
+
+export interface ChangeBoundProviderResponse {
+  client_id: string;
+}
+
+export interface QueryUserProfileRequest {
+  id?: [string];
+  username?: string;
+  email?: string;
+  phone_number?: string;
+}
+
+export interface QueryUserProfileResponse {
+  total: string;
+  data: SimpleUserProfile[]
+}
+
+export interface ResetPasswordRequest extends BaseRequest {
+  email: string
+  phone_number: string
+  new_password: string
+  verification_token: string
+}
+
+export interface DeviceAuthorizeRequest extends BaseRequest {
+  scope?: string
+}
+
+export interface DeviceAuthorizeResponse {
+  device_code: string
+  user_code: string
+  expires_in: number
+  interval: number
+  verification_url: string
+  verification_uri_complete: string
+}
+
+// 简化版用户信息
+export interface SimpleUserProfile {
+  sub: string;
+  name: string;
+  picture?: string;
+  gender?: string;
+  locale?: string;
+  email?: string;
+  phone_number?: string;
+}
+
+export interface CheckUsernameRequest {
+  username: string
+}
+
+export interface CheckIfUserExistRequest {
+  username: string;
+}
+
+export interface CheckIfUserExistResponse {
+  exist: boolean;
+}