npm - @drax/identity-back - Versions diffs - 0.37.4 → 0.38.0 - Mend

@drax/identity-back 0.37.4 → 0.38.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/index.js +11 -3
package/dist/middleware/apiKeyMiddleware.js +5 -1
package/dist/models/UserLoginFailModel.js +8 -8
package/dist/models/UserSessionModel.js +8 -8
package/dist/rbac/Rbac.js +21 -1
package/dist/schemas/TokenPayloadSchema.js +14 -0
package/dist/services/UserService.js +34 -14
package/dist/utils/AuthUtils.js +14 -28
package/package.json +7 -7
package/src/index.ts +22 -2
package/src/middleware/apiKeyMiddleware.ts +6 -2
package/src/middleware/jwtMiddleware.ts +2 -2
package/src/middleware/rbacMiddleware.ts +6 -6
package/src/models/UserLoginFailModel.ts +8 -8
package/src/models/UserSessionModel.ts +8 -8
package/src/rbac/Rbac.ts +28 -4
package/src/schemas/TokenPayloadSchema.ts +23 -0
package/src/services/UserService.ts +42 -15
package/src/utils/AuthUtils.ts +17 -31
package/tsconfig.tsbuildinfo +1 -1
package/types/index.d.ts +9 -3
package/types/index.d.ts.map +1 -1
package/types/middleware/apiKeyMiddleware.d.ts.map +1 -1
package/types/models/UserLoginFailModel.d.ts +2 -2
package/types/models/UserLoginFailModel.d.ts.map +1 -1
package/types/models/UserSessionModel.d.ts +2 -2
package/types/models/UserSessionModel.d.ts.map +1 -1
package/types/rbac/Rbac.d.ts +7 -3
package/types/rbac/Rbac.d.ts.map +1 -1
package/types/schemas/TokenPayloadSchema.d.ts +35 -0
package/types/schemas/TokenPayloadSchema.d.ts.map +1 -0
package/types/schemas/UserLoginFailSchema.d.ts +1 -1
package/types/schemas/UserSessionSchema.d.ts +1 -1
package/types/services/UserService.d.ts +5 -1
package/types/services/UserService.d.ts.map +1 -1
package/types/utils/AuthUtils.d.ts +3 -4
package/types/utils/AuthUtils.d.ts.map +1 -1

package/src/schemas/TokenPayloadSchema.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import {z} from 'zod';
+const TokenPayloadSchema = z.object({
+    id: z.string(),
+    username: z.string(),
+    session: z.string(),
+    roleId: z.string(),
+    roleName: z.string().optional().nullable(),
+    tenantId: z.string().optional().nullable(),
+    tenantName: z.string().optional().nullable(),
+    apiKeyId: z.string().optional().nullable(),
+    apiKeyName: z.string().optional().nullable(),
+});
+export default TokenPayloadSchema;
+export {TokenPayloadSchema}

package/src/services/UserService.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type {IUser, IUserCreate, IUserUpdate} from "@drax/identity-share";
+import type {IAuthUser, IUser, IUserCreate, IUserUpdate} from "@drax/identity-share";
 import type {IUserRepository} from "../interfaces/IUserRepository";
 import {ZodError} from "zod";
@@ -24,19 +24,22 @@ class UserService extends AbstractService<IUser, IUserCreate, IUserUpdate> {
     async auth(username: string, password: string, {userAgent, ip}) {
         let user = null
-        console.log("auth username", username)
         user = await this.findByUsernameWithPassword(username)
         if (user && user.active && AuthUtils.checkPassword(password, user.password)) {
-            //TODO: Generar session
-            const sessionUUID = randomUUID()
-            const sessionService = UserSessionServiceFactory()
-            await sessionService.create({
-                user:user._id.toString(),
-                uuid: sessionUUID,
-                userAgent: userAgent,
-                ip: ip
-            })
-            const accessToken = AuthUtils.generateToken(user._id.toString(), user.username, user.role._id, user.tenant?._id, sessionUUID)
+            const sessionUUID = await this.generateSession(user, userAgent, ip);
+            const tokenPayload: IAuthUser = {
+                id: user._id.toString(),
+                username: user.username,
+                roleId: user.role?._id?.toString(),
+                roleName: user.role?.name,
+                tenantId: user.tenant ? user.tenant?._id?.toString() : null,
+                tenantName: user.tenant ? user.tenant?.name : null,
+                session: sessionUUID
+            }
+            const accessToken = AuthUtils.generateToken(tokenPayload)
             return {accessToken: accessToken}
         } else {
             const userLoginFailService = UserLoginFailServiceFactory()
@@ -49,12 +52,24 @@ class UserService extends AbstractService<IUser, IUserCreate, IUserUpdate> {
         }
     }
+    private async generateSession(user, userAgent, ip) {
+        const sessionUUID = randomUUID()
+        const sessionService = UserSessionServiceFactory()
+        await sessionService.create({
+            user: user._id.toString(),
+            uuid: sessionUUID,
+            userAgent: userAgent,
+            ip: ip
+        })
+        return sessionUUID;
+    }
     async switchTenant(accessToken: string, tenantId: string) {
         const newAccessToken = AuthUtils.switchTenant(accessToken, tenantId)
         return {accessToken: newAccessToken}
     }
-    async authByEmail(email: string, createIfNotFound: boolean = false, userData: IUserCreate) {
+    async authByEmail(email: string, createIfNotFound: boolean = false, userData: IUserCreate, {userAgent, ip}) {
         let user = null
         console.log("auth email", email)
         user = await this.findByEmail(email)
@@ -66,8 +81,20 @@ class UserService extends AbstractService<IUser, IUserCreate, IUserUpdate> {
         }
         if (user && user.active) {
-            const session = randomUUID()
-            const accessToken = AuthUtils.generateToken(user._id.toString(), user.username, user.role._id, user.tenant?._id, session)
+            const sessionUUID = await this.generateSession(user, userAgent, ip);
+            const tokenPayload: IAuthUser = {
+                id: user._id.toString(),
+                username: user.username,
+                roleId: user.role?._id?.toString(),
+                roleName: user.role?.name,
+                tenantId: user.tenant ? user.tenant?._id?.toString() : null,
+                tenantName: user.tenant ? user.tenant?.name : null,
+                session: sessionUUID
+            }
+            const accessToken = AuthUtils.generateToken(tokenPayload)
             return {accessToken: accessToken}
         } else {
             throw new BadCredentialsError()

package/src/utils/AuthUtils.ts CHANGED Viewed

@@ -3,11 +3,12 @@ import jsonwebtoken, {SignOptions, VerifyOptions} from "jsonwebtoken";
 import {DraxConfig} from "@drax/common-back";
 import IdentityConfig from "../config/IdentityConfig.js";
 import crypto from "crypto";
-import type {IJwtUser} from "@drax/identity-share";
+import type {IAuthUser} from "@drax/identity-share";
+import {TokenPayloadSchema} from "../schemas/TokenPayloadSchema.js";
 class AuthUtils{
-    static verifyToken(token : string) {
+    static verifyToken(token : string): IAuthUser {
         const JWT_SECRET = DraxConfig.getOrLoad(IdentityConfig.JwtSecret)
         if(!JWT_SECRET){
             throw new Error("DraxConfig.JWT_SECRET must be provided")
@@ -15,7 +16,9 @@ class AuthUtils{
         const options : VerifyOptions = {
             algorithms: ['HS256'],
         }
-        return jsonwebtoken.verify(token, JWT_SECRET, options)
+        const tokenPayload =  jsonwebtoken.verify(token, JWT_SECRET, options)
+        TokenPayloadSchema.parse(tokenPayload)
+        return tokenPayload as IAuthUser;
     }
     static hashPassword(password : string) :string {
@@ -32,18 +35,10 @@ class AuthUtils{
         return bcryptjs.compareSync(password, hashPassword);
     }
-    static tokenSignPayload(userId : string, username: string, roleId: string, tenantId: string, session : string): IJwtUser {
-        return {
-            id: userId,
-            username: username,
-            roleId: roleId,
-            tenantId: tenantId,
-            session: session
-        };
-    }
-    static generateToken(userId : string, username: string, roleId: string,  tenantId: string, session : string) {
-        const payload = AuthUtils.tokenSignPayload(userId, username, roleId, tenantId, session)
+    static generateToken(payload: IAuthUser) {
+        TokenPayloadSchema.parse(payload)
         const JWT_SECRET = DraxConfig.getOrLoad(IdentityConfig.JwtSecret)
         if(!JWT_SECRET){
@@ -55,9 +50,9 @@ class AuthUtils{
         const options : SignOptions = {
             expiresIn: JWT_EXPIRATION,
-            jwtid: userId,
+            jwtid: payload.id,
             algorithm: 'HS256',
-            audience: username,
+            audience: payload.username,
             issuer: JWT_ISSUER
         }
@@ -81,21 +76,13 @@ class AuthUtils{
     static switchTenant(accessToken: string, newTenantId: string): string {
         // Verificar que el token actual sea válido
-        const decodedToken = AuthUtils.verifyToken(accessToken) as IJwtUser & { exp?: number };
+        const tokenPayload = AuthUtils.verifyToken(accessToken) as IAuthUser & { exp?: number };
-        if (!decodedToken) {
+        if (!tokenPayload) {
             throw new Error("Invalid access token");
         }
-        // Crear el nuevo payload manteniendo todos los datos excepto tenantId
-        const newPayload: IJwtUser = {
-            id: decodedToken.id,
-            username: decodedToken.username,
-            roleId: decodedToken.roleId,
-            tenantId: newTenantId,
-            session: decodedToken.session,
-            exp: decodedToken.exp
-        };
+        tokenPayload.tenantId = newTenantId;
         const JWT_SECRET = DraxConfig.getOrLoad(IdentityConfig.JwtSecret);
         if (!JWT_SECRET) {
@@ -105,14 +92,13 @@ class AuthUtils{
         const JWT_ISSUER = DraxConfig.getOrLoad(IdentityConfig.JwtIssuer) || 'DRAX';
         const options: SignOptions = {
-            jwtid: decodedToken.id,
+            jwtid: tokenPayload.id,
             algorithm: 'HS256',
-            audience: decodedToken.username,
+            audience: tokenPayload.username,
             issuer: JWT_ISSUER
         };
-        return jsonwebtoken.sign(newPayload, JWT_SECRET, options);
+        return jsonwebtoken.sign(tokenPayload, JWT_SECRET, options);
     }
 }