@drax/identity-back 0.0.15 → 0.0.16

package/src/repository/sqlite/TenantSqliteRepository.ts

@@ -0,0 +1,139 @@
+import {ITenant} from '../../interfaces/ITenant'
+import {ITenantRepository} from '../../interfaces/ITenantRepository'
+import {UUID} from "crypto";
+import sqlite from "better-sqlite3";
+import {randomUUID} from "node:crypto";
+import {IPaginateFilter, IPaginateResult, ValidationError} from "@drax/common-back";
+import {SqliteErrorToValidationError} from "@drax/common-back";
+import {IID} from "../../interfaces/IID";
+
+const tenantTableSQL: string = `
+    CREATE TABLE IF NOT EXISTS tenants
+    (
+        id TEXT PRIMARY KEY,
+        name TEXT
+    );
+`;
+
+class TenantSqliteRepository implements ITenantRepository{
+
+    private db: any;
+
+    constructor(DATABASE:string, verbose:boolean = false) {
+        this.db = new sqlite(DATABASE, {verbose: verbose ? console.log : null});
+        this.table()
+    }
+
+    table() {
+        this.db.exec(tenantTableSQL);
+    }
+
+
+
+    async create(tenantData: ITenant): Promise<ITenant> {
+        try{
+
+            if(!tenantData.id){
+                tenantData.id = randomUUID()
+            }
+
+
+            const fields = Object.keys(tenantData)
+                .map(field => `${field}`)
+                .join(', ');
+
+            const values = Object.keys(tenantData)
+                .map(field => `@${field}`)
+                .join(', ');
+
+        const stmt = this.db.prepare(`INSERT INTO tenants (${fields}) VALUES (${values})`);
+        stmt.run(tenantData)
+        return this.findById(tenantData.id as UUID)
+        }catch (e){
+            console.log(e)
+            throw SqliteErrorToValidationError(e, tenantData)
+        }
+    }
+
+    async findById(id: IID): Promise<ITenant | null>{
+        const tenant = this.db.prepare('SELECT * FROM tenants WHERE id = ?').get(id);
+        if(tenant){
+            tenant.permissions = tenant.permissions ? tenant.permissions.split(",") : []
+            return tenant
+        }
+        return undefined
+    }
+
+    async findByName(name: string): Promise<ITenant | null>{
+        const tenant = this.db.prepare('SELECT * FROM tenants WHERE name = ?').get(name);
+        if(tenant){
+            tenant.permissions = tenant.permissions ? tenant.permissions.split(",") : []
+            return tenant
+        }
+        return undefined
+    }
+
+    async update(id: IID, tenantData: ITenant): Promise<ITenant> {
+        try{
+            const setClauses = Object.keys(tenantData)
+                .map(field => `${field} = @${field}`)
+                .join(', ');
+            tenantData.id = id
+            const stmt = this.db.prepare( `UPDATE tenants SET ${setClauses} WHERE id = @id `);
+            stmt.run(tenantData);
+            return this.findById(id)
+        }catch (e){
+            console.log(e)
+            throw SqliteErrorToValidationError(e, tenantData)
+        }
+
+    }
+
+    async delete(id: IID): Promise<boolean> {
+        const stmt = this.db.prepare('DELETE FROM tenants WHERE id = ?');
+        stmt.run(id);
+        return true
+    }
+
+    async deleteAll(): Promise<boolean> {
+        const stmt = this.db.prepare('DELETE FROM tenants');
+        stmt.run();
+        return true
+    }
+
+    async fetchAll(): Promise<ITenant[]>{
+        const tenants = this.db.prepare('SELECT * FROM tenants').all();
+        for (const tenant of tenants) {
+            tenant.permissions = tenant.permissions? tenant.permissions.split(",") : []
+        }
+        return tenants
+    }
+
+    async paginate(page = 1, limit = 5, search=""): Promise<IPaginateResult>{
+        const offset = page > 1 ? (page - 1) * limit : 0
+
+        let where=""
+        if (search) {
+            where = ` WHERE name LIKE '%${search}%'`
+        }
+
+        const rCount = this.db.prepare('SELECT COUNT(*) as count FROM tenants'+where).get();
+        const tenants = this.db.prepare('SELECT * FROM tenants LIMIT ? OFFSET ?'+where).all([limit, offset]);
+
+        for (const tenant of tenants) {
+            tenant.permissions = tenant.permissions? tenant.permissions.split(",") : []
+        }
+
+
+        return {
+            page: page,
+            limit: limit,
+            total: rCount.count,
+            items: tenants
+        }
+    }
+
+
+}
+
+export default TenantSqliteRepository

package/src/repository/sqlite/UserSqliteRepository.ts

@@ -3,50 +3,40 @@ import sqlite from "better-sqlite3";
 import {randomUUID} from "node:crypto";
 import {UUID} from "crypto";
 import {IUserRepository} from "../../interfaces/IUserRepository";
-import type {IPaginateResult} from "@drax/common-back";
-import {mongoose, SqliteErrorToValidationError, ValidationError} from "@drax/common-back";
+import type {IPaginateFilter, IPaginateResult} from "@drax/common-back";
+import { SqliteErrorToValidationError, ValidationError} from "@drax/common-back";
 import RoleSqliteRepository from "./RoleSqliteRepository.js";
+import TenantSqliteRepository from "./TenantSqliteRepository.js";
 import {IID} from "../../interfaces/IID";
 
 
 const userTableSQL: string = `
     CREATE TABLE IF NOT EXISTS users
     (
-        id
-        TEXT
-        PRIMARY
-        KEY,
-        name
-        TEXT,
-        username
-        TEXT
-        UNIQUE,
-        active
-        INTEGER,
-        password
-        TEXT,
-        email
-        TEXT
-        UNIQUE,
-        phone
-        TEXT,
-        role
-        TEXT,
-        groups
-        TEXT,
-        avatar
-        TEXT
+        id TEXT PRIMARY KEY,
+        name TEXT,
+        username TEXT UNIQUE,
+        active INTEGER,
+        password TEXT,
+        email TEXT UNIQUE,
+        phone TEXT,
+        role TEXT,
+        tenant TEXT,
+        groups TEXT,
+        avatar TEXT
     );
 `;
 
 class UserSqliteRepository implements IUserRepository {
     private db: any;
     private roleRepository: RoleSqliteRepository;
+    private tenantRepository: TenantSqliteRepository;
 
     constructor(DATABASE: string, verbose: boolean = false) {
         this.db = new sqlite(DATABASE, {verbose: verbose ? console.log : null});
         this.roleRepository = new RoleSqliteRepository(DATABASE, verbose)
-
+        this.tenantRepository = new TenantSqliteRepository(DATABASE, verbose)
+        this.table()
     }
 
     table() {
@@ -81,10 +71,6 @@ class UserSqliteRepository implements IUserRepository {
                 .map(field => `@${field}`)
                 .join(', ');
 
-            /*console.log("fields", fields)
-            console.log("values",values)
-            console.log("userData",userData)*/
-
             const stmt = this.db.prepare(`INSERT INTO users (${fields})
                                           VALUES (${values})`);
             stmt.run(userData)
@@ -135,6 +121,7 @@ class UserSqliteRepository implements IUserRepository {
             return null
         }
         user.role = await this.findRoleById(user.role)
+        user.tenant = await this.findTenantById(user.tenant)
         return user
     }
 
@@ -144,28 +131,49 @@ class UserSqliteRepository implements IUserRepository {
             return null
         }
         user.role = await this.findRoleById(user.role)
+        user.tenant = await this.findTenantById(user.tenant)
         return user
     }
 
-    async paginate(page: number = 1, limit: number = 5, search?: string): Promise<IPaginateResult> {
+    async paginate(page: number = 1, limit: number = 5, search: string = "", filters:IPaginateFilter[] = []): Promise<IPaginateResult> {
 
         const offset = page > 1 ? (page - 1) * limit : 0
 
-        let where
+        let where=""
         if (search) {
-            where = ` WHERE name LIKE '%${search}%' OR username LIKE '%${search}%'`
+            where = ` WHERE (name LIKE '%${search}%' OR username LIKE '%${search}%') `
+        }
+
+        let whereFilters= []
+        if(filters && filters.length > 0 ){
+            where = where ? ` AND ` : ` WHERE `
+            for(const filter of filters){
+                if(filter.operator === '$eq'){
+                    whereFilters.push(` ${filter.field} = '${filter.value}' `)
+                }
+                if(filter.operator === '$ne'){
+                    whereFilters.push(` ${filter.field} != '${filter.value}' `)
+                }
+                if(filter.operator === '$in'){
+                    whereFilters.push(` ${filter.field} LIKE '%${filter.value}%' `)
+                }
+            }
+            where += whereFilters.join(" AND ")
         }
 
+       // console.log("paginate where ", where, "search", search, "filters", filters, "whereFilters", whereFilters)
+
         const rCount = this.db.prepare('SELECT COUNT(*) as count FROM users' + where).get();
-        const users = this.db.prepare('SELECT * FROM users LIMIT ? OFFSET ?' + where).all([limit, offset]);
+
+        const users = this.db.prepare('SELECT * FROM users'  + where + ' LIMIT ? OFFSET ?').all([limit, offset]);
 
         for (const user of users) {
+
             let role = await this.findRoleById(user.role)
-            if (role) {
-                user.role = role
-            } else {
-                user.role = null
-            }
+            user.role = role ? role : null
+
+            let tenant = await this.findTenantById(user.tenant)
+            user.tenant = tenant ? tenant : null
 
             user.active = user.active === 1
         }
@@ -182,6 +190,10 @@ class UserSqliteRepository implements IUserRepository {
         return await this.roleRepository.findById(id)
     }
 
+    async findTenantById(id: IID) {
+        return await this.tenantRepository.findById(id)
+    }
+
     async changePassword(id: IID, password: string): Promise<boolean> {
         const stmt = this.db.prepare(`UPDATE users
                                       SET password = @password

package/src/routes/RoleRoutes.ts

@@ -75,7 +75,11 @@ async function RoleRoutes(fastify, options) {
             request.rbac.assertPermission(IdentityPermissions.ViewRole)
             const roleService = RoleServiceFactory()
             let roles = await roleService.fetchAll()
-            return roles
+            if(request.rbac.getRole?.childRoles?.length > 0) {
+                return roles.filter(role => request.rbac.getRole.childRoles.some(childRole => childRole.id === role.id));
+            }else{
+                return roles
+            }
         } catch (e) {
             console.error(e)
             if (e instanceof ValidationError) {
@@ -172,6 +176,10 @@ async function RoleRoutes(fastify, options) {
             request.rbac.assertPermission(IdentityPermissions.DeleteRole)
             const id = request.params.id
             const roleService = RoleServiceFactory()
+            const currentRole = await roleService.findById(id)
+            if(currentRole.readonly){
+                throw new UnauthorizedError()
+            }
             let r = await roleService.delete(id)
             return r
         } catch (e) {

package/src/routes/TenantRoutes.ts

@@ -0,0 +1,178 @@
+import {IPaginateResult, ValidationError} from "@drax/common-back";
+import TenantServiceFactory from "../factory/TenantServiceFactory.js";
+import {ITenant} from "../interfaces/ITenant";
+import {IdentityPermissions} from "../permissions/IdentityPermissions.js";
+import {PermissionService} from "../services/PermissionService.js";
+import UnauthorizedError from "../errors/UnauthorizedError.js";
+
+
+
+async function TenantRoutes(fastify, options) {
+
+    fastify.get('/api/tenants/:id', async (request, reply): Promise<ITenant> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.ViewTenant)
+            const id = request.params.id
+            const tenantService = TenantServiceFactory()
+            let tenant = await tenantService.findById(id)
+            return tenant
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    })
+
+    fastify.get('/api/tenants/name/:name', async (request, reply): Promise<ITenant> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.ViewTenant)
+            const name = request.params.name
+            const tenantService = TenantServiceFactory()
+            let tenant = await tenantService.findByName(name)
+            return tenant
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    })
+
+    fastify.get('/api/tenants/all', async (request, reply): Promise<ITenant[]> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.ViewTenant)
+            const tenantService = TenantServiceFactory()
+            let tenants = await tenantService.fetchAll()
+            if(request.rbac.getAuthUser.tenantId){
+                return tenants.filter(t => t.id === request.rbac.getAuthUser.tenantId)
+            }else{
+                return tenants
+            }
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    })
+
+    fastify.get('/api/tenants', async (request, reply): Promise<IPaginateResult> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.ViewTenant)
+            const page = request.query.page
+            const limit = request.query.limit
+            const search = request.query.search
+            const tenantService = TenantServiceFactory()
+            let paginateResult = await tenantService.paginate(page, limit, search)
+            return paginateResult
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    })
+
+    fastify.post('/api/tenants', async (request, reply): Promise<ITenant> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.CreateTenant)
+            const payload = request.body
+            const tenantService = TenantServiceFactory()
+            let tenant = await tenantService.create(payload)
+            return tenant
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+
+    })
+
+    fastify.put('/api/tenants/:id', async (request, reply): Promise<ITenant> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.UpdateTenant)
+            const id = request.params.id
+            const payload = request.body
+            const tenantService = TenantServiceFactory()
+
+            let tenant = await tenantService.update(id, payload)
+            return tenant
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+
+    })
+
+    fastify.delete('/api/tenants/:id', async (request, reply): Promise<any> => {
+        try {
+            request.rbac.assertPermission(IdentityPermissions.DeleteTenant)
+            const id = request.params.id
+            const tenantService = TenantServiceFactory()
+            let r = await tenantService.delete(id)
+            return r
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    })
+
+}
+
+export default TenantRoutes;
+export {TenantRoutes}

package/src/routes/UserRoutes.ts

@@ -61,9 +61,14 @@ async function UserRoutes(fastify, options) {
             const limit = request.query.limit
             const search = request.query.search
             const userService = UserServiceFactory()
-            let paginateResult = await userService.paginate(page, limit, search)
+            const filters = []
+            if(request.rbac.getAuthUser.tenantId){
+                filters.push({field: 'tenant', operator: '$eq', value: request.rbac.getAuthUser.tenantId})
+            }
+            let paginateResult = await userService.paginate(page, limit, search, filters)
             return paginateResult
         } catch (e) {
+            console.log("/api/users",e)
             if (e instanceof ValidationError) {
                 reply.statusCode = e.statusCode
                 reply.send({error: e.message, inputErrors: e.errors})

package/src/services/RoleService.ts

@@ -43,10 +43,7 @@ class RoleService {
     }
 
     async delete(id: any): Promise<boolean> {
-        const currentRole = await this.findById(id)
-        if(currentRole.readonly){
-            throw new UnauthorizedError()
-        }
+
         const deletedRole = await this._repository.delete(id);
         return deletedRole;
     }

package/src/services/TenantService.ts

@@ -0,0 +1,74 @@
+import {ITenant} from "../interfaces/ITenant";
+import {ITenantRepository} from "../interfaces/ITenantRepository";
+import {IPaginateFilter, IPaginateResult, ValidationError, ZodErrorToValidationError} from "@drax/common-back"
+import {tenantSchema} from "../zod/TenantZod.js";
+import {ZodError} from "zod";
+import UnauthorizedError from "../errors/UnauthorizedError.js";
+
+class TenantService {
+
+    _repository: ITenantRepository
+
+    constructor(tenantRepostitory: ITenantRepository) {
+        this._repository = tenantRepostitory
+        console.log("TenantService constructor")
+    }
+
+    async create(tenantData: ITenant): Promise<ITenant> {
+        try {
+            tenantData.name = tenantData?.name?.trim()
+            await tenantSchema.parseAsync(tenantData)
+            const tenant = await this._repository.create(tenantData)
+            return tenant
+        } catch (e) {
+            if (e instanceof ZodError) {
+                throw ZodErrorToValidationError(e, tenantData)
+            }
+            throw e
+        }
+    }
+
+    async update(id: any, tenantData: ITenant) {
+        try {
+            tenantData.name = tenantData?.name?.trim()
+            await tenantSchema.parseAsync(tenantData)
+            const tenant = await this._repository.update(id, tenantData)
+            return tenant
+        } catch (e) {
+            if (e instanceof ZodError) {
+                throw ZodErrorToValidationError(e, tenantData)
+            }
+            throw e
+        }
+    }
+
+    async delete(id: any): Promise<boolean> {
+        const currentTenant = await this.findById(id)
+        const deletedTenant = await this._repository.delete(id);
+        return deletedTenant;
+    }
+
+    async findById(id: any): Promise<ITenant | null> {
+        const tenant: ITenant = await this._repository.findById(id);
+        return tenant
+    }
+
+    async findByName(name: string): Promise<ITenant | null> {
+        const tenant: ITenant = await this._repository.findByName(name);
+        return tenant
+    }
+
+    async fetchAll(): Promise<ITenant[]> {
+        const tenants: ITenant[] = await this._repository.fetchAll();
+        return tenants
+    }
+
+    async paginate(page: number = 1, limit: number = 5, search?:string, filters ?: IPaginateFilter[]): Promise<IPaginateResult> {
+        const pagination = await this._repository.paginate(page, limit, search, filters);
+        return pagination;
+    }
+
+
+}
+
+export default TenantService

package/src/services/UserService.ts

@@ -23,7 +23,7 @@ class UserService {
         if (user && user.active && AuthUtils.checkPassword(password, user.password)) {
             //TODO: Generar Sesion
             const session = '123'
-            const accessToken = AuthUtils.generateToken(user.id.toString(), user.username, user.role.id, session)
+            const accessToken = AuthUtils.generateToken(user.id.toString(), user.username, user.role.id, user.tenant?.id, session)
             return {accessToken: accessToken}
         }else{
             throw new BadCredentialsError()

package/src/utils/AuthUtils.ts

@@ -30,17 +30,18 @@ class AuthUtils{
         return bcryptjs.compareSync(password, hashPassword);
     }
 
-    static tokenSignPayload(userId : string, username: string, roleId: string, session : string) {
+    static tokenSignPayload(userId : string, username: string, roleId: string, tenantId: string, session : string) {
         return {
             id: userId,
             username: username,
             roleId: roleId,
+            tenantId: tenantId,
             session: session
         };
     }
 
-    static generateToken(userId : string, username: string, roleId: string,  session : string) {
-        const payload = AuthUtils.tokenSignPayload(userId, username, roleId, session)
+    static generateToken(userId : string, username: string, roleId: string,  tenantId: string, session : string) {
+        const payload = AuthUtils.tokenSignPayload(userId, username, roleId, tenantId, session)
 
         const JWT_SECRET = DraxConfig.getOrLoad(IdentityConfig.JwtSecret)
         if(!JWT_SECRET){

package/src/zod/TenantZod.ts

@@ -0,0 +1,14 @@
+import { object, string } from "zod"
+
+const tenantSchema = object({
+    name: string({ required_error: "validation.required" })
+        .min(1, "validation.required")
+        .regex(/^[A-Z]/, "validation.startWithUpperCase"),
+
+
+})
+
+
+export default tenantSchema
+
+export {tenantSchema}