@darraghor/nest-backend-libs 2.22.0 → 2.23.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authz/ApiKeyAuthGuard.d.ts +5 -0
- package/dist/authz/ApiKeyAuthGuard.js +27 -0
- package/dist/authz/ApiKeyAuthGuard.js.map +1 -0
- package/dist/authz/UserValidation.service.d.ts +9 -4
- package/dist/authz/UserValidation.service.js +74 -23
- package/dist/authz/UserValidation.service.js.map +1 -1
- package/dist/authz/apikeystrategy.d.ts +12 -0
- package/dist/authz/apikeystrategy.js +43 -0
- package/dist/authz/apikeystrategy.js.map +1 -0
- package/dist/authz/authz.module.js +10 -1
- package/dist/authz/authz.module.js.map +1 -1
- package/dist/authz/authzstrategy.js +2 -1
- package/dist/authz/authzstrategy.js.map +1 -1
- package/dist/authz/index.d.ts +3 -0
- package/dist/authz/index.js +7 -1
- package/dist/authz/index.js.map +1 -1
- package/dist/authz/isOwnerOrThrow.d.ts +2 -0
- package/dist/authz/isOwnerOrThrow.js +20 -0
- package/dist/authz/isOwnerOrThrow.js.map +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/invitations/entities/invitation.entity.d.ts +3 -3
- package/dist/invitations/entities/invitation.entity.js +11 -9
- package/dist/invitations/entities/invitation.entity.js.map +1 -1
- package/dist/invitations/invitation.module.js +3 -2
- package/dist/invitations/invitation.module.js.map +1 -1
- package/dist/invitations/invitation.service.d.ts +9 -3
- package/dist/invitations/invitation.service.js +132 -34
- package/dist/invitations/invitation.service.js.map +1 -1
- package/dist/organisation-memberships/entities/organisation-membership.entity.d.ts +2 -0
- package/dist/organisation-memberships/entities/organisation-membership.entity.js +11 -0
- package/dist/organisation-memberships/entities/organisation-membership.entity.js.map +1 -1
- package/dist/user-api-key/CreateApiKeyDto.d.ts +3 -0
- package/dist/user-api-key/CreateApiKeyDto.js +24 -0
- package/dist/user-api-key/CreateApiKeyDto.js.map +1 -0
- package/dist/user-api-key/index.d.ts +3 -0
- package/dist/user-api-key/index.js +10 -0
- package/dist/user-api-key/index.js.map +1 -0
- package/dist/user-api-key/user-apikey.controller.d.ts +13 -0
- package/dist/user-api-key/user-apikey.controller.js +88 -0
- package/dist/user-api-key/user-apikey.controller.js.map +1 -0
- package/dist/user-api-key/user-apikey.module.d.ts +2 -0
- package/dist/user-api-key/user-apikey.module.js +27 -0
- package/dist/user-api-key/user-apikey.module.js.map +1 -0
- package/dist/user-api-key/user-apikey.service.d.ts +17 -0
- package/dist/user-api-key/user-apikey.service.js +91 -0
- package/dist/user-api-key/user-apikey.service.js.map +1 -0
- package/dist/user-api-key/userApiKey.entity.d.ts +12 -0
- package/dist/user-api-key/userApiKey.entity.js +77 -0
- package/dist/user-api-key/userApiKey.entity.js.map +1 -0
- package/dist/user-external/user-external.module.js +0 -2
- package/dist/user-external/user-external.module.js.map +1 -1
- package/dist/user-internal/dto/userResponseDto.d.ts +2 -2
- package/dist/user-internal/dto/userResponseDto.js +2 -2
- package/dist/user-internal/dto/userResponseDto.js.map +1 -1
- package/dist/user-internal/entities/user.entity.d.ts +4 -2
- package/dist/user-internal/entities/user.entity.js +12 -4
- package/dist/user-internal/entities/user.entity.js.map +1 -1
- package/dist/user-internal/user-internal.module.js +0 -1
- package/dist/user-internal/user-internal.module.js.map +1 -1
- package/package.json +5 -1
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ApiKeyAuthGuard = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
const passport_1 = require("@nestjs/passport");
|
|
15
|
+
let ApiKeyAuthGuard = class ApiKeyAuthGuard extends (0, passport_1.AuthGuard)("headerapikey") {
|
|
16
|
+
constructor() {
|
|
17
|
+
super();
|
|
18
|
+
}
|
|
19
|
+
};
|
|
20
|
+
ApiKeyAuthGuard = __decorate([
|
|
21
|
+
(0, common_1.Injectable)()
|
|
22
|
+
// eslint-disable-next-line @darraghor/nestjs-typed/injectable-should-be-provided
|
|
23
|
+
,
|
|
24
|
+
__metadata("design:paramtypes", [])
|
|
25
|
+
], ApiKeyAuthGuard);
|
|
26
|
+
exports.ApiKeyAuthGuard = ApiKeyAuthGuard;
|
|
27
|
+
//# sourceMappingURL=ApiKeyAuthGuard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ApiKeyAuthGuard.js","sourceRoot":"","sources":["../../src/authz/ApiKeyAuthGuard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA0C;AAC1C,+CAA2C;AAIpC,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,IAAA,oBAAS,EAAC,cAAc,CAAC;IAC1D;QACI,KAAK,EAAE,CAAC;IACZ,CAAC;CACJ,CAAA;AAJY,eAAe;IAF3B,IAAA,mBAAU,GAAE;IACb,iFAAiF;;;GACpE,eAAe,CAI3B;AAJY,0CAAe"}
|
|
@@ -1,13 +1,18 @@
|
|
|
1
1
|
import { Repository } from "typeorm";
|
|
2
2
|
import { AuthZClientService } from "../authzclient/authz.service";
|
|
3
3
|
import { UserProfile } from "../authzclient/UserProfile.dto";
|
|
4
|
+
import { InvitationService } from "../invitations";
|
|
4
5
|
import { User } from "../user-internal";
|
|
5
6
|
import { AccessToken } from "./AccessToken";
|
|
6
7
|
export declare class UserValidationService {
|
|
7
|
-
private
|
|
8
|
+
private userRepository;
|
|
8
9
|
private authzClient;
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
private invitationService;
|
|
11
|
+
constructor(userRepository: Repository<User>, authzClient: AuthZClientService, invitationService: InvitationService);
|
|
12
|
+
getAuth0User(rawAccessToken: string): Promise<UserProfile | undefined>;
|
|
13
|
+
validateUserApiKey(apiKey: string): Promise<User | undefined>;
|
|
14
|
+
validateUser(payload: AccessToken, rawAccessToken: string, invitationId?: string): Promise<User | undefined>;
|
|
15
|
+
handleInvitation(rawAccessToken: string, invitationCode: string): Promise<User>;
|
|
16
|
+
handleNewIndependentUser(foundUser: User | null, rawAccessToken: string): Promise<User>;
|
|
12
17
|
updateUserFromAuth0(user: User, auth0User: UserProfile): Promise<User>;
|
|
13
18
|
}
|
|
@@ -18,58 +18,108 @@ const common_1 = require("@nestjs/common");
|
|
|
18
18
|
const typeorm_1 = require("@nestjs/typeorm");
|
|
19
19
|
const typeorm_2 = require("typeorm");
|
|
20
20
|
const authz_service_1 = require("../authzclient/authz.service");
|
|
21
|
+
const invitations_1 = require("../invitations");
|
|
21
22
|
const organisation_membership_entity_1 = require("../organisation-memberships/entities/organisation-membership.entity");
|
|
22
23
|
const RolesEnum_1 = require("../organisation/dto/RolesEnum");
|
|
23
24
|
const member_role_entity_1 = require("../organisation/entities/member-role.entity");
|
|
24
25
|
const organisation_entity_1 = require("../organisation/entities/organisation.entity");
|
|
25
26
|
const user_internal_1 = require("../user-internal");
|
|
26
27
|
let UserValidationService = class UserValidationService {
|
|
27
|
-
|
|
28
|
+
userRepository;
|
|
28
29
|
authzClient;
|
|
29
|
-
|
|
30
|
-
|
|
30
|
+
invitationService;
|
|
31
|
+
constructor(userRepository, authzClient, invitationService) {
|
|
32
|
+
this.userRepository = userRepository;
|
|
31
33
|
this.authzClient = authzClient;
|
|
34
|
+
this.invitationService = invitationService;
|
|
32
35
|
}
|
|
33
|
-
async getAuth0User(
|
|
36
|
+
async getAuth0User(rawAccessToken) {
|
|
34
37
|
return await this.authzClient.getUser(rawAccessToken);
|
|
35
38
|
}
|
|
36
|
-
async
|
|
39
|
+
async validateUserApiKey(apiKey) {
|
|
40
|
+
const result = await this.userRepository.findOne({
|
|
41
|
+
where: { apiKeys: { apiKey: apiKey } },
|
|
42
|
+
relations: {
|
|
43
|
+
memberships: true,
|
|
44
|
+
},
|
|
45
|
+
});
|
|
46
|
+
// convert from null
|
|
47
|
+
if (!result)
|
|
48
|
+
return undefined;
|
|
49
|
+
return result;
|
|
50
|
+
}
|
|
51
|
+
async validateUser(payload, rawAccessToken, invitationId) {
|
|
52
|
+
if (invitationId) {
|
|
53
|
+
// even though there is commonality here it's easier to treat the invitation path as completely separate
|
|
54
|
+
return this.handleInvitation(rawAccessToken, invitationId);
|
|
55
|
+
}
|
|
37
56
|
// try to find the user and their memberships
|
|
38
|
-
const foundUser = await this.
|
|
57
|
+
const foundUser = await this.userRepository.findOne({
|
|
39
58
|
where: { auth0UserId: payload.sub },
|
|
40
59
|
relations: {
|
|
41
60
|
memberships: true,
|
|
42
61
|
},
|
|
43
62
|
});
|
|
44
|
-
// if user
|
|
63
|
+
// if user is
|
|
64
|
+
// - found
|
|
65
|
+
// - already configured
|
|
66
|
+
// - not trying to join an organisation
|
|
67
|
+
// then just return the user
|
|
45
68
|
if (foundUser !== undefined &&
|
|
46
69
|
foundUser !== null &&
|
|
47
70
|
foundUser.memberships.length > 0) {
|
|
48
71
|
return foundUser;
|
|
49
72
|
}
|
|
50
|
-
//
|
|
51
|
-
|
|
73
|
+
// otherwise we need to add a membership to a user
|
|
74
|
+
return this.handleNewIndependentUser(foundUser, rawAccessToken);
|
|
75
|
+
}
|
|
76
|
+
async handleInvitation(rawAccessToken, invitationCode) {
|
|
77
|
+
const invitation = await this.invitationService.getOneActiveInvitation(invitationCode);
|
|
78
|
+
if (!invitation) {
|
|
79
|
+
throw new common_1.NotFoundException("Valid invitation not found");
|
|
80
|
+
}
|
|
81
|
+
// get the user's profile details from auth0
|
|
82
|
+
const auth0User = await this.getAuth0User(rawAccessToken);
|
|
52
83
|
if (auth0User === undefined) {
|
|
53
|
-
|
|
84
|
+
throw new Error("Error getting user profile from Auth0");
|
|
54
85
|
}
|
|
55
|
-
|
|
86
|
+
if (auth0User.email_verified === false) {
|
|
87
|
+
throw new Error("Email not verified");
|
|
88
|
+
}
|
|
89
|
+
// the user's verified email address should match the invitation email address
|
|
90
|
+
if (auth0User.email.toLowerCase() !==
|
|
91
|
+
invitation.emailAddress.toLowerCase()) {
|
|
92
|
+
throw new Error("Verified email address does not match invitation email address");
|
|
93
|
+
}
|
|
94
|
+
await this.invitationService.acceptInvitation(invitation.id);
|
|
95
|
+
// eslint-disable-next-line sonarjs/prefer-immediate-return
|
|
96
|
+
const savedUser = await this.updateUserFromAuth0(invitation.organisationMembership.user, auth0User);
|
|
97
|
+
return savedUser;
|
|
98
|
+
}
|
|
99
|
+
async handleNewIndependentUser(foundUser, rawAccessToken) {
|
|
100
|
+
// get the user's profile details from auth0
|
|
101
|
+
const auth0User = await this.getAuth0User(rawAccessToken);
|
|
102
|
+
if (auth0User === undefined) {
|
|
103
|
+
throw new Error("Error getting user profile from Auth0");
|
|
104
|
+
}
|
|
105
|
+
if (auth0User.email_verified === false) {
|
|
106
|
+
throw new Error("Email not verified");
|
|
107
|
+
}
|
|
108
|
+
// create role
|
|
109
|
+
const newRole = new member_role_entity_1.MembershipRole();
|
|
110
|
+
newRole.name = RolesEnum_1.Roles.owner;
|
|
111
|
+
// create a brand new organisation
|
|
56
112
|
const unsavedOrganisation = new organisation_entity_1.Organisation();
|
|
57
113
|
unsavedOrganisation.name = auth0User.given_name
|
|
58
114
|
? `${auth0User.given_name}'s Organisation`
|
|
59
115
|
: `My Organisation`;
|
|
60
|
-
// create roles
|
|
61
|
-
const ownerRole = new member_role_entity_1.MembershipRole();
|
|
62
|
-
ownerRole.name = RolesEnum_1.Roles.owner;
|
|
63
116
|
// create a new membership
|
|
64
117
|
const membership = new organisation_membership_entity_1.OrganisationMembership();
|
|
65
118
|
membership.organisation = unsavedOrganisation;
|
|
66
|
-
membership.roles = [
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
return this.repository.save(foundUser);
|
|
71
|
-
}
|
|
72
|
-
const user = this.repository.create();
|
|
119
|
+
membership.roles = [newRole];
|
|
120
|
+
// use the found user or create a new one
|
|
121
|
+
const user = foundUser || this.userRepository.create();
|
|
122
|
+
// assign the membership
|
|
73
123
|
user.memberships = [membership];
|
|
74
124
|
// eslint-disable-next-line sonarjs/prefer-immediate-return
|
|
75
125
|
const updatedUser = this.updateUserFromAuth0(user, auth0User);
|
|
@@ -86,14 +136,15 @@ let UserValidationService = class UserValidationService {
|
|
|
86
136
|
user.picture = auth0User.picture;
|
|
87
137
|
user.username = auth0User.preferred_username;
|
|
88
138
|
// save user
|
|
89
|
-
return this.
|
|
139
|
+
return this.userRepository.save(user);
|
|
90
140
|
}
|
|
91
141
|
};
|
|
92
142
|
UserValidationService = __decorate([
|
|
93
143
|
(0, common_1.Injectable)(),
|
|
94
144
|
__param(0, (0, typeorm_1.InjectRepository)(user_internal_1.User)),
|
|
95
145
|
__metadata("design:paramtypes", [typeorm_2.Repository,
|
|
96
|
-
authz_service_1.AuthZClientService
|
|
146
|
+
authz_service_1.AuthZClientService,
|
|
147
|
+
invitations_1.InvitationService])
|
|
97
148
|
], UserValidationService);
|
|
98
149
|
exports.UserValidationService = UserValidationService;
|
|
99
150
|
//# sourceMappingURL=UserValidation.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"UserValidation.service.js","sourceRoot":"","sources":["../../src/authz/UserValidation.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAA6D;AAC7D,
|
|
1
|
+
{"version":3,"file":"UserValidation.service.js","sourceRoot":"","sources":["../../src/authz/UserValidation.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAA6D;AAC7D,2CAA6D;AAC7D,6CAAiD;AACjD,qCAAmC;AACnC,gEAAgE;AAEhE,gDAAiD;AACjD,wHAA2G;AAC3G,6DAAoD;AACpD,oFAA2E;AAC3E,sFAA0E;AAC1E,oDAAsC;AAI/B,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAGlB;IACA;IACA;IAJZ,YAEY,cAAgC,EAChC,WAA+B,EAC/B,iBAAoC;QAFpC,mBAAc,GAAd,cAAc,CAAkB;QAChC,gBAAW,GAAX,WAAW,CAAoB;QAC/B,sBAAiB,GAAjB,iBAAiB,CAAmB;IAC7C,CAAC;IAEJ,KAAK,CAAC,YAAY,CACd,cAAsB;QAEtB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IACD,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC7C,KAAK,EAAE,EAAC,OAAO,EAAE,EAAC,MAAM,EAAE,MAAM,EAAC,EAAC;YAClC,SAAS,EAAE;gBACP,WAAW,EAAE,IAAI;aACpB;SACJ,CAAC,CAAC;QACH,oBAAoB;QACpB,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,KAAK,CAAC,YAAY,CACd,OAAoB,EACpB,cAAsB,EACtB,YAAqB;QAErB,IAAI,YAAY,EAAE;YACd,wGAAwG;YACxG,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;SAC9D;QACD,6CAA6C;QAC7C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,KAAK,EAAE,EAAC,WAAW,EAAE,OAAO,CAAC,GAAG,EAAC;YACjC,SAAS,EAAE;gBACP,WAAW,EAAE,IAAI;aACpB;SACJ,CAAC,CAAC;QAEH,aAAa;QACb,UAAU;QACV,uBAAuB;QACvB,uCAAuC;QACvC,4BAA4B;QAC5B,IACI,SAAS,KAAK,SAAS;YACvB,SAAS,KAAK,IAAI;YAClB,SAAS,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAClC;YACE,OAAO,SAAS,CAAC;SACpB;QACD,kDAAkD;QAClD,OAAO,IAAI,CAAC,wBAAwB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAClB,cAAsB,EACtB,cAAsB;QAEtB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,sBAAsB,CAClE,cAAc,CACjB,CAAC;QACF,IAAI,CAAC,UAAU,EAAE;YACb,MAAM,IAAI,0BAAiB,CAAC,4BAA4B,CAAC,CAAC;SAC7D;QAED,4CAA4C;QAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAC1D,IAAI,SAAS,KAAK,SAAS,EAAE;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC5D;QAED,IAAI,SAAS,CAAC,cAAc,KAAK,KAAK,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACzC;QAED,8EAA8E;QAC9E,IACI,SAAS,CAAC,KAAK,CAAC,WAAW,EAAE;YAC7B,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,EACvC;YACE,MAAM,IAAI,KAAK,CACX,gEAAgE,CACnE,CAAC;SACL;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAE7D,2DAA2D;QAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAC5C,UAAU,CAAC,sBAAsB,CAAC,IAAI,EACtC,SAAS,CACZ,CAAC;QACF,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC1B,SAAsB,EACtB,cAAsB;QAEtB,4CAA4C;QAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAC1D,IAAI,SAAS,KAAK,SAAS,EAAE;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC5D;QAED,IAAI,SAAS,CAAC,cAAc,KAAK,KAAK,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACzC;QAED,cAAc;QACd,MAAM,OAAO,GAAG,IAAI,mCAAc,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,GAAG,iBAAK,CAAC,KAAK,CAAC;QAE3B,kCAAkC;QAClC,MAAM,mBAAmB,GAAG,IAAI,kCAAY,EAAE,CAAC;QAC/C,mBAAmB,CAAC,IAAI,GAAG,SAAS,CAAC,UAAU;YAC3C,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,iBAAiB;YAC1C,CAAC,CAAC,iBAAiB,CAAC;QAExB,0BAA0B;QAC1B,MAAM,UAAU,GAAG,IAAI,uDAAsB,EAAE,CAAC;QAChD,UAAU,CAAC,YAAY,GAAG,mBAAmB,CAAC;QAC9C,UAAU,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,CAAC;QAE7B,yCAAyC;QACzC,MAAM,IAAI,GAAG,SAAS,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;QAEvD,wBAAwB;QACxB,IAAI,CAAC,WAAW,GAAG,CAAC,UAAU,CAAC,CAAC;QAChC,2DAA2D;QAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC9D,OAAO,WAAW,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAU,EAAE,SAAsB;QACxD,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC;QACjC,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC;QAC9C,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;QACxC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,kBAAkB,CAAC;QAE7C,YAAY;QACZ,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;CACJ,CAAA;AAxJY,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAGJ,WAAA,IAAA,0BAAgB,EAAC,oBAAI,CAAC,CAAA;qCACC,oBAAU;QACb,kCAAkB;QACZ,+BAAiB;GALvC,qBAAqB,CAwJjC;AAxJY,sDAAqB"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { HeaderAPIKeyStrategy } from "passport-headerapikey";
|
|
2
|
+
import { UserValidationService } from "./UserValidation.service";
|
|
3
|
+
import { User } from "../user-internal";
|
|
4
|
+
declare const ApiKeyStrategy_base: new (...args: any[]) => HeaderAPIKeyStrategy;
|
|
5
|
+
export declare class ApiKeyStrategy extends ApiKeyStrategy_base {
|
|
6
|
+
private readonly userValidationService;
|
|
7
|
+
constructor(userValidationService: UserValidationService);
|
|
8
|
+
validate(apiKey: string, done: (error: Error | undefined, user?: User, info?: {
|
|
9
|
+
[key: string]: any;
|
|
10
|
+
}) => boolean): Promise<void>;
|
|
11
|
+
}
|
|
12
|
+
export {};
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ApiKeyStrategy = void 0;
|
|
13
|
+
const passport_headerapikey_1 = require("passport-headerapikey");
|
|
14
|
+
const passport_1 = require("@nestjs/passport");
|
|
15
|
+
const UserValidation_service_1 = require("./UserValidation.service");
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
let ApiKeyStrategy = class ApiKeyStrategy extends (0, passport_1.PassportStrategy)(passport_headerapikey_1.HeaderAPIKeyStrategy) {
|
|
18
|
+
userValidationService;
|
|
19
|
+
constructor(userValidationService) {
|
|
20
|
+
super({ header: "Authorization", prefix: "Api-Key " }, true, async (apiKey, done) => {
|
|
21
|
+
return await this.validate(apiKey, done);
|
|
22
|
+
});
|
|
23
|
+
this.userValidationService = userValidationService;
|
|
24
|
+
}
|
|
25
|
+
async validate(apiKey, done) {
|
|
26
|
+
try {
|
|
27
|
+
const foundUser = await this.userValidationService.validateUserApiKey(apiKey);
|
|
28
|
+
if (!foundUser) {
|
|
29
|
+
done(new Error("Invalid API key"));
|
|
30
|
+
}
|
|
31
|
+
done(undefined, foundUser);
|
|
32
|
+
}
|
|
33
|
+
catch (error) {
|
|
34
|
+
done(error);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
};
|
|
38
|
+
ApiKeyStrategy = __decorate([
|
|
39
|
+
(0, common_1.Injectable)(),
|
|
40
|
+
__metadata("design:paramtypes", [UserValidation_service_1.UserValidationService])
|
|
41
|
+
], ApiKeyStrategy);
|
|
42
|
+
exports.ApiKeyStrategy = ApiKeyStrategy;
|
|
43
|
+
//# sourceMappingURL=apikeystrategy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"apikeystrategy.js","sourceRoot":"","sources":["../../src/authz/apikeystrategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iEAA2D;AAC3D,+CAAkD;AAClD,qEAA+D;AAC/D,2CAA0C;AAInC,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,IAAA,2BAAgB,EAAC,4CAAoB,CAAC;IACzC;IAA7B,YAA6B,qBAA4C;QACrE,KAAK,CACD,EAAC,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAC,EAC7C,IAAI,EACJ,KAAK,EACD,MAAc,EACd,IAIY,EACd,EAAE;YACA,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC,CACJ,CAAC;QAduB,0BAAqB,GAArB,qBAAqB,CAAuB;IAezE,CAAC;IAED,KAAK,CAAC,QAAQ,CACV,MAAc,EACd,IAIY;QAEZ,IAAI;YACA,MAAM,SAAS,GACX,MAAM,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAEhE,IAAI,CAAC,SAAS,EAAE;gBACZ,IAAI,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;aACtC;YAED,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;SAC9B;QAAC,OAAO,KAAK,EAAE;YACZ,IAAI,CAAC,KAAc,CAAC,CAAC;SACxB;IACL,CAAC;CACJ,CAAA;AAvCY,cAAc;IAD1B,IAAA,mBAAU,GAAE;qCAE2C,8CAAqB;GADhE,cAAc,CAuC1B;AAvCY,wCAAc"}
|
|
@@ -20,6 +20,8 @@ const UserValidation_service_1 = require("./UserValidation.service");
|
|
|
20
20
|
const typeorm_1 = require("@nestjs/typeorm");
|
|
21
21
|
const user_entity_1 = require("../user-internal/entities/user.entity");
|
|
22
22
|
const authz_client_module_1 = require("../authzclient/authz-client.module");
|
|
23
|
+
const apikeystrategy_1 = require("./apikeystrategy");
|
|
24
|
+
const invitations_1 = require("../invitations");
|
|
23
25
|
let AuthzModule = class AuthzModule {
|
|
24
26
|
};
|
|
25
27
|
AuthzModule = __decorate([
|
|
@@ -30,8 +32,15 @@ AuthzModule = __decorate([
|
|
|
30
32
|
typeorm_1.TypeOrmModule.forFeature([user_entity_1.User]),
|
|
31
33
|
passport_1.PassportModule.register({ defaultStrategy: "jwt" }),
|
|
32
34
|
authz_client_module_1.AuthzClientModule,
|
|
35
|
+
invitations_1.InvitationModule,
|
|
36
|
+
],
|
|
37
|
+
providers: [
|
|
38
|
+
apikeystrategy_1.ApiKeyStrategy,
|
|
39
|
+
authzstrategy_1.JwtStrategy,
|
|
40
|
+
AuthConfigurationService_1.AuthConfigurationService,
|
|
41
|
+
UserValidation_service_1.UserValidationService,
|
|
42
|
+
apikeystrategy_1.ApiKeyStrategy,
|
|
33
43
|
],
|
|
34
|
-
providers: [authzstrategy_1.JwtStrategy, AuthConfigurationService_1.AuthConfigurationService, UserValidation_service_1.UserValidationService],
|
|
35
44
|
exports: [passport_1.PassportModule, AuthConfigurationService_1.AuthConfigurationService],
|
|
36
45
|
})
|
|
37
46
|
], AuthzModule);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authz.module.js","sourceRoot":"","sources":["../../src/authz/authz.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8C;AAC9C,+CAAgD;AAChD,yEAAoE;AACpE,mDAA4C;AAC5C,8FAA2D;AAC3D,2CAA4C;AAC5C,qEAA+D;AAC/D,6CAA8C;AAC9C,uEAA2D;AAC3D,4EAAqE;
|
|
1
|
+
{"version":3,"file":"authz.module.js","sourceRoot":"","sources":["../../src/authz/authz.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8C;AAC9C,+CAAgD;AAChD,yEAAoE;AACpE,mDAA4C;AAC5C,8FAA2D;AAC3D,2CAA4C;AAC5C,qEAA+D;AAC/D,6CAA8C;AAC9C,uEAA2D;AAC3D,4EAAqE;AACrE,qDAAgD;AAChD,gDAAgD;AAoBzC,IAAM,WAAW,GAAjB,MAAM,WAAW;CAAG,CAAA;AAAd,WAAW;IAlBvB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE;YACL,qBAAY,CAAC,UAAU,CAAC,oCAAe,CAAC;YACxC,uBAAa,CAAC,UAAU,CAAC,CAAC,kBAAI,CAAC,CAAC;YAChC,yBAAc,CAAC,QAAQ,CAAC,EAAC,eAAe,EAAE,KAAK,EAAC,CAAC;YACjD,uCAAiB;YACjB,8BAAgB;SACnB;QACD,SAAS,EAAE;YACP,+BAAc;YACd,2BAAW;YACX,mDAAwB;YACxB,8CAAqB;YACrB,+BAAc;SACjB;QACD,OAAO,EAAE,CAAC,yBAAc,EAAE,mDAAwB,CAAC;KACtD,CAAC;GACW,WAAW,CAAG;AAAd,kCAAW"}
|
|
@@ -43,7 +43,8 @@ let JwtStrategy = JwtStrategy_1 = class JwtStrategy extends (0, passport_1.Passp
|
|
|
43
43
|
this.logger.error("Couldn't log the raw access token");
|
|
44
44
|
return;
|
|
45
45
|
}
|
|
46
|
-
const
|
|
46
|
+
const invitationId = request.query.invitationId;
|
|
47
|
+
const userResult = await this.userValidationService.validateUser(payload, rawAccessToken, invitationId);
|
|
47
48
|
const withPermissions = { permissions: payload.permissions || [] };
|
|
48
49
|
// eslint-disable-next-line sonarjs/prefer-immediate-return
|
|
49
50
|
const rp = { ...userResult, ...withPermissions };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authzstrategy.js","sourceRoot":"","sources":["../../src/authz/authzstrategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAkD;AAClD,+CAAkD;AAClD,+CAAkD;AAClD,uCAA2C;AAG3C,yEAAoE;AAEpE,qEAA+D;AAGxD,IAAM,WAAW,mBAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IAGlC;IAFJ,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IACvD,YACqB,qBAA4C,EAC7D,MAAgC;QAEhC,KAAK,CAAC;YACF,mBAAmB,EAAE,IAAA,4BAAiB,EAAC;gBACnC,KAAK,EAAE,IAAI;gBACX,SAAS,EAAE,IAAI;gBACf,qBAAqB,EAAE,CAAC;gBACxB,OAAO,EAAE,WAAW,MAAM,CAAC,WAAW,wBAAwB;aACjE,CAAC;YACF,iBAAiB,EAAE,IAAI;YACvB,iJAAiJ;YACjJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,QAAQ,EAAE,MAAM,CAAC,aAAa;YAC9B,MAAM,EAAE,WAAW,MAAM,CAAC,WAAW,GAAG;YACxC,UAAU,EAAE,CAAC,OAAO,CAAC;SACxB,CAAC,CAAC;QAhBc,0BAAqB,GAArB,qBAAqB,CAAuB;IAiBjE,CAAC;IAED,KAAK,CAAC,QAAQ,CACV,OAAgB,EAChB,OAAoB;QAEpB,MAAM,cAAc,GAChB,yBAAU,CAAC,2BAA2B,EAAE,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,IAAI,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACvD,OAAO;SACV;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAC5D,OAAO,EACP,cAAc,
|
|
1
|
+
{"version":3,"file":"authzstrategy.js","sourceRoot":"","sources":["../../src/authz/authzstrategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAkD;AAClD,+CAAkD;AAClD,+CAAkD;AAClD,uCAA2C;AAG3C,yEAAoE;AAEpE,qEAA+D;AAGxD,IAAM,WAAW,mBAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IAGlC;IAFJ,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IACvD,YACqB,qBAA4C,EAC7D,MAAgC;QAEhC,KAAK,CAAC;YACF,mBAAmB,EAAE,IAAA,4BAAiB,EAAC;gBACnC,KAAK,EAAE,IAAI;gBACX,SAAS,EAAE,IAAI;gBACf,qBAAqB,EAAE,CAAC;gBACxB,OAAO,EAAE,WAAW,MAAM,CAAC,WAAW,wBAAwB;aACjE,CAAC;YACF,iBAAiB,EAAE,IAAI;YACvB,iJAAiJ;YACjJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,QAAQ,EAAE,MAAM,CAAC,aAAa;YAC9B,MAAM,EAAE,WAAW,MAAM,CAAC,WAAW,GAAG;YACxC,UAAU,EAAE,CAAC,OAAO,CAAC;SACxB,CAAC,CAAC;QAhBc,0BAAqB,GAArB,qBAAqB,CAAuB;IAiBjE,CAAC;IAED,KAAK,CAAC,QAAQ,CACV,OAAgB,EAChB,OAAoB;QAEpB,MAAM,cAAc,GAChB,yBAAU,CAAC,2BAA2B,EAAE,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,IAAI,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACvD,OAAO;SACV;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,YAAsB,CAAC;QAE1D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAC5D,OAAO,EACP,cAAc,EACd,YAAY,CACf,CAAC;QAEF,MAAM,eAAe,GAAG,EAAC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,EAAE,EAAC,CAAC;QACjE,2DAA2D;QAC3D,MAAM,EAAE,GAAG,EAAC,GAAG,UAAU,EAAE,GAAG,eAAe,EAAgB,CAAC;QAC9D,OAAO,EAAE,CAAC;IACd,CAAC;CACJ,CAAA;AA9CY,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAImC,8CAAqB;QACrD,mDAAwB;GAJ3B,WAAW,CA8CvB;AA9CY,kCAAW"}
|
package/dist/authz/index.d.ts
CHANGED
|
@@ -5,3 +5,6 @@ export { RequestWithUser } from "./RequestWithUser";
|
|
|
5
5
|
export { ClaimsAuthorisationGuard } from "./ClaimsAuthorisationGuard";
|
|
6
6
|
export { MandatoryUserClaims } from "./MandatoryUserClaims.decorator";
|
|
7
7
|
export { SuperUserClaims } from "./SuperUserClaims";
|
|
8
|
+
export { isOwnerOrThrow } from "./isOwnerOrThrow";
|
|
9
|
+
export { ApiKeyAuthGuard } from "./ApiKeyAuthGuard";
|
|
10
|
+
export { ApiKeyStrategy } from "./apikeystrategy";
|
package/dist/authz/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SuperUserClaims = exports.MandatoryUserClaims = exports.ClaimsAuthorisationGuard = exports.DefaultAuthGuard = exports.JwtStrategy = exports.AuthzModule = void 0;
|
|
3
|
+
exports.ApiKeyStrategy = exports.ApiKeyAuthGuard = exports.isOwnerOrThrow = exports.SuperUserClaims = exports.MandatoryUserClaims = exports.ClaimsAuthorisationGuard = exports.DefaultAuthGuard = exports.JwtStrategy = exports.AuthzModule = void 0;
|
|
4
4
|
var authz_module_1 = require("./authz.module");
|
|
5
5
|
Object.defineProperty(exports, "AuthzModule", { enumerable: true, get: function () { return authz_module_1.AuthzModule; } });
|
|
6
6
|
var authzstrategy_1 = require("./authzstrategy");
|
|
@@ -13,4 +13,10 @@ var MandatoryUserClaims_decorator_1 = require("./MandatoryUserClaims.decorator")
|
|
|
13
13
|
Object.defineProperty(exports, "MandatoryUserClaims", { enumerable: true, get: function () { return MandatoryUserClaims_decorator_1.MandatoryUserClaims; } });
|
|
14
14
|
var SuperUserClaims_1 = require("./SuperUserClaims");
|
|
15
15
|
Object.defineProperty(exports, "SuperUserClaims", { enumerable: true, get: function () { return SuperUserClaims_1.SuperUserClaims; } });
|
|
16
|
+
var isOwnerOrThrow_1 = require("./isOwnerOrThrow");
|
|
17
|
+
Object.defineProperty(exports, "isOwnerOrThrow", { enumerable: true, get: function () { return isOwnerOrThrow_1.isOwnerOrThrow; } });
|
|
18
|
+
var ApiKeyAuthGuard_1 = require("./ApiKeyAuthGuard");
|
|
19
|
+
Object.defineProperty(exports, "ApiKeyAuthGuard", { enumerable: true, get: function () { return ApiKeyAuthGuard_1.ApiKeyAuthGuard; } });
|
|
20
|
+
var apikeystrategy_1 = require("./apikeystrategy");
|
|
21
|
+
Object.defineProperty(exports, "ApiKeyStrategy", { enumerable: true, get: function () { return apikeystrategy_1.ApiKeyStrategy; } });
|
|
16
22
|
//# sourceMappingURL=index.js.map
|
package/dist/authz/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":";;;AAAA,+CAA2C;AAAnC,2GAAA,WAAW,OAAA;AACnB,iDAA4C;AAApC,4GAAA,WAAW,OAAA;AACnB,uDAAoD;AAA5C,oHAAA,gBAAgB,OAAA;AAExB,uEAAoE;AAA5D,oIAAA,wBAAwB,OAAA;AAChC,iFAAoE;AAA5D,oIAAA,mBAAmB,OAAA;AAC3B,qDAAkD;AAA1C,kHAAA,eAAe,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":";;;AAAA,+CAA2C;AAAnC,2GAAA,WAAW,OAAA;AACnB,iDAA4C;AAApC,4GAAA,WAAW,OAAA;AACnB,uDAAoD;AAA5C,oHAAA,gBAAgB,OAAA;AAExB,uEAAoE;AAA5D,oIAAA,wBAAwB,OAAA;AAChC,iFAAoE;AAA5D,oIAAA,mBAAmB,OAAA;AAC3B,qDAAkD;AAA1C,kHAAA,eAAe,OAAA;AACvB,mDAAgD;AAAxC,gHAAA,cAAc,OAAA;AACtB,qDAAkD;AAA1C,kHAAA,eAAe,OAAA;AACvB,mDAAgD;AAAxC,gHAAA,cAAc,OAAA"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.isOwnerOrThrow = void 0;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
function isOwnerOrThrow(itemOwnerUuid, currentUserUuid,
|
|
6
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
7
|
+
attemptedAction, logger) {
|
|
8
|
+
if (itemOwnerUuid !== currentUserUuid) {
|
|
9
|
+
if (logger) {
|
|
10
|
+
logger.warn({
|
|
11
|
+
currentUserUuid,
|
|
12
|
+
itemOwnerUuid,
|
|
13
|
+
attemptedAction,
|
|
14
|
+
}, `Attempted to modify record for another user`);
|
|
15
|
+
}
|
|
16
|
+
throw new common_1.UnauthorizedException();
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
exports.isOwnerOrThrow = isOwnerOrThrow;
|
|
20
|
+
//# sourceMappingURL=isOwnerOrThrow.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isOwnerOrThrow.js","sourceRoot":"","sources":["../../src/authz/isOwnerOrThrow.ts"],"names":[],"mappings":";;;AAAA,2CAA6D;AAE7D,SAAgB,cAAc,CAC1B,aAAqB,EACrB,eAAuB;AACvB,6DAA6D;AAC7D,eAAuB,EACvB,MAAe;IAEf,IAAI,aAAa,KAAK,eAAe,EAAE;QACnC,IAAI,MAAM,EAAE;YACR,MAAM,CAAC,IAAI,CACP;gBACI,eAAe;gBACf,aAAa;gBACb,eAAe;aAClB,EACD,6CAA6C,CAChD,CAAC;SACL;QACD,MAAM,IAAI,8BAAqB,EAAE,CAAC;KACrC;AACL,CAAC;AApBD,wCAoBC"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -56,4 +56,5 @@ __exportStar(require("./authz/index"), exports);
|
|
|
56
56
|
__exportStar(require("./invitations/index"), exports);
|
|
57
57
|
__exportStar(require("./user-internal/index"), exports);
|
|
58
58
|
__exportStar(require("./user-external/index"), exports);
|
|
59
|
+
__exportStar(require("./user-api-key/index"), exports);
|
|
59
60
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,+CAA+C;AAC/C,8FAAwF;AAgCpF,yGAhCI,oDAAwB,OAgCJ;AA/B5B,oFAA6E;AA6BzE,qGA7BI,6CAAoB,OA6BJ;AA5BxB,2FAAmF;AAiB/E,sGAjBI,gDAAqB,OAiBJ;AAhBzB,mDAA+C;AA4B3C,gGA5BI,gCAAe,OA4BJ;AA3BnB,iGAA4F;AAsBxF,8GAtBI,6DAA6B,OAsBJ;AArBjC,qFAAgF;AAa5E,yGAbI,mDAAwB,OAaJ;AAZ5B,yFAAmF;AAiBrD,+FAjBtB,gDAAsB,OAiBc;AAhB5C,mHAA8G;AAiBlE,6GAjBpC,2EAAoC,OAiB4B;AAhBxE,mFAA6E;AAmBzE,qGAnBI,4CAAoB,OAmBJ;AAlBxB,6GAAwG;AAmBpG,mHAnBI,uEAAkC,OAmBJ;AAlBtC,mFAAyE;AAerE,gGAfI,sCAAe,OAeJ;AAdnB,gEAAsD;AASlD,2FATI,4BAAU,OASJ;AARd,sDAAiD;AAU7C,2FAVI,uBAAU,OAUJ;AATd,6FAAsF;AAgBlF,qGAhBI,6CAAoB,OAgBJ;AAfxB,uEAAiE;AAO7D,iGAPI,oCAAgB,OAOJ;AANpB,8EAAyE;AAkBrE,kGAlBI,qCAAiB,OAkBJ;AAGrB,wDAAsC;AACtC,mEAAiD;AACjD,qEAAmD;AACnD,uDAAqC;AACrC,gDAA8B;AAC9B,sDAAoC;AACpC,wDAAsC;AACtC,wDAAsC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,+CAA+C;AAC/C,8FAAwF;AAgCpF,yGAhCI,oDAAwB,OAgCJ;AA/B5B,oFAA6E;AA6BzE,qGA7BI,6CAAoB,OA6BJ;AA5BxB,2FAAmF;AAiB/E,sGAjBI,gDAAqB,OAiBJ;AAhBzB,mDAA+C;AA4B3C,gGA5BI,gCAAe,OA4BJ;AA3BnB,iGAA4F;AAsBxF,8GAtBI,6DAA6B,OAsBJ;AArBjC,qFAAgF;AAa5E,yGAbI,mDAAwB,OAaJ;AAZ5B,yFAAmF;AAiBrD,+FAjBtB,gDAAsB,OAiBc;AAhB5C,mHAA8G;AAiBlE,6GAjBpC,2EAAoC,OAiB4B;AAhBxE,mFAA6E;AAmBzE,qGAnBI,4CAAoB,OAmBJ;AAlBxB,6GAAwG;AAmBpG,mHAnBI,uEAAkC,OAmBJ;AAlBtC,mFAAyE;AAerE,gGAfI,sCAAe,OAeJ;AAdnB,gEAAsD;AASlD,2FATI,4BAAU,OASJ;AARd,sDAAiD;AAU7C,2FAVI,uBAAU,OAUJ;AATd,6FAAsF;AAgBlF,qGAhBI,6CAAoB,OAgBJ;AAfxB,uEAAiE;AAO7D,iGAPI,oCAAgB,OAOJ;AANpB,8EAAyE;AAkBrE,kGAlBI,qCAAiB,OAkBJ;AAGrB,wDAAsC;AACtC,mEAAiD;AACjD,qEAAmD;AACnD,uDAAqC;AACrC,gDAA8B;AAC9B,sDAAoC;AACpC,wDAAsC;AACtC,wDAAsC;AACtC,uDAAqC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { OrganisationMembership } from "../../organisation-memberships/entities/organisation-membership.entity";
|
|
2
2
|
export declare class Invitation {
|
|
3
3
|
id: number;
|
|
4
4
|
uuid: string;
|
|
@@ -7,8 +7,8 @@ export declare class Invitation {
|
|
|
7
7
|
notificationSent: Date;
|
|
8
8
|
expiresOn: Date;
|
|
9
9
|
acceptedOn?: Date;
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
organisationMembership: OrganisationMembership;
|
|
11
|
+
organisationMembershipId: number;
|
|
12
12
|
createdDate: Date;
|
|
13
13
|
updateDate: Date;
|
|
14
14
|
deletedDate?: Date;
|
|
@@ -11,8 +11,9 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.Invitation = void 0;
|
|
13
13
|
const swagger_1 = require("@nestjs/swagger");
|
|
14
|
+
const class_transformer_1 = require("class-transformer");
|
|
14
15
|
const typeorm_1 = require("typeorm");
|
|
15
|
-
const
|
|
16
|
+
const organisation_membership_entity_1 = require("../../organisation-memberships/entities/organisation-membership.entity");
|
|
16
17
|
let Invitation = class Invitation {
|
|
17
18
|
id;
|
|
18
19
|
uuid;
|
|
@@ -21,8 +22,8 @@ let Invitation = class Invitation {
|
|
|
21
22
|
notificationSent;
|
|
22
23
|
expiresOn;
|
|
23
24
|
acceptedOn;
|
|
24
|
-
|
|
25
|
-
|
|
25
|
+
organisationMembership;
|
|
26
|
+
organisationMembershipId;
|
|
26
27
|
createdDate;
|
|
27
28
|
updateDate;
|
|
28
29
|
deletedDate;
|
|
@@ -68,14 +69,15 @@ __decorate([
|
|
|
68
69
|
], Invitation.prototype, "acceptedOn", void 0);
|
|
69
70
|
__decorate([
|
|
70
71
|
(0, swagger_1.ApiProperty)(),
|
|
71
|
-
(0,
|
|
72
|
-
|
|
73
|
-
|
|
72
|
+
(0, class_transformer_1.Type)(() => organisation_membership_entity_1.OrganisationMembership),
|
|
73
|
+
(0, typeorm_1.OneToOne)(() => organisation_membership_entity_1.OrganisationMembership, { eager: true }),
|
|
74
|
+
__metadata("design:type", organisation_membership_entity_1.OrganisationMembership)
|
|
75
|
+
], Invitation.prototype, "organisationMembership", void 0);
|
|
74
76
|
__decorate([
|
|
75
77
|
(0, swagger_1.ApiProperty)(),
|
|
76
|
-
(0, typeorm_1.RelationId)((invitation) => invitation.
|
|
77
|
-
__metadata("design:type",
|
|
78
|
-
], Invitation.prototype, "
|
|
78
|
+
(0, typeorm_1.RelationId)((invitation) => invitation.organisationMembership),
|
|
79
|
+
__metadata("design:type", Number)
|
|
80
|
+
], Invitation.prototype, "organisationMembershipId", void 0);
|
|
79
81
|
__decorate([
|
|
80
82
|
(0, typeorm_1.CreateDateColumn)(),
|
|
81
83
|
(0, swagger_1.ApiProperty)(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invitation.entity.js","sourceRoot":"","sources":["../../../src/invitations/entities/invitation.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAiE;
|
|
1
|
+
{"version":3,"file":"invitation.entity.js","sourceRoot":"","sources":["../../../src/invitations/entities/invitation.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAiE;AACjE,yDAAuC;AAEvC,qCAUiB;AACjB,2HAA8G;AAGvG,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGnB,EAAE,CAAU;IAQL,IAAI,CAAU;IAIrB,SAAS,CAAU;IAInB,YAAY,CAAU;IAItB,gBAAgB,CAAQ;IAIxB,SAAS,CAAQ;IAIjB,UAAU,CAAQ;IAKlB,sBAAsB,CAA0B;IAIhD,wBAAwB,CAAU;IAIlC,WAAW,CAAQ;IAInB,UAAU,CAAQ;IAIlB,WAAW,CAAQ;CACtB,CAAA;AApDG;IAAC,IAAA,gCAAsB,GAAE;IACxB,IAAA,qBAAW,GAAE;;sCACF;AAEZ;IAAC,IAAA,gBAAM,EAAC,MAAM,EAAE;QACZ,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,GAAG,EAAE,CAAC,oBAAoB;KACtC,CAAC;IACD,IAAA,mBAAS,EAAC,MAAM,CAAC;IACjB,IAAA,qBAAW,GAAE;;wCACO;AAErB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;;6CACK;AAEnB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;;gDACQ;AAEtB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;8BACK,IAAI;oDAAC;AAExB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;8BACF,IAAI;6CAAC;AAEjB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,6BAAmB,GAAE;8BACT,IAAI;8CAAC;AAElB;IAAC,IAAA,qBAAW,GAAE;IACb,IAAA,wBAAI,EAAC,GAAG,EAAE,CAAC,uDAAsB,CAAC;IAClC,IAAA,kBAAQ,EAAC,GAAG,EAAE,CAAC,uDAAsB,EAAE,EAAC,KAAK,EAAE,IAAI,EAAC,CAAC;8BAC7B,uDAAsB;0DAAC;AAEhD;IAAC,IAAA,qBAAW,GAAE;IACb,IAAA,oBAAU,EAAC,CAAC,UAAsB,EAAE,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC;;4DACxC;AAElC;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,qBAAW,GAAE;8BACA,IAAI;+CAAC;AAEnB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,qBAAW,GAAE;8BACD,IAAI;8CAAC;AAElB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,6BAAmB,GAAE;8BACR,IAAI;+CAAC;AApDV,UAAU;IADtB,IAAA,gBAAM,GAAE;GACI,UAAU,CAqDtB;AArDY,gCAAU"}
|
|
@@ -20,14 +20,15 @@ const organisation_module_1 = require("../organisation/organisation.module");
|
|
|
20
20
|
const config_1 = require("@nestjs/config");
|
|
21
21
|
const InvitationConfigurationVariables_1 = __importDefault(require("./InvitationConfigurationVariables"));
|
|
22
22
|
const InvitationConfigurationService_1 = require("./InvitationConfigurationService");
|
|
23
|
-
const
|
|
23
|
+
const organisation_membership_entity_1 = require("../organisation-memberships/entities/organisation-membership.entity");
|
|
24
|
+
const user_internal_1 = require("../user-internal");
|
|
24
25
|
let InvitationModule = class InvitationModule {
|
|
25
26
|
};
|
|
26
27
|
InvitationModule = __decorate([
|
|
27
28
|
(0, common_1.Module)({
|
|
28
29
|
imports: [
|
|
29
30
|
config_1.ConfigModule.forFeature(InvitationConfigurationVariables_1.default),
|
|
30
|
-
typeorm_1.TypeOrmModule.forFeature([invitation_entity_1.Invitation,
|
|
31
|
+
typeorm_1.TypeOrmModule.forFeature([invitation_entity_1.Invitation, organisation_membership_entity_1.OrganisationMembership, user_internal_1.User]),
|
|
31
32
|
smtp_email_client_module_1.SmtpEmailClientModule,
|
|
32
33
|
organisation_module_1.OrganisationModule,
|
|
33
34
|
],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invitation.module.js","sourceRoot":"","sources":["../../src/invitations/invitation.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsC;AACtC,6CAA8C;AAC9C,oEAAwD;AACxD,mEAA6D;AAC7D,6DAAuD;AACvD,4FAAoF;AACpF,6EAAuE;AACvE,2CAA4C;AAC5C,0GAAiE;AACjE,qFAAiF;AACjF,
|
|
1
|
+
{"version":3,"file":"invitation.module.js","sourceRoot":"","sources":["../../src/invitations/invitation.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsC;AACtC,6CAA8C;AAC9C,oEAAwD;AACxD,mEAA6D;AAC7D,6DAAuD;AACvD,4FAAoF;AACpF,6EAAuE;AACvE,2CAA4C;AAC5C,0GAAiE;AACjE,qFAAiF;AACjF,wHAA2G;AAC3G,oDAAsC;AAa/B,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;CAAG,CAAA;AAAnB,gBAAgB;IAX5B,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE;YACL,qBAAY,CAAC,UAAU,CAAC,0CAAe,CAAC;YACxC,uBAAa,CAAC,UAAU,CAAC,CAAC,8BAAU,EAAE,uDAAsB,EAAE,oBAAI,CAAC,CAAC;YACpE,gDAAqB;YACrB,wCAAkB;SACrB;QACD,WAAW,EAAE,CAAC,4CAAoB,CAAC;QACnC,SAAS,EAAE,CAAC,sCAAiB,EAAE,gEAA+B,CAAC;QAC/D,OAAO,EAAE,CAAC,sCAAiB,CAAC;KAC/B,CAAC;GACW,gBAAgB,CAAG;AAAnB,4CAAgB"}
|
|
@@ -2,15 +2,21 @@ import { Repository } from "typeorm";
|
|
|
2
2
|
import { CreateInvitationDto } from "./dto/create-invitation.dto";
|
|
3
3
|
import { Invitation } from "./entities/invitation.entity";
|
|
4
4
|
import { SmtpEmailClient } from "../smtp-email-client/email-client.service";
|
|
5
|
-
import { Organisation } from "../organisation/entities/organisation.entity";
|
|
6
5
|
import { InvitationsConfigurationService } from "./InvitationConfigurationService";
|
|
7
6
|
import { RequestUser } from "../authz/RequestWithUser";
|
|
7
|
+
import { OrganisationMembership } from "../organisation-memberships/entities/organisation-membership.entity";
|
|
8
|
+
import { User } from "../user-internal";
|
|
8
9
|
export declare class InvitationService {
|
|
9
10
|
private invitationRepository;
|
|
10
|
-
private
|
|
11
|
+
private orgMembershipRepository;
|
|
12
|
+
private userRepository;
|
|
11
13
|
private readonly emailClient;
|
|
12
14
|
private readonly configService;
|
|
13
|
-
|
|
15
|
+
private readonly logger;
|
|
16
|
+
constructor(invitationRepository: Repository<Invitation>, orgMembershipRepository: Repository<OrganisationMembership>, userRepository: Repository<User>, emailClient: SmtpEmailClient, configService: InvitationsConfigurationService);
|
|
17
|
+
getOneActiveInvitation(invitationCode: string): Promise<Invitation | null>;
|
|
18
|
+
acceptInvitation(invitationId: number): Promise<void>;
|
|
14
19
|
create(createDto: CreateInvitationDto, createdBy: RequestUser): Promise<Invitation>;
|
|
20
|
+
private canManageInvitationsForThisOrg;
|
|
15
21
|
remove(uuid: string, currentUserId: number): Promise<Invitation>;
|
|
16
22
|
}
|