@drax/identity-back 0.5.2 → 0.5.4

package/dist/services/UserApiKeyService.js

@@ -4,8 +4,10 @@ import { ZodError } from "zod";
 import crypto from "node:crypto";
 import AuthUtils from "../utils/AuthUtils.js";
 import IdentityConfig from "../config/IdentityConfig.js";
-class UserApiKeyService {
+import { AbstractService } from "@drax/crud-back";
+class UserApiKeyService extends AbstractService {
     constructor(userApiKeyRepostitory) {
+        super(userApiKeyRepostitory, userApiKeySchema);
         this._repository = userApiKeyRepostitory;
         console.log("UserApiKeyService constructor");
     }
@@ -14,6 +16,9 @@ class UserApiKeyService {
             userApiKeyData.name = userApiKeyData?.name?.trim();
             const secret = crypto.randomUUID();
             const APIKEY_SECRET = DraxConfig.getOrLoad(IdentityConfig.ApiKeySecret);
+            if (!APIKEY_SECRET) {
+                throw new Error('ApiKey miss configuration');
+            }
             userApiKeyData.secret = AuthUtils.generateHMAC(APIKEY_SECRET, secret);
             await userApiKeySchema.parseAsync(userApiKeyData);
             const userApiKey = await this._repository.create(userApiKeyData);
@@ -67,6 +72,9 @@ class UserApiKeyService {
     async findBySecret(secret) {
         try {
             const APIKEY_SECRET = DraxConfig.getOrLoad(IdentityConfig.ApiKeySecret);
+            if (!APIKEY_SECRET) {
+                throw new Error('ApiKey miss configuration');
+            }
             const hashedSecret = AuthUtils.generateHMAC(APIKEY_SECRET, secret);
             const userApiKey = await this._repository.findBySecret(hashedSecret);
             return userApiKey;

package/dist/services/UserService.js

@@ -1,10 +1,12 @@
 import { ZodError } from "zod";
 import { ValidationError, ZodErrorToValidationError } from "@drax/common-back";
 import AuthUtils from "../utils/AuthUtils.js";
-import { createUserSchema, editUserSchema, } from "../zod/UserZod.js";
+import { createUserSchema, editUserSchema, userBaseSchema } from "../zod/UserZod.js";
 import BadCredentialsError from "../errors/BadCredentialsError.js";
-class UserService {
+import { AbstractService } from "@drax/crud-back";
+class UserService extends AbstractService {
     constructor(userRepository) {
+        super(userRepository, userBaseSchema);
         this._repository = userRepository;
         console.log("UserService constructor");
     }
@@ -101,8 +103,11 @@ class UserService {
     }
     async delete(id) {
         try {
-            const deletedRole = await this._repository.delete(id);
-            return deletedRole;
+            const result = await this._repository.delete(id);
+            if (!result) {
+                throw new Error("error.deletionFailed");
+            }
+            return result;
         }
         catch (e) {
             console.error("Error deleting user", e);
@@ -139,5 +144,10 @@ class UserService {
             throw e;
         }
     }
+    async search(value) {
+        const limit = 100;
+        const users = await this._repository.search(value, limit);
+        return users;
+    }
 }
 export default UserService;

package/dist/setup/CreateOrUpdateRole.js

@@ -15,7 +15,7 @@ async function CreateOrUpdateRole(roleData) {
         }));
     }
     if (role) {
-        const r = await roleService.update(role.id, roleData);
+        const r = await roleService.systemUpdate(role.id, roleData);
         console.log("Role Updated. Name: " + roleData.name);
     }
     else {

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.5.2",
+  "version": "0.5.4",
   "description": "Identity module for user management, authentication and authorization.",
   "main": "dist/index.js",
   "types": "dist/types/index.d.ts",
@@ -28,9 +28,9 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^0.5.2",
-    "@drax/crud-back": "^0.5.2",
-    "@drax/crud-share": "^0.5.2",
+    "@drax/common-back": "^0.5.3",
+    "@drax/crud-back": "^0.5.4",
+    "@drax/crud-share": "^0.5.4",
     "@drax/identity-share": "^0.5.1",
     "bcryptjs": "^2.4.3",
     "express-jwt": "^8.4.1",
@@ -62,5 +62,5 @@
       "debug": "0"
     }
   },
-  "gitHead": "6f854dbeb2af7bca32ed35bcec2f8e48790a73b9"
+  "gitHead": "6db0bebb2df9edecd2c3caa7288fb5c7001c4243"
 }

package/src/controllers/RoleController.ts

@@ -0,0 +1,94 @@
+import type {IRole, IRoleBase} from "@drax/identity-share";
+import {AbstractFastifyController} from "@drax/crud-back";
+import {ValidationError, UnauthorizedError} from "@drax/common-back";
+
+import RoleServiceFactory from "../factory/RoleServiceFactory.js";
+import RoleService from "../services/RoleService.js";
+import RolePermissions from "../permissions/RolePermissions.js";
+import PermissionService from "../services/PermissionService.js";
+
+class RoleController extends AbstractFastifyController<IRole, IRoleBase, IRoleBase>   {
+
+    protected service: RoleService
+
+    constructor() {
+        super(RoleServiceFactory(), RolePermissions)
+    }
+
+    async findByName(request, reply) {
+        try {
+            request.rbac.assertPermission(RolePermissions.View)
+            const name = request.params.name
+            const roleService = RoleServiceFactory()
+            let role = await roleService.findByName(name)
+            return role
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    }
+
+    async all(request, reply) {
+        try {
+            request.rbac.assertPermission(RolePermissions.View)
+            const roleService = RoleServiceFactory()
+            let roles = await roleService.fetchAll()
+            if(request.rbac.getRole?.childRoles?.length > 0) {
+                return roles.filter(role => request.rbac.getRole.childRoles.some(childRole => childRole.id === role.id));
+            }else{
+                return roles
+            }
+        } catch (e) {
+            console.error(e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    }
+
+    async permissions(request, reply) {
+        try {
+            request.rbac.assertPermission(RolePermissions.Permissions)
+            let permissions = PermissionService.getPermissions()
+            return permissions
+        }catch (e){
+            console.error(e)
+            if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+    }
+
+
+
+    async xxxx(request, reply) {
+
+    }
+
+}
+
+export default RoleController;
+export {
+    RoleController
+}
+

package/src/controllers/TenantController.ts

@@ -1,11 +1,10 @@
 import type {ITenant, ITenantBase} from "@drax/identity-share";
 import {AbstractFastifyController} from "@drax/crud-back";
-import {ValidationError} from "@drax/common-back";
+import {ValidationError, UnauthorizedError} from "@drax/common-back";
 
 import TenantServiceFactory from "../factory/TenantServiceFactory.js";
 import TenantService from "../services/TenantService.js";
 import TenantPermissions from "../permissions/TenantPermissions.js";
-import {UnauthorizedError} from "@drax/common-back";
 
 class TenantController extends AbstractFastifyController<ITenant, ITenantBase, ITenantBase>   {
 

package/src/controllers/UserApiKeyController.ts

@@ -0,0 +1,144 @@
+import type {IUserApiKey, IUserApiKeyBase} from "@drax/identity-share";
+import {AbstractFastifyController} from "@drax/crud-back";
+import {ValidationError, UnauthorizedError} from "@drax/common-back";
+
+import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
+import UserApiKeyService from "../services/UserApiKeyService.js";
+import UserApiKeyPermissions from "../permissions/UserApiKeyPermissions.js";
+
+class UserApiKeyController extends AbstractFastifyController<IUserApiKey, IUserApiKeyBase, IUserApiKeyBase>   {
+
+    protected service: UserApiKeyService
+
+    constructor() {
+        super(UserApiKeyServiceFactory(), UserApiKeyPermissions)
+    }
+
+
+    async paginate(request, reply) {
+        try {
+            request.rbac.assertAuthenticated()
+
+            request.rbac.assertOrPermissions([
+                UserApiKeyPermissions.View,
+                UserApiKeyPermissions.ViewMy
+            ])
+
+            const filters = []
+
+            if(!request.rbac.hasPermission(UserApiKeyPermissions.View)){
+                filters.push({field: "user", operator: "eq", value: request.rbac.authUser.id})
+            }
+
+            const page = request.query.page
+            const limit = request.query.limit
+            const orderBy = request.query.orderBy
+            const order = request.query.order
+            const search = request.query.search
+            const userApiKeyService = UserApiKeyServiceFactory()
+
+
+            let paginateResult = await userApiKeyService.paginate({page, limit, orderBy, order, search, filters})
+            return paginateResult
+        } catch (e) {
+            console.log("/api/user-api-keys",e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+
+    }
+
+    async create(request, reply) {
+        try {
+            request.rbac.assertPermission(UserApiKeyPermissions.Create)
+            const payload = request.body
+            payload.user = request.rbac.authUser.id
+
+            const userApiKeyService = UserApiKeyServiceFactory()
+
+            let userApiKey = await userApiKeyService.create(payload)
+            return userApiKey
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+
+    }
+
+
+    async update(request, reply) {
+        try {
+            request.rbac.assertPermission(UserApiKeyPermissions.Update)
+            const id = request.params.id
+            const payload = request.body
+            const userApiKeyService = UserApiKeyServiceFactory()
+            let userApiKey = await userApiKeyService.update(id, payload)
+            return userApiKey
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            }
+            if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+
+    }
+
+    async delete(request, reply) : Promise<void>  {
+        try {
+            request.rbac.assertPermission(UserApiKeyPermissions.Delete)
+            const id = request.params.id
+            const userApiKeyService = UserApiKeyServiceFactory()
+            let r = await userApiKeyService.delete(id)
+            if(r){
+                reply.send({message: 'Deleted successfully'})
+            }else{
+                reply.statusCode(400).send({message: 'Not deleted'})
+            }
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+
+    }
+
+}
+
+export default UserApiKeyController;
+export {
+    UserApiKeyController
+}
+

package/src/controllers/UserController.ts

@@ -0,0 +1,300 @@
+import type {IUser, IUserUpdate, IUserCreate} from "@drax/identity-share";
+import {AbstractFastifyController} from "@drax/crud-back";
+import {CommonConfig, DraxConfig, StoreManager, UploadFileError, ValidationError, UnauthorizedError} from "@drax/common-back";
+
+import UserServiceFactory from "../factory/UserServiceFactory.js";
+import UserService from "../services/UserService.js";
+import UserPermissions from "../permissions/UserPermissions.js";
+import BadCredentialsError from "../errors/BadCredentialsError.js";
+import {join} from "path";
+import {IdentityConfig} from "../config/IdentityConfig.js";
+
+const BASE_FILE_DIR = DraxConfig.getOrLoad(CommonConfig.FileDir) || 'files';
+const AVATAR_DIR = DraxConfig.getOrLoad(IdentityConfig.AvatarDir) || 'avatar';
+const BASE_URL = DraxConfig.getOrLoad(CommonConfig.BaseUrl) ? DraxConfig.get(CommonConfig.BaseUrl).replace(/\/$/, '') : ''
+
+
+class UserController extends AbstractFastifyController<IUser, IUserCreate, IUserUpdate>   {
+
+    protected service: UserService
+
+    constructor() {
+        super(UserServiceFactory(), UserPermissions)
+    }
+
+    async auth(request, reply) {
+        try {
+            const username = request.body.username
+            const password = request.body.password
+            const userService = UserServiceFactory()
+            return await userService.auth(username, password)
+        } catch (e) {
+            console.error('/api/auth error', e)
+            if (e instanceof BadCredentialsError) {
+                reply.code(401)
+                reply.send({error: e.message})
+            }
+            reply.code(500)
+            reply.send({error: 'error.server'})
+        }
+    }
+
+    async me(request, reply) {
+        try {
+            if (request.authUser) {
+                const userService = UserServiceFactory()
+                let user = await userService.findById(request.authUser.id)
+                user.password = undefined
+                delete user.password
+                return user
+            } else {
+                throw new UnauthorizedError()
+
+            }
+        } catch (e) {
+            if (e instanceof UnauthorizedError) {
+                reply.code(401)
+                reply.send({error: "Unauthorized"})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async paginate(request, reply) {
+        try {
+            request.rbac.assertPermission(UserPermissions.View)
+            const page = request.query.page
+            const limit = request.query.limit
+            const orderBy = request.query.orderBy
+            const order = request.query.order
+            const search = request.query.search
+            const userService = UserServiceFactory()
+            const filters = []
+            if(request.rbac.getAuthUser.tenantId){
+                filters.push({field: 'tenant', operator: 'eq', value: request.rbac.getAuthUser.tenantId})
+            }
+            let paginateResult = await userService.paginate({page, limit, orderBy, order, search, filters})
+            for(let item of paginateResult.items){
+                item.password = undefined
+                delete item.password
+            }
+            return paginateResult
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async create(request, reply) {
+        try {
+            request.rbac.assertPermission(UserPermissions.Create)
+            const payload = request.body
+            const userService = UserServiceFactory()
+            if(request.rbac.getAuthUser.tenantId){
+                payload.tenant = request.rbac.getAuthUser.tenantId
+            }
+            let user = await userService.create(payload)
+            return user
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async update(request, reply) {
+        try {
+            request.rbac.assertPermission(UserPermissions.Update)
+            const id = request.params.id
+            const payload = request.body
+            const userService = UserServiceFactory()
+            if(request.rbac.getAuthUser.tenantId){
+                payload.tenant = request.rbac.getAuthUser.tenantId
+            }
+            let user = await userService.update(id, payload)
+            return user
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            }
+            if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async delete(request, reply) {
+        try {
+            request.rbac.assertPermission(UserPermissions.Delete)
+            const id = request.params.id
+            const userService = UserServiceFactory()
+            let r : boolean = await userService.delete(id)
+            if(r){
+                reply.send({message: 'Deleted successfully'})
+            }else{
+                reply.statusCode(400).send({message: 'Not deleted'})
+            }
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async myPassword(request, reply) {
+        try {
+            if(!request.authUser){
+                throw new UnauthorizedError()
+            }
+            const userId = request.authUser.id
+            const currentPassword = request.body.currentPassword
+            const newPassword = request.body.newPassword
+            const userService = UserServiceFactory()
+            return await userService.changeOwnPassword(userId, currentPassword, newPassword)
+        } catch (e) {
+            console.error('/api/password error', e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+    async password(request, reply) {
+        try {
+            request.rbac.assertPermission(UserPermissions.Update)
+            const userId = request.params.id
+            if(!userId){
+                throw new UnauthorizedError()
+            }
+            const newPassword = request.body.newPassword
+            const userService = UserServiceFactory()
+            return await userService.changeUserPassword(userId, newPassword)
+        } catch (e) {
+            console.error('/api/password error', e)
+            if (e instanceof ValidationError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message, inputErrors: e.errors})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'error.server'})
+            }
+        }
+    }
+
+
+    async updateAvatar(request, reply) {
+        try {
+            request.rbac.assertAuthenticated()
+            const userId = request.rbac.getAuthUser.id
+
+            const data = await request.file()
+
+            const file = {
+                filename: data.filename,
+                fileStream: data.file,
+                mimetype: data.mimetype
+            }
+
+            const destinationPath = join(BASE_FILE_DIR, AVATAR_DIR)
+            const storedFile = await StoreManager.saveFile(file, destinationPath)
+            const urlFile = BASE_URL + '/api/user/avatar/' + storedFile.filename
+
+            //Save into DB
+            const userService = UserServiceFactory()
+            await userService.changeAvatar(userId, urlFile)
+
+            return {
+                filename: storedFile.filename,
+                size: storedFile.size,
+                mimetype: storedFile.mimetype,
+                url: urlFile,
+            }
+        } catch (e) {
+            console.error(e)
+            if (e instanceof UploadFileError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+
+    }
+
+    async getAvatar(request, reply) {
+        try {
+            const filename = request.params.filename
+            const subPath = 'avatar'
+            const fileDir = join(BASE_FILE_DIR, subPath)
+            //console.log("FILE_DIR: ",fileDir, " FILENAME:", filename)
+            return reply.sendFile(filename, fileDir)
+        } catch (e) {
+            console.error(e)
+            if (e instanceof UnauthorizedError) {
+                reply.statusCode = e.statusCode
+                reply.send({error: e.message})
+            } else {
+                reply.statusCode = 500
+                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            }
+        }
+
+    }
+
+
+}
+
+export default UserController;
+export {
+    UserController
+}
+

package/src/index.ts

@@ -11,7 +11,6 @@ import PermissionService from "./services/PermissionService.js";
 import Rbac from "./rbac/Rbac.js";
 
 import {UserRoutes} from "./routes/UserRoutes.js";
-import {UserAvatarRoutes} from "./routes/UserAvatarRoutes.js";
 import {RoleRoutes} from "./routes/RoleRoutes.js";
 import {TenantRoutes} from "./routes/TenantRoutes.js";
 import {UserApiKeyRoutes} from "./routes/UserApiKeyRoutes.js";
@@ -77,7 +76,6 @@ export {
     UserRoutes,
     RoleRoutes,
     TenantRoutes,
-    UserAvatarRoutes,
     UserApiKeyRoutes,
 
     AuthUtils,