@cloudbase/oauth 2.6.3-beta.0 → 2.6.5-beta.0

package/src/auth/apis.ts

@@ -23,11 +23,9 @@ import {
   UserProfileProvider,
   UnbindProviderRequest,
   CheckPasswordrRequest,
-  BindPhoneRequest,
-  BindEmailRequest,
   SetPasswordRequest,
-  ChangeBindedProviderRequest,
-  ChangeBindedProviderResponse,
+  ChangeBoundProviderRequest,
+  ChangeBoundProviderResponse,
   UpdatePasswordRequest,
   SudoResponse,
   SudoRequest,
@@ -49,17 +47,41 @@ import {
   GetMiniProgramQrCodeResponse,
   GetMiniProgramQrCodeStatusResponse,
   ModifyUserBasicInfoRequest,
+  EditContactRequest,
+  AuthorizeInfoRequest,
+  AuthorizeInfoResponse,
+  AuthorizeDeviceRequest,
+  AuthorizeRequest,
+  AuthorizeResponse,
+  GetUserBehaviorLog,
+  GetUserBehaviorLogRes,
 } from './models'
 import { SimpleStorage, RequestFunction } from '../oauth2client/interface'
 import { OAuth2Client, defaultStorage } from '../oauth2client/oauth2client'
 import { Credentials } from '../oauth2client/models'
 import { Captcha, CaptchaOptions } from '../captcha/captcha'
 import { deepClone } from '../utils'
-import { getEncryptInfo } from '../utils/encrypt'
+
+function getEncryptUtils(isEncrypt) {
+  if (globalThis.IS_MP_BUILD) {
+    return
+  }
+  if (isEncrypt) {
+    /* eslint-disable */
+    // @ts-ignore
+    const utils = require('../utils/encrypt')
+    /* eslint-enable */
+    return utils
+  }
+}
 
 export interface AuthOptions {
   apiOrigin: string
   clientId: string
+  /**
+   * basic auth
+   */
+  clientSecret?: string
   credentialsClient?: OAuth2Client
   request?: RequestFunction
   baseRequest?: RequestFunction
@@ -100,6 +122,8 @@ export class Auth {
         clientId: opts.clientId,
         storage: opts.storage,
         env: opts.env,
+        baseRequest: opts.baseRequest /* || opts.request */, // opts.request 废弃不用来表示 oauth rquest
+        anonymousSignInFunc: opts.anonymousSignInFunc,
         wxCloud: opts.wxCloud,
       }
       oAuth2Client = new OAuth2Client(initOptions)
@@ -210,6 +234,28 @@ export class Auth {
     return Promise.resolve(data)
   }
 
+  /**
+   * Revoke All Devices
+   * @return {Object} A Promise<void> object.
+   */
+  public async revokeAllDevices(): Promise<void> {
+    await this.config.request<void>(ApiUrls.AUTH_REVOKE_ALL_URL, {
+      method: 'DELETE',
+      withCredentials: true,
+    })
+  }
+
+  /**
+   * Revoke Device
+   * @return {Object} A Promise<void> object.
+   */
+  public async revokeDevice(params: { device_id: string }): Promise<void> {
+    await this.config.request<void>(ApiUrls.AUTHORIZED_DEVICES_DELETE_URL + params.device_id, {
+      method: 'DELETE',
+      withCredentials: true,
+    })
+  }
+
   /**
    * Get the verification.
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
@@ -493,25 +539,12 @@ export class Auth {
   }
 
   /**
-   * check Password.
-   * @param {CheckPasswordrRequest} params
-   * @return {Promise<any>}
-   */
-  public async bindPhone(params: BindPhoneRequest): Promise<void> {
-    return this.config.request<any>(`${ApiUrls.BIND_CONTACT_URL}`, {
-      method: 'PATCH',
-      withCredentials: true,
-      body: params,
-    })
-  }
-
-  /**
-   * check Password.
-   * @param {CheckPasswordrRequest} params
-   * @return {Promise<any>}
+   * Edit Contact 修改 手机号 或 邮箱
+   * @param {EditContactRequest} params
+   * @return {Promise<void>}
    */
-  public async bindEmail(params: BindEmailRequest): Promise<void> {
-    return this.config.request<any>(`${ApiUrls.BIND_CONTACT_URL}`, {
+  public async editContact(params: EditContactRequest): Promise<void> {
+    return this.config.request<void>(`${ApiUrls.BIND_CONTACT_URL}`, {
       method: 'PATCH',
       withCredentials: true,
       body: params,
@@ -562,7 +595,7 @@ export class Auth {
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
    * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async getCurUserVerification(params: GetVerificationRequest): Promise<GetVerificationResponse> {
+  public async sendVerificationCodeToCurrentUser(params: GetVerificationRequest): Promise<GetVerificationResponse> {
     params.target = 'CUR_USER'
     return this.config.request<GetVerificationResponse>(ApiUrls.VERIFICATION_URL, {
       method: 'POST',
@@ -573,12 +606,12 @@ export class Auth {
   }
 
   /**
-   * change binded provider.
-   * @param {GetVerificationRequest} params A GetVerificationRequest Object.
-   * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
+   * change Bound provider.
+   * @param {ChangeBoundProviderRequest} params A GetVerificationRequest Object.
+   * @return {Promise<ChangeBoundProviderResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async changeBindedProvider(params: ChangeBindedProviderRequest): Promise<ChangeBindedProviderResponse> {
-    return this.config.request<ChangeBindedProviderResponse>(`${ApiUrls.PROVIDER_LIST}/${params.provider_id}/trans`, {
+  public async changeBoundProvider(params: ChangeBoundProviderRequest): Promise<ChangeBoundProviderResponse> {
+    return this.config.request<ChangeBoundProviderResponse>(`${ApiUrls.PROVIDER_LIST}/${params.provider_id}/trans`, {
       method: 'POST',
       body: {
         provider_trans_token: params.trans_token,
@@ -640,7 +673,14 @@ export class Auth {
    * @constructor
    */
   public async signInWithCustomTicket(params?: { version?: string }): Promise<Credentials> {
-    const customTicket = await this.getCustomSignTicketFn()
+    const customSignTicketFn = this.getCustomSignTicketFn
+    if (!customSignTicketFn) {
+      return Promise.reject({
+        error: 'failed_precondition',
+        error_description: 'please use setCustomSignFunc to set custom sign function',
+      })
+    }
+    const customTicket = await customSignTicketFn()
     return this.signInWithProvider({
       ...params,
       provider_id: 'custom',
@@ -662,6 +702,31 @@ export class Auth {
     })
   }
 
+  /**
+   * Authorize oauth Authorize
+   * @param params
+   * @constructor
+   */
+  public async authorize(params: AuthorizeRequest): Promise<AuthorizeResponse> {
+    return this.config.request<AuthorizeResponse>(ApiUrls.AUTHORIZE_URL, {
+      method: 'POST',
+      withCredentials: true,
+      body: params,
+    })
+  }
+
+  /**
+   * authorize device
+   * @param params
+   */
+  public async authorizeDevice(params: AuthorizeDeviceRequest): Promise<void> {
+    return this.config.request<void>(ApiUrls.AUTHORIZE_DEVICE_URL, {
+      method: 'POST',
+      withCredentials: true,
+      body: params,
+    })
+  }
+
   /**
    * device authorization
    * @param {DeviceAuthorizeRequest} params
@@ -676,6 +741,27 @@ export class Auth {
     })
   }
 
+  /**
+   * OAuth get authorize info
+   * @param params
+   * @constructor
+   */
+  public async authorizeInfo(params: AuthorizeInfoRequest): Promise<AuthorizeInfoResponse> {
+    const url = `${ApiUrls.AUTHORIZE_INFO_URL}?${Auth.parseParamsToSearch(params)}`
+    let withBasicAuth = true
+    let withCredentials = false
+    const hasLogin = await this.hasLoginState()
+    if (hasLogin) {
+      withCredentials = true
+      withBasicAuth = false
+    }
+    return this.config.request<AuthorizeInfoResponse>(url, {
+      method: 'GET',
+      withBasicAuth,
+      withCredentials,
+    })
+  }
+
   public async checkUsername(params: CheckUsernameRequest): Promise<void> {
     return this.config.request(ApiUrls.CHECK_USERNAME, {
       method: 'GET',
@@ -729,9 +815,14 @@ export class Auth {
    * @returns
    */
   public async getEncryptParams(params: Record<any, any>): Promise<EncryptParams> {
+    const { isEncrypt } = params
+    delete params.isEncrypt
+
     const payload = deepClone(params)
 
-    if (!payload.isEncrypt) {
+    const encryptUtils = getEncryptUtils(isEncrypt)
+
+    if (!encryptUtils) {
       return params
     }
 
@@ -748,10 +839,8 @@ export class Auth {
       throw new Error('public_key or public_key_thumbprint is empty')
     }
 
-    delete payload.isEncrypt
-
     return {
-      params: getEncryptInfo({ publicKey, payload }),
+      params: encryptUtils.getEncryptInfo({ publicKey, payload }),
       public_key_thumbprint,
     }
   }
@@ -782,7 +871,7 @@ export class Auth {
   }
 
   public async createCaptchaData({ state, redirect_uri = undefined }) {
-    return this.config.request<{ captcha_token: string; expires_in: number }>(ApiUrls.CAPTCHA_DATA_URL, {
+    return this.config.request<{ token: string; data: string }>(ApiUrls.CAPTCHA_DATA_URL, {
       method: 'POST',
       body: { state, redirect_uri },
       withCredentials: false,
@@ -804,10 +893,64 @@ export class Auth {
    * mini-program scan code status
    * @returns
    */
-  public async checkMiniProgramCode(params: GetMiniProgramQrCodeStatusRequest,): Promise<GetMiniProgramQrCodeStatusResponse> {
+  public async getMiniProgramQrCodeStatus(params: GetMiniProgramQrCodeStatusRequest,): Promise<GetMiniProgramQrCodeStatusResponse> {
     return this.config.request<GetMiniProgramQrCodeStatusResponse>(ApiUrls.GET_MINIPROGRAM_QRCODE_STATUS, {
       method: 'POST',
       body: params,
     })
   }
+
+  /**
+   * get user behavior log
+   * @param params
+   */
+  public async getUserBehaviorLog(params: GetUserBehaviorLog): Promise<GetUserBehaviorLogRes> {
+    const action = { LOGIN: 'query[action]=USER_LOGIN', MODIFY: 'ne_query[action]=USER_LOGIN' }
+    const url = `${ApiUrls.GET_USER_BEHAVIOR_LOG}?${action[params.type]}&limit=${params.limit}${
+      params.page_token ? `&page_token=${params.page_token}` : ''
+    }`
+    return this.config.request(url, {
+      method: 'GET',
+      withCredentials: true,
+    })
+  }
+
+  /**
+   * 这个方法是用户自己修改自己的密码，不同于/auth/v1/user/password接口，该接口是管理员修改个人的
+   * @param {SignInRequest} params A SignInRequest Object.
+   * @return {Promise<Credentials>} A Promise<Credentials> object.
+   */
+  public async modifyPassword(params: ModifyUserBasicInfoRequest): Promise<void> {
+    let publicKey = ''
+    let public_key_thumbprint = ''
+
+    const encryptUtils = getEncryptUtils(true)
+
+    if (!encryptUtils) {
+      throw new Error('do not support encrypt, a encrypt util required.')
+    }
+
+    try {
+      const res = await this.getPublicKey()
+      publicKey = res.public_key
+      public_key_thumbprint = res.public_key_thumbprint
+    } catch (error) {}
+
+    if (!publicKey || !public_key_thumbprint) {
+      throw new Error('public_key or public_key_thumbprint is empty')
+    }
+
+    const encrypt_password = params.password ? encryptUtils.getEncryptInfo({ publicKey, payload: params.password }) : ''
+    const encrypt_new_password = encryptUtils.getEncryptInfo({ publicKey, payload: params.new_password })
+    return this.config.request(ApiUrls.USER_BASIC_EDIT_URL, {
+      method: 'POST',
+      withCredentials: true,
+      body: {
+        user_id: params.user_id,
+        encrypt_password,
+        encrypt_new_password,
+        public_key_thumbprint,
+      },
+    })
+  }
 }

package/src/auth/consts.ts

@@ -31,10 +31,15 @@ export enum ApiUrls {
   AUTH_GET_DEVICE_CODE = '/auth/v1/device/code',
   CHECK_USERNAME = '/auth/v1/checkUsername',
   CHECK_IF_USER_EXIST = '/auth/v1/checkIfUserExist',
+  AUTHORIZE_URL = '/auth/v1/user/authorize',
+  AUTHORIZE_DEVICE_URL = '/auth/v1/user/device/authorize',
+  AUTHORIZE_INFO_URL = '/auth/v1/user/authorize/info',
+  AUTHORIZED_DEVICES_DELETE_URL = '/auth/v1/user/authorized/devices/',
+  AUTH_REVOKE_ALL_URL = '/auth/v1/user/revoke/all',
   GET_PROVIDER_TYPE = '/auth/v1/mgr/provider/providerSubType',
-
   GET_MINIPROGRAM_QRCODE = '/auth/v1/qrcode/generate',
   GET_MINIPROGRAM_QRCODE_STATUS = '/auth/v1/qrcode/get/status',
+  GET_USER_BEHAVIOR_LOG = '/auth/v1/user/security/history',
 }
 
 export enum ApiUrlsV2 {
@@ -55,6 +60,13 @@ export enum VerificationUsages {
 }
 
 export enum ErrorType {
+  UNREACHABLE = 'unreachable',
+  LOCAL = 'local',
+  CANCELLED = 'cancelled',
+  UNKNOWN = 'unknown',
+  UNAUTHENTICATED = 'unauthenticated',
+  RESOURCE_EXHAUSTED = 'resource_exhausted',
+  FAILED_PRECONDITION = 'failed_precondition',
   INVALID_ARGUMENT = 'invalid_argument',
   DEADLINE_EXCEEDED = 'deadline_exceeded',
   NOT_FOUND = 'not_found',
@@ -67,11 +79,33 @@ export enum ErrorType {
   UNAVAILABLE = 'unavailable',
   DATA_LOSS = 'data_loss',
   // CommonError
-  CAPTCHA_REQUIRED = 'captcha_required',
-  CAPTCHA_INVALID = 'captcha_invalid',
   INVALID_PASSWORD = 'invalid_password',
   PASSWORD_NOT_SET = 'password_not_set',
   INVALID_STATUS = 'invalid_status',
   USER_PENDING = 'user_pending',
   USER_BLOCKED = 'user_blocked',
+  INVALID_VERIFICATION_CODE = 'invalid_verification_code',
+  TWO_FACTOR_REQUIRED = 'two_factor_required',
+  INVALID_TWO_FACTOR = 'invalid_two_factor',
+  INVALID_TWO_FACTOR_RECOVERY = 'invalid_two_factor_recovery',
+  UNDER_REVIEW = 'under_review',
+  INVALID_REQUEST = 'invalid_request',
+  UNAUTHORIZED_CLIENT = 'unauthorized_client',
+  ACCESS_DENIED = 'access_denied',
+  UNSUPPORTED_RESPONSE_TYPE = 'unsupported_response_type',
+  INVALID_SCOPE = 'invalid_scope',
+  INVALID_GRANT = 'invalid_grant',
+  SERVER_ERROR = 'server_error',
+  TEMPORARILY_UNAVAILABLE = 'temporarily_unavailable',
+  INTERACTION_REQUIRED = 'interaction_required',
+  LOGIN_REQUIRED = 'login_required',
+  ACCOUNT_SELECTION_REQUIRED = 'account_selection_required',
+  CONSENT_REQUIRED = 'consent_required',
+  INVALID_REQUEST_URI = 'invalid_request_uri',
+  INVALID_REQUEST_OBJECT = 'invalid_request_object',
+  REQUEST_NOT_SUPPORTED = 'request_not_supported',
+  REQUEST_URI_NOT_SUPPORTED = 'request_uri_not_supported',
+  REGISTRATION_NOT_SUPPORTED = 'registration_not_supported',
+  CAPTCHA_REQUIRED = 'captcha_required',
+  CAPTCHA_INVALID = 'captcha_invalid',
 }