@drax/identity-back 0.46.0 → 0.49.0

package/dist/config/IdentityConfig.js

@@ -8,6 +8,7 @@ var IdentityConfig;
     IdentityConfig["RbacCacheTTL"] = "DRAX_RBAC_CACHE_TTL";
     IdentityConfig["AvatarDir"] = "DRAX_AVATAR_DIR";
     IdentityConfig["defaultRole"] = "DRAX_DEFAULT_ROLE";
+    IdentityConfig["VerifyIP"] = "DRAX_VERIFY_IP";
 })(IdentityConfig || (IdentityConfig = {}));
 export default IdentityConfig;
 export { IdentityConfig };

package/dist/middleware/apiKeyMiddleware.js

@@ -1,7 +1,8 @@
 import { DraxCache, DraxConfig } from "@drax/common-back";
 import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import IdentityConfig from "../config/IdentityConfig.js";
-const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL) ? parseInt(DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL)) : 10000;
+const verifyIp = DraxConfig.getOrLoad(IdentityConfig.VerifyIP, 'boolean', true);
+const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL, 'number', 10000);
 const draxCache = new DraxCache(cacheTTL);
 async function userApiKeyLoader(k) {
     const userApiKeyService = UserApiKeyServiceFactory();
@@ -27,6 +28,22 @@ async function apiKeyMiddleware(request, reply) {
         }
         if (apiKey) {
             const userApiKey = await draxCache.getOrLoad(apiKey, userApiKeyLoader);
+            if (verifyIp) {
+                if (userApiKey.ipv4 && userApiKey.ipv4.length > 0) {
+                    const clientIp = request.ip;
+                    if (!userApiKey.ipv4.includes(clientIp)) {
+                        reply.code(401).send({ "statusCode": "401", error: 'IP not allowed', i18nMessage: 'error.ipNotAllowed', clientIp: clientIp, message: `Remote IP ${clientIp} is not allowed` });
+                        return;
+                    }
+                }
+                else if (userApiKey.ipv6 && userApiKey.ipv6.length > 0) {
+                    const clientIp = request.ip;
+                    if (!userApiKey.ipv6.includes(clientIp)) {
+                        reply.code(401).send({ "statusCode": "401", error: 'IP not allowed', i18nMessage: 'error.ipNotAllowed', clientIp: clientIp, message: `Remote IP ${clientIp} is not allowed` });
+                        return;
+                    }
+                }
+            }
             if (userApiKey && userApiKey.user) {
                 const authUser = {
                     id: userApiKey.user._id.toString(),

package/dist/middleware/rbacMiddleware.js

@@ -2,7 +2,7 @@ import { DraxCache, DraxConfig } from "@drax/common-back";
 import RoleServiceFactory from "../factory/RoleServiceFactory.js";
 import Rbac from "../rbac/Rbac.js";
 import IdentityConfig from "../config/IdentityConfig.js";
-const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL) ? parseInt(DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL)) : 10000;
+const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL, 'number', 10000);
 const draxCache = new DraxCache(cacheTTL);
 async function roleLoader(k) {
     const roleService = RoleServiceFactory();

package/dist/repository/sqlite/UserApiKeySqliteRepository.js

@@ -32,12 +32,13 @@ class UserApiKeySqliteRepository extends AbstractSqliteRepository {
         if (item && item.createdBy) {
             item.createdBy = await this.findUserById(item.createdBy);
         }
-        if (item && item.ipv4) {
-            item.ipv4 = item.ipv4 != "" ? item.ipv4.split(',') : [];
+        if (item && item.hasOwnProperty('ipv4')) {
+            item.ipv4 = item.ipv4 ? item.ipv4.split(',') : [];
         }
-        if (item && item.ipv6) {
-            item.ipv6 = item.ipv6 != "" ? item.ipv6.split(',') : [];
+        if (item && item.hasOwnProperty('ipv6')) {
+            item.ipv6 = item.ipv6 ? item.ipv6.split(',') : [];
         }
+        return item;
     }
     async prepareData(userApiKeyData) {
         if (userApiKeyData.ipv4 && Array.isArray(userApiKeyData.ipv4) && userApiKeyData.ipv4.length > 0) {
@@ -52,6 +53,12 @@ class UserApiKeySqliteRepository extends AbstractSqliteRepository {
         else {
             userApiKeyData.ipv6 = "";
         }
+        if (userApiKeyData.user && userApiKeyData.user.hasOwnProperty('_id')) {
+            userApiKeyData.user = userApiKeyData.user._id;
+        }
+        if (userApiKeyData.createdBy && userApiKeyData.createdBy.hasOwnProperty('_id')) {
+            userApiKeyData.createdBy = userApiKeyData.createdBy._id;
+        }
     }
     async findBySecret(secret) {
         const userApiKey = this.db.prepare('SELECT * FROM user_api_keys WHERE secret = ?').get(secret);

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.46.0",
+  "version": "0.49.0",
   "description": "Identity module for user management, authentication and authorization.",
   "main": "dist/index.js",
   "types": "types/index.d.ts",
@@ -28,11 +28,11 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^0.46.0",
-    "@drax/crud-back": "^0.46.0",
-    "@drax/crud-share": "^0.46.0",
-    "@drax/email-back": "^0.46.0",
-    "@drax/identity-share": "^0.46.0",
+    "@drax/common-back": "^0.49.0",
+    "@drax/crud-back": "^0.49.0",
+    "@drax/crud-share": "^0.49.0",
+    "@drax/email-back": "^0.49.0",
+    "@drax/identity-share": "^0.49.0",
     "bcryptjs": "^2.4.3",
     "graphql": "^16.8.2",
     "jsonwebtoken": "^9.0.2"
@@ -63,5 +63,5 @@
       "debug": "0"
     }
   },
-  "gitHead": "9625999c86d538dc3bee7c501acba6c51592ebca"
+  "gitHead": "ea99f6fd79d282e6efe02fca660d5733c13bb86d"
 }

package/src/config/IdentityConfig.ts

@@ -1,7 +1,5 @@
 enum IdentityConfig {
 
-
-
     JwtSecret = "DRAX_JWT_SECRET",
     JwtExpiration = "DRAX_JWT_EXPIRATION",
     JwtIssuer = "DRAX_JWT_ISSUER",
@@ -15,6 +13,7 @@ enum IdentityConfig {
 
     defaultRole = "DRAX_DEFAULT_ROLE",
 
+    VerifyIP = "DRAX_VERIFY_IP",
 
 }
 

package/src/middleware/apiKeyMiddleware.ts

@@ -3,58 +3,78 @@ import {DraxCache, DraxConfig} from "@drax/common-back";
 import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 
-const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL) ? parseInt(DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL)) : 10000;
+const verifyIp = DraxConfig.getOrLoad(IdentityConfig.VerifyIP, 'boolean', true);
+const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL, 'number',10000)
+
 const draxCache = new DraxCache<IUserApiKey>(cacheTTL);
 
 
-async function userApiKeyLoader(k):Promise<IUserApiKey | null> {
+async function userApiKeyLoader(k): Promise<IUserApiKey | null> {
     const userApiKeyService = UserApiKeyServiceFactory()
     const userApiKey: IUserApiKey = await userApiKeyService.findBySecret(k)
     return userApiKey
 }
 
-async function apiKeyMiddleware (request, reply) {
-        try{
-            let apiKey: string
+async function apiKeyMiddleware(request, reply) {
+    try {
+        let apiKey: string
 
-            //Por header 'x-api-key'
-            if(request.headers['x-api-key']){
-                apiKey = request.headers['x-api-key']
-            }
+        //Por header 'x-api-key'
+        if (request.headers['x-api-key']) {
+            apiKey = request.headers['x-api-key']
+        }
 
-            //Por authorization 'ApiKey <uuid-key>'
-            const apiKeyRegExp = /^ApiKey (.*)$/i;
-            if(request.headers['authorization'] && apiKeyRegExp.test(request.headers['authorization'])){
-                apiKey = request.headers?.authorization?.replace(/ApiKey /i, "")
-            }
+        //Por authorization 'ApiKey <uuid-key>'
+        const apiKeyRegExp = /^ApiKey (.*)$/i;
+        if (request.headers['authorization'] && apiKeyRegExp.test(request.headers['authorization'])) {
+            apiKey = request.headers?.authorization?.replace(/ApiKey /i, "")
+        }
 
-            //Por authorization '<uuid-key>'
-            const uuidRegex =  /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-            if(request.headers['authorization'] && uuidRegex.test(request.headers['authorization'])){
-                apiKey = request.headers['authorization']
-            }
+        //Por authorization '<uuid-key>'
+        const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+        if (request.headers['authorization'] && uuidRegex.test(request.headers['authorization'])) {
+            apiKey = request.headers['authorization']
+        }
 
-            if(apiKey){
-                const userApiKey : IUserApiKey = await draxCache.getOrLoad(apiKey, userApiKeyLoader)
-                if(userApiKey && userApiKey.user){
-                    const authUser: IAuthUser = {
-                        id: userApiKey.user._id.toString(),
-                        username: userApiKey.user.username,
-                        roleId:  userApiKey.user.role?._id?.toString(),
-                        roleName:  userApiKey.user.role?.name,
-                        tenantId: userApiKey.user?.tenant?._id?.toString(),
-                        tenantName: userApiKey.user?.tenant?.name,
-                        apiKeyId: userApiKey?._id?.toString(),
-                        apiKeyName: userApiKey?.name
+        if (apiKey) {
+            const userApiKey: IUserApiKey = await draxCache.getOrLoad(apiKey, userApiKeyLoader)
+
+            if (verifyIp) {
+                if (userApiKey.ipv4 && userApiKey.ipv4.length > 0) {
+                    const clientIp = request.ip
+                    if (!userApiKey.ipv4.includes(clientIp)) {
+                        reply.code(401).send({"statusCode": "401", error: 'IP not allowed', i18nMessage: 'error.ipNotAllowed', clientIp: clientIp, message: `Remote IP ${clientIp} is not allowed`});
+                        return
+                    }
+                } else if (userApiKey.ipv6 && userApiKey.ipv6.length > 0) {
+                    const clientIp = request.ip
+                    if (!userApiKey.ipv6.includes(clientIp)) {
+                        reply.code(401).send({"statusCode": "401", error: 'IP not allowed', i18nMessage: 'error.ipNotAllowed', clientIp: clientIp, message: `Remote IP ${clientIp} is not allowed`});
+                        return
                     }
-                    request.authUser = authUser
                 }
             }
-            return
-        }catch (e) {
-            console.error(e)
-            reply.code(500).send({ error: 'APIKEY ERROR' });
+
+
+            if (userApiKey && userApiKey.user) {
+                const authUser: IAuthUser = {
+                    id: userApiKey.user._id.toString(),
+                    username: userApiKey.user.username,
+                    roleId: userApiKey.user.role?._id?.toString(),
+                    roleName: userApiKey.user.role?.name,
+                    tenantId: userApiKey.user?.tenant?._id?.toString(),
+                    tenantName: userApiKey.user?.tenant?.name,
+                    apiKeyId: userApiKey?._id?.toString(),
+                    apiKeyName: userApiKey?.name
+                }
+                request.authUser = authUser
+            }
         }
+        return
+    } catch (e) {
+        console.error(e)
+        reply.code(500).send({error: 'APIKEY ERROR'});
+    }
 }
 
 export default apiKeyMiddleware;

package/src/middleware/rbacMiddleware.ts

@@ -4,7 +4,7 @@ import RoleServiceFactory from "../factory/RoleServiceFactory.js";
 import Rbac from "../rbac/Rbac.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 
-const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL) ? parseInt(DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL)) : 10000;
+const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL, 'number',10000) ;
 const draxCache = new DraxCache<IRole>(cacheTTL);
 
 

package/src/repository/sqlite/UserApiKeySqliteRepository.ts

@@ -40,6 +40,8 @@ class UserApiKeySqliteRepository extends AbstractSqliteRepository<IUserApiKey, I
     }
 
     async prepareItem(item: any): Promise<any> {
+
+
         if (item && item.user) {
             item.user = await this.findUserById(item.user)
         }
@@ -48,16 +50,19 @@ class UserApiKeySqliteRepository extends AbstractSqliteRepository<IUserApiKey, I
             item.createdBy = await this.findUserById(item.createdBy)
         }
 
-        if (item && item.ipv4) {
-            item.ipv4 = item.ipv4 != "" ? item.ipv4.split(',') : []
+        if (item && item.hasOwnProperty('ipv4')) {
+            item.ipv4 = item.ipv4 ? item.ipv4.split(',') : []
         }
 
-        if (item && item.ipv6) {
-            item.ipv6 = item.ipv6 != "" ? item.ipv6.split(',') : []
+        if (item && item.hasOwnProperty('ipv6')) {
+            item.ipv6 = item.ipv6 ? item.ipv6.split(',') : []
         }
+
+        return item;
     }
 
     async prepareData(userApiKeyData) {
+
         if (userApiKeyData.ipv4 && Array.isArray(userApiKeyData.ipv4) && userApiKeyData.ipv4.length > 0) {
             userApiKeyData.ipv4 = userApiKeyData.ipv4.join(',')
         } else {
@@ -69,6 +74,15 @@ class UserApiKeySqliteRepository extends AbstractSqliteRepository<IUserApiKey, I
         } else {
             userApiKeyData.ipv6 = ""
         }
+
+        if(userApiKeyData.user && userApiKeyData.user.hasOwnProperty('_id')) {
+            userApiKeyData.user = userApiKeyData.user._id
+        }
+
+        if(userApiKeyData.createdBy && userApiKeyData.createdBy.hasOwnProperty('_id')) {
+            userApiKeyData.createdBy = userApiKeyData.createdBy._id
+        }
+
     }