@drax/identity-back 0.5.3 → 0.5.4

package/src/repository/mongo/RoleMongoRepository.ts

@@ -8,6 +8,8 @@ import {IRoleBase, IRole} from "@drax/identity-share";
 
 class RoleMongoRepository implements IRoleRepository{
 
+    _searchFields = ['_id','name']
+
     async create(roleData: IRoleBase): Promise<IRole> {
         const role : mongoose.HydratedDocument<IRole> = new RoleModel(roleData)
         await role.save()
@@ -40,6 +42,15 @@ class RoleMongoRepository implements IRoleRepository{
         return roles
     }
 
+    async search(value: string, limit: number = 1000): Promise<IRole[]> {
+        const query = {}
+        if(value){
+            query['$or'] = this._searchFields.map(field => ({[field]: new RegExp(value.toString(), 'i')}))
+        }
+        const items: mongoose.HydratedDocument<IRole>[] = await RoleModel.find(query).limit(limit).exec()
+        return items
+    }
+
     async paginate({
                        page= 1,
                        limit= 5,
@@ -50,9 +61,7 @@ class RoleMongoRepository implements IRoleRepository{
         const query = {}
 
         if(search){
-            query['$or'] = [
-                {name: new RegExp(search, 'i')},
-            ]
+            query['$or'] = this._searchFields.map(field => ({[field]: new RegExp(search.toString(), 'i')}))
         }
 
         MongooseQueryFilter.applyFilters(query, filters)

package/src/repository/mongo/TenantMongoRepository.ts

@@ -8,6 +8,8 @@ import {ITenant, ITenantBase} from "@drax/identity-share";
 
 class TenantMongoRepository implements ITenantRepository {
 
+    _searchFields = ['_id','name']
+
     async create(tenantData: ITenantBase): Promise<ITenant> {
         const tenant: mongoose.HydratedDocument<ITenant> = new TenantModel(tenantData)
         await tenant.save()
@@ -39,6 +41,15 @@ class TenantMongoRepository implements ITenantRepository {
         return tenants
     }
 
+    async search(value: string, limit: number = 1000): Promise<ITenant[]> {
+        const query = {}
+        if(value){
+            query['$or'] = this._searchFields.map(field => ({[field]: new RegExp(value.toString(), 'i')}))
+        }
+        const items: mongoose.HydratedDocument<ITenant>[] = await TenantModel.find(query).limit(limit).exec()
+        return items
+    }
+
     async paginate({
                        page = 1,
                        limit = 5,

package/src/routes/RoleRoutes.ts

@@ -1,203 +1,28 @@
-import { ValidationError, UnauthorizedError} from "@drax/common-back";
-import RoleServiceFactory from "../factory/RoleServiceFactory.js";
-import {IRole} from "@drax/identity-share";
-import {IdentityPermissions} from "../permissions/IdentityPermissions.js";
-import {PermissionService} from "../services/PermissionService.js";
-import {IDraxPaginateResult} from "@drax/crud-share";
+import RoleController from "../controllers/RoleController.js";
 
 
 
 async function RoleRoutes(fastify, options) {
 
-    fastify.get('/api/permissions', async (request, reply): Promise<string[]> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.PermissionsRole)
-            let permissions = PermissionService.getPermissions()
-            return permissions
-        }catch (e){
-            console.error(e)
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
-    })
+    const controller: RoleController = new RoleController()
 
-    fastify.get('/api/roles/:id', async (request, reply): Promise<IRole> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.ViewRole)
-            const id = request.params.id
-            const roleService = RoleServiceFactory()
-            let role = await roleService.findById(id)
-            return role
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
-    })
+    fastify.get('/api/permissions', (req,rep) => controller.permissions(req,rep))
 
-    fastify.get('/api/roles/name/:name', async (request, reply): Promise<IRole> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.ViewRole)
-            const name = request.params.name
-            const roleService = RoleServiceFactory()
-            let role = await roleService.findByName(name)
-            return role
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
-    })
+    fastify.get('/api/roles/search', (req,rep) => controller.search(req,rep))
 
-    fastify.get('/api/roles/all', async (request, reply): Promise<IRole[]> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.ViewRole)
-            const roleService = RoleServiceFactory()
-            let roles = await roleService.fetchAll()
-            if(request.rbac.getRole?.childRoles?.length > 0) {
-                return roles.filter(role => request.rbac.getRole.childRoles.some(childRole => childRole.id === role.id));
-            }else{
-                return roles
-            }
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
-    })
+    fastify.get('/api/roles/:id', (req,rep) => controller.findById(req,rep))
 
-    fastify.get('/api/roles', async (request, reply): Promise<IDraxPaginateResult<IRole>> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.ViewRole)
-            const page = request.query.page
-            const limit = request.query.limit
-            const orderBy = request.query.orderBy
-            const order = request.query.order
-            const search = request.query.search
-            const roleService = RoleServiceFactory()
-            let paginateResult = await roleService.paginate({page, limit, search, orderBy, order})
-            return paginateResult
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
-    })
+    fastify.get('/api/roles/name/:name', (req,rep) => controller.findByName(req,rep))
 
-    fastify.post('/api/roles', async (request, reply): Promise<IRole> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.CreateRole)
-            const payload = request.body
-            const roleService = RoleServiceFactory()
-            let role = await roleService.create(payload)
-            return role
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
+    fastify.get('/api/roles/all', (req,rep) => controller.all(req,rep))
 
-    })
+    fastify.get('/api/roles', (req,rep) => controller.paginate(req,rep))
 
-    fastify.put('/api/roles/:id', async (request, reply): Promise<IRole> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.UpdateRole)
-            const id = request.params.id
-            const payload = request.body
-            const roleService = RoleServiceFactory()
-            const currentRole = await roleService.findById(id)
-            if(currentRole.readonly){
-                throw new ValidationError([{field:'name', reason:"role.readonly", value:payload.name}])
-            }
+    fastify.post('/api/roles', (req,rep) => controller.create(req,rep))
 
-            let role = await roleService.update(id, payload)
-            return role
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
+    fastify.put('/api/roles/:id', (req,rep) => controller.update(req,rep))
 
-    })
-
-    fastify.delete('/api/roles/:id', async (request, reply): Promise<any> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.DeleteRole)
-            const id = request.params.id
-            const roleService = RoleServiceFactory()
-            const currentRole = await roleService.findById(id)
-            if(currentRole.readonly){
-                throw new UnauthorizedError()
-            }
-            let r = await roleService.delete(id)
-            return r
-        } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
-        }
-    })
+    fastify.delete('/api/roles/:id', (req,rep) => controller.delete(req,rep))
 
 }
 

package/src/routes/TenantRoutes.ts

@@ -6,6 +6,8 @@ async function TenantRoutes(fastify, options) {
 
     fastify.get('/api/tenants/export', (req,rep) => controller.export(req,rep) )
 
+    fastify.get('/api/tenants/search', (req,rep) => controller.search(req,rep) )
+
     fastify.get('/api/tenants/:id', (req,rep) => controller.findById(req,rep) )
 
     fastify.get('/api/tenants/name/:name', (req,rep) => controller.findByName(req,rep))

package/src/routes/UserApiKeyRoutes.ts

@@ -1,124 +1,17 @@
-import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
-import type {IUserApiKey} from "@drax/identity-share";
-import {ValidationError, UnauthorizedError} from "@drax/common-back";
-import {IdentityPermissions} from "../permissions/IdentityPermissions.js";
-import {IDraxPaginateResult} from "@drax/crud-share";
+import UserApiKeyController from "../controllers/UserApiKeyController.js";
 
 
 async function UserApiKeyRoutes(fastify, options) {
 
-    fastify.get('/api/user-api-keys', async (request, reply): Promise<IDraxPaginateResult<IUserApiKey>> => {
+    const controller: UserApiKeyController = new UserApiKeyController()
 
-        try {
-            request.rbac.assertAuthenticated()
+    fastify.get('/api/user-api-keys', (req,rep) => controller.paginate(req,rep) )
 
-            request.rbac.assertOrPermissions([
-                IdentityPermissions.ViewUserApiKey,
-                IdentityPermissions.ViewMyUserApiKey
-            ])
+    fastify.post('/api/user-api-keys', (req,rep) => controller.create(req,rep))
 
-            const filters = []
+    fastify.put('/api/user-api-keys/:id', (req,rep) => controller.update(req,rep))
 
-            if(!request.rbac.hasPermission(IdentityPermissions.ViewUserApiKey)){
-                filters.push({field: "user", operator: "eq", value: request.rbac.authUser.id})
-            }
-
-            const page = request.query.page
-            const limit = request.query.limit
-            const orderBy = request.query.orderBy
-            const order = request.query.order
-            const search = request.query.search
-            const userApiKeyService = UserApiKeyServiceFactory()
-
-
-            let paginateResult = await userApiKeyService.paginate({page, limit, orderBy, order, search, filters})
-            return paginateResult
-        } catch (e) {
-            console.log("/api/user-api-keys",e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-
-    fastify.post('/api/user-api-keys', async (request, reply): Promise<IUserApiKey> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.CreateUserApiKey)
-            const payload = request.body
-            payload.user = request.rbac.authUser.id
-
-            const userApiKeyService = UserApiKeyServiceFactory()
-
-            let userApiKey = await userApiKeyService.create(payload)
-            return userApiKey
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-
-    })
-
-    fastify.put('/api/user-api-keys/:id', async (request, reply): Promise<IUserApiKey> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.UpdateUserApiKey)
-            const id = request.params.id
-            const payload = request.body
-            const userApiKeyService = UserApiKeyServiceFactory()
-            let userApiKey = await userApiKeyService.update(id, payload)
-            return userApiKey
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            }
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-
-    fastify.delete('/api/user-api-keys/:id', async (request, reply): Promise<any> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.DeleteUserApiKey)
-            const id = request.params.id
-            const userApiKeyService = UserApiKeyServiceFactory()
-            let r = await userApiKeyService.delete(id)
-            return r
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
+    fastify.delete('/api/user-api-keys/:id', (req,rep) => controller.delete(req,rep))
 
 
 }

package/src/routes/UserRoutes.ts

@@ -1,218 +1,28 @@
-import UserServiceFactory from "../factory/UserServiceFactory.js";
-import {IUser} from "@drax/identity-share";
-import {ValidationError, UnauthorizedError} from "@drax/common-back";
-import {IdentityPermissions} from "../permissions/IdentityPermissions.js";
-import BadCredentialsError from "../errors/BadCredentialsError.js";
-import {IDraxPaginateResult} from "@drax/crud-share";
+import UserController from "../controllers/UserController.js";
 
 async function UserRoutes(fastify, options) {
-    fastify.post('/api/auth', async (request, reply) => {
-        try {
-            const username = request.body.username
-            const password = request.body.password
-            const userService = UserServiceFactory()
-            return await userService.auth(username, password)
-        } catch (e) {
-            console.error('/api/auth error', e)
-            if (e instanceof BadCredentialsError) {
-                reply.code(401)
-                reply.send({error: e.message})
-            }
-            reply.code(500)
-            reply.send({error: 'error.server'})
-        }
-    })
 
+    const controller: UserController = new UserController()
 
+    fastify.post('/api/auth', (req,rep) => controller.auth(req,rep))
 
+    fastify.get('/api/me', (req,rep) => controller.me(req,rep))
 
-    fastify.get('/api/me', async (request, reply): Promise<IUser | null> => {
-        try {
-            if (request.authUser) {
-                const userService = UserServiceFactory()
-                let user = await userService.findById(request.authUser.id)
-                user.password = undefined
-                delete user.password
-                return user
-            } else {
-                throw new UnauthorizedError()
+    fastify.get('/api/users', (req,rep) => controller.paginate(req,rep))
 
-            }
-        } catch (e) {
-            if (e instanceof UnauthorizedError) {
-                reply.code(401)
-                reply.send({error: "Unauthorized"})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
+    fastify.post('/api/users', (req,rep) => controller.create(req,rep))
 
+    fastify.put('/api/users/:id', (req,rep) => controller.update(req,rep))
 
-    })
+    fastify.delete('/api/users/:id', (req,rep) => controller.delete(req,rep))
 
-    fastify.get('/api/users', async (request, reply): Promise<IDraxPaginateResult<IUser>> => {
+    fastify.post('/api/password', (req,rep) => controller.myPassword(req,rep))
 
-        try {
-            request.rbac.assertPermission(IdentityPermissions.ViewUser)
-            const page = request.query.page
-            const limit = request.query.limit
-            const orderBy = request.query.orderBy
-            const order = request.query.order
-            const search = request.query.search
-            const userService = UserServiceFactory()
-            const filters = []
-            if(request.rbac.getAuthUser.tenantId){
-                filters.push({field: 'tenant', operator: 'eq', value: request.rbac.getAuthUser.tenantId})
-            }
-            let paginateResult = await userService.paginate({page, limit, orderBy, order, search, filters})
-            for(let item of paginateResult.items){
-                item.password = undefined
-                delete item.password
-            }
-            return paginateResult
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
+    fastify.post('/api/password/:id', (req,rep) => controller.password(req,rep))
 
-    fastify.post('/api/users', async (request, reply): Promise<IUser> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.CreateUser)
-            const payload = request.body
-            const userService = UserServiceFactory()
-            if(request.rbac.getAuthUser.tenantId){
-                payload.tenant = request.rbac.getAuthUser.tenantId
-            }
-            let user = await userService.create(payload)
-            return user
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
+    fastify.post('/api/user/avatar', (req,rep) => controller.updateAvatar(req,rep))
 
-    })
-
-    fastify.put('/api/users/:id', async (request, reply): Promise<IUser> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.UpdateUser)
-            const id = request.params.id
-            const payload = request.body
-            const userService = UserServiceFactory()
-            if(request.rbac.getAuthUser.tenantId){
-                payload.tenant = request.rbac.getAuthUser.tenantId
-            }
-            let user = await userService.update(id, payload)
-            return user
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            }
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-
-    fastify.delete('/api/users/:id', async (request, reply): Promise<any> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.DeleteUser)
-            const id = request.params.id
-            const userService = UserServiceFactory()
-            let r = await userService.delete(id)
-            return r
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-
-    fastify.post('/api/password', async (request, reply) => {
-        try {
-            if(!request.authUser){
-                throw new UnauthorizedError()
-            }
-            const userId = request.authUser.id
-            const currentPassword = request.body.currentPassword
-            const newPassword = request.body.newPassword
-            const userService = UserServiceFactory()
-            return await userService.changeOwnPassword(userId, currentPassword, newPassword)
-        } catch (e) {
-            console.error('/api/password error', e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-
-
-    fastify.post('/api/password/:id', async (request, reply) => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.UpdateUser)
-            const userId = request.params.id
-            if(!userId){
-                throw new UnauthorizedError()
-            }
-            const newPassword = request.body.newPassword
-            const userService = UserServiceFactory()
-            return await userService.changeUserPassword(userId, newPassword)
-        } catch (e) {
-            console.error('/api/password error', e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
+    fastify.get('/api/user/avatar/:filename', (req,rep) => controller.getAvatar(req,rep))
 
 }