@drax/identity-back 0.11.3 → 0.11.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controllers/UserApiKeyController.js +5 -2
- package/dist/graphql/types/userApiKey.graphql +1 -0
- package/dist/models/UserApiKeyModel.js +5 -0
- package/dist/permissions/UserApiKeyPermissions.js +2 -1
- package/dist/repository/mongo/UserApiKeyMongoRepository.js +5 -2
- package/dist/repository/sqlite/UserApiKeySqliteRepository.js +2 -0
- package/package.json +5 -5
- package/src/controllers/UserApiKeyController.ts +7 -2
- package/src/graphql/types/userApiKey.graphql +1 -0
- package/src/models/UserApiKeyModel.ts +5 -0
- package/src/permissions/UserApiKeyPermissions.ts +2 -1
- package/src/repository/mongo/UserApiKeyMongoRepository.ts +5 -2
- package/src/repository/sqlite/UserApiKeySqliteRepository.ts +2 -0
- package/tsconfig.tsbuildinfo +1 -1
- package/types/controllers/UserApiKeyController.d.ts.map +1 -1
- package/types/models/UserApiKeyModel.d.ts.map +1 -1
- package/types/permissions/UserApiKeyPermissions.d.ts +2 -1
- package/types/permissions/UserApiKeyPermissions.d.ts.map +1 -1
- package/types/permissions/index.d.ts +1 -0
- package/types/permissions/index.d.ts.map +1 -1
- package/types/repository/mongo/UserApiKeyMongoRepository.d.ts.map +1 -1
- package/types/repository/sqlite/UserApiKeySqliteRepository.d.ts.map +1 -1
|
@@ -44,9 +44,12 @@ class UserApiKeyController extends AbstractFastifyController {
|
|
|
44
44
|
}
|
|
45
45
|
async create(request, reply) {
|
|
46
46
|
try {
|
|
47
|
-
request.rbac.
|
|
47
|
+
request.rbac.assertOrPermissions([UserApiKeyPermissions.Create, UserApiKeyPermissions.CreateMy]);
|
|
48
48
|
const payload = request.body;
|
|
49
|
-
|
|
49
|
+
if (!request.rbac.hasPermission(UserApiKeyPermissions.Create) || !payload.user) {
|
|
50
|
+
payload.user = request.rbac.authUser.id;
|
|
51
|
+
}
|
|
52
|
+
payload.createdBy = request.rbac.authUser.id;
|
|
50
53
|
const userApiKeyService = UserApiKeyServiceFactory();
|
|
51
54
|
let userApiKey = await userApiKeyService.create(payload);
|
|
52
55
|
return userApiKey;
|
|
@@ -32,6 +32,11 @@ const UserApiKeySchema = new mongoose.Schema({
|
|
|
32
32
|
required: false,
|
|
33
33
|
index: false,
|
|
34
34
|
}],
|
|
35
|
+
createdBy: {
|
|
36
|
+
type: mongoose.Schema.Types.ObjectId,
|
|
37
|
+
ref: 'User',
|
|
38
|
+
required: true,
|
|
39
|
+
},
|
|
35
40
|
}, { timestamps: true });
|
|
36
41
|
UserApiKeySchema.set('toJSON', { getters: true });
|
|
37
42
|
UserApiKeySchema.plugin(uniqueValidator, { message: 'validation.unique' });
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
var UserApiKeyPermissions;
|
|
2
2
|
(function (UserApiKeyPermissions) {
|
|
3
3
|
UserApiKeyPermissions["Create"] = "userApiKey:create";
|
|
4
|
+
UserApiKeyPermissions["CreateMy"] = "userApiKey:createMy";
|
|
4
5
|
UserApiKeyPermissions["Update"] = "userApiKey:update";
|
|
5
6
|
UserApiKeyPermissions["Delete"] = "userApiKey:delete";
|
|
6
7
|
UserApiKeyPermissions["View"] = "userApiKey:view";
|
|
7
|
-
UserApiKeyPermissions["ViewMy"] = "userApiKey:
|
|
8
|
+
UserApiKeyPermissions["ViewMy"] = "userApiKey:viewMy";
|
|
8
9
|
UserApiKeyPermissions["Manage"] = "userApiKey:manage";
|
|
9
10
|
})(UserApiKeyPermissions || (UserApiKeyPermissions = {}));
|
|
10
11
|
export default UserApiKeyPermissions;
|
|
@@ -8,7 +8,10 @@ class UserApiKeyMongoRepository {
|
|
|
8
8
|
try {
|
|
9
9
|
const userApiKey = new UserApiKeyModel(data);
|
|
10
10
|
await userApiKey.save();
|
|
11
|
-
await userApiKey.populate(
|
|
11
|
+
await userApiKey.populate([
|
|
12
|
+
{ path: 'user', populate: { path: 'tenant role' } },
|
|
13
|
+
{ path: 'createdBy', populate: { path: 'tenant role' } },
|
|
14
|
+
]);
|
|
12
15
|
return userApiKey;
|
|
13
16
|
}
|
|
14
17
|
catch (e) {
|
|
@@ -58,7 +61,7 @@ class UserApiKeyMongoRepository {
|
|
|
58
61
|
}
|
|
59
62
|
MongooseQueryFilter.applyFilters(query, filters);
|
|
60
63
|
const sort = MongooseSort.applySort(orderBy, order);
|
|
61
|
-
const options = { populate: ['user', 'user.tenant', 'user.role'], page, limit, sort };
|
|
64
|
+
const options = { populate: ['user', 'user.tenant', 'user.role', 'createdBy'], page, limit, sort };
|
|
62
65
|
const userApiKeyPaginated = await UserApiKeyModel.paginate(query, options);
|
|
63
66
|
return {
|
|
64
67
|
page: page,
|
|
@@ -8,6 +8,7 @@ const tableFields = [
|
|
|
8
8
|
{ name: "user", type: "TEXT", unique: false, primary: false },
|
|
9
9
|
{ name: "ipv4", type: "TEXT", unique: false, primary: false },
|
|
10
10
|
{ name: "ipv6", type: "TEXT", unique: false, primary: false },
|
|
11
|
+
{ name: "createdBy", type: "TEXT", unique: false, primary: false },
|
|
11
12
|
{ name: "createdAt", type: "TEXT", unique: false, primary: false }
|
|
12
13
|
];
|
|
13
14
|
class UserApiKeySqliteRepository {
|
|
@@ -123,6 +124,7 @@ class UserApiKeySqliteRepository {
|
|
|
123
124
|
userApiKey.ipv4 = userApiKey.ipv4 != "" ? userApiKey.ipv4.split(',') : [];
|
|
124
125
|
userApiKey.ipv6 = userApiKey.ipv6 != "" ? userApiKey.ipv6.split(',') : [];
|
|
125
126
|
userApiKey.user = await this.findUserById(userApiKey.user);
|
|
127
|
+
userApiKey.createdBy = await this.findUserById(userApiKey.createdBy);
|
|
126
128
|
}
|
|
127
129
|
return {
|
|
128
130
|
page: page,
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "0.11.
|
|
6
|
+
"version": "0.11.5",
|
|
7
7
|
"description": "Identity module for user management, authentication and authorization.",
|
|
8
8
|
"main": "dist/index.js",
|
|
9
9
|
"types": "types/index.d.ts",
|
|
@@ -29,10 +29,10 @@
|
|
|
29
29
|
"license": "ISC",
|
|
30
30
|
"dependencies": {
|
|
31
31
|
"@drax/common-back": "^0.11.3",
|
|
32
|
-
"@drax/crud-back": "^0.11.
|
|
33
|
-
"@drax/crud-share": "^0.11.
|
|
32
|
+
"@drax/crud-back": "^0.11.5",
|
|
33
|
+
"@drax/crud-share": "^0.11.5",
|
|
34
34
|
"@drax/email-back": "^0.11.3",
|
|
35
|
-
"@drax/identity-share": "^0.11.
|
|
35
|
+
"@drax/identity-share": "^0.11.5",
|
|
36
36
|
"bcryptjs": "^2.4.3",
|
|
37
37
|
"express-jwt": "^8.4.1",
|
|
38
38
|
"graphql": "^16.8.2",
|
|
@@ -63,5 +63,5 @@
|
|
|
63
63
|
"debug": "0"
|
|
64
64
|
}
|
|
65
65
|
},
|
|
66
|
-
"gitHead": "
|
|
66
|
+
"gitHead": "e67f10f0af29468c9d30f16135cfdbdff166d916"
|
|
67
67
|
}
|
|
@@ -58,9 +58,14 @@ class UserApiKeyController extends AbstractFastifyController<IUserApiKey, IUserA
|
|
|
58
58
|
|
|
59
59
|
async create(request, reply) {
|
|
60
60
|
try {
|
|
61
|
-
request.rbac.
|
|
61
|
+
request.rbac.assertOrPermissions([UserApiKeyPermissions.Create, UserApiKeyPermissions.CreateMy])
|
|
62
62
|
const payload = request.body
|
|
63
|
-
|
|
63
|
+
|
|
64
|
+
if(!request.rbac.hasPermission(UserApiKeyPermissions.Create) || !payload.user){
|
|
65
|
+
payload.user = request.rbac.authUser.id
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
payload.createdBy = request.rbac.authUser.id
|
|
64
69
|
|
|
65
70
|
const userApiKeyService = UserApiKeyServiceFactory()
|
|
66
71
|
|
|
@@ -35,6 +35,11 @@ const UserApiKeySchema = new mongoose.Schema<IUserApiKey>({
|
|
|
35
35
|
required: false,
|
|
36
36
|
index: false,
|
|
37
37
|
}],
|
|
38
|
+
createdBy: {
|
|
39
|
+
type: mongoose.Schema.Types.ObjectId,
|
|
40
|
+
ref: 'User',
|
|
41
|
+
required: true,
|
|
42
|
+
},
|
|
38
43
|
}, {timestamps: true});
|
|
39
44
|
|
|
40
45
|
UserApiKeySchema.set('toJSON', {getters: true});
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
enum UserApiKeyPermissions {
|
|
2
2
|
Create = "userApiKey:create",
|
|
3
|
+
CreateMy = "userApiKey:createMy",
|
|
3
4
|
Update = "userApiKey:update",
|
|
4
5
|
Delete = "userApiKey:delete",
|
|
5
6
|
View = "userApiKey:view",
|
|
6
|
-
ViewMy = "userApiKey:
|
|
7
|
+
ViewMy = "userApiKey:viewMy",
|
|
7
8
|
Manage = "userApiKey:manage",
|
|
8
9
|
|
|
9
10
|
}
|
|
@@ -22,7 +22,10 @@ class UserApiKeyMongoRepository implements IUserApiKeyRepository {
|
|
|
22
22
|
|
|
23
23
|
const userApiKey: mongoose.HydratedDocument<IUserApiKey> = new UserApiKeyModel(data)
|
|
24
24
|
await userApiKey.save()
|
|
25
|
-
await userApiKey.populate(
|
|
25
|
+
await userApiKey.populate([
|
|
26
|
+
{path: 'user', populate: {path: 'tenant role'} },
|
|
27
|
+
{path: 'createdBy', populate: {path: 'tenant role'} },
|
|
28
|
+
])
|
|
26
29
|
return userApiKey
|
|
27
30
|
} catch (e) {
|
|
28
31
|
if (e instanceof mongoose.Error.ValidationError) {
|
|
@@ -88,7 +91,7 @@ class UserApiKeyMongoRepository implements IUserApiKeyRepository {
|
|
|
88
91
|
|
|
89
92
|
const sort = MongooseSort.applySort(orderBy, order)
|
|
90
93
|
|
|
91
|
-
const options = {populate: ['user', 'user.tenant', 'user.role'], page, limit, sort}
|
|
94
|
+
const options = {populate: ['user', 'user.tenant', 'user.role', 'createdBy'], page, limit, sort}
|
|
92
95
|
|
|
93
96
|
const userApiKeyPaginated: PaginateResult<IUserApiKey> = await UserApiKeyModel.paginate(query, options)
|
|
94
97
|
return {
|
|
@@ -15,6 +15,7 @@ const tableFields: SqliteTableField[] = [
|
|
|
15
15
|
{name: "user", type: "TEXT", unique: false, primary: false},
|
|
16
16
|
{name: "ipv4", type: "TEXT", unique: false, primary: false},
|
|
17
17
|
{name: "ipv6", type: "TEXT", unique: false, primary: false},
|
|
18
|
+
{name: "createdBy", type: "TEXT", unique: false, primary: false},
|
|
18
19
|
{name: "createdAt", type: "TEXT", unique: false, primary: false}
|
|
19
20
|
]
|
|
20
21
|
|
|
@@ -170,6 +171,7 @@ class UserApiKeySqliteRepository implements IUserApiKeyRepository {
|
|
|
170
171
|
userApiKey.ipv4 = userApiKey.ipv4 != "" ? userApiKey.ipv4.split(',') : []
|
|
171
172
|
userApiKey.ipv6 = userApiKey.ipv6 != "" ? userApiKey.ipv6.split(',') : []
|
|
172
173
|
userApiKey.user = await this.findUserById(userApiKey.user)
|
|
174
|
+
userApiKey.createdBy = await this.findUserById(userApiKey.createdBy)
|
|
173
175
|
}
|
|
174
176
|
|
|
175
177
|
return {
|