npm - @drax/identity-back - Versions diffs - 0.5.3 → 0.5.5 - Mend

@drax/identity-back 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/controllers/RoleController.js +84 -0
package/dist/controllers/TenantController.js +1 -2
package/dist/controllers/UserApiKeyController.js +127 -0
package/dist/controllers/UserController.js +295 -0
package/dist/index.js +1 -2
package/dist/repository/mongo/RoleMongoRepository.js +35 -3
package/dist/repository/mongo/TenantMongoRepository.js +25 -2
package/dist/repository/mongo/UserMongoRepository.js +23 -0
package/dist/repository/sqlite/TenantSqliteRepository.js +1 -1
package/dist/routes/RoleRoutes.js +12 -207
package/dist/routes/TenantRoutes.js +1 -0
package/dist/routes/UserApiKeyRoutes.js +6 -114
package/dist/routes/UserRoutes.js +13 -218
package/dist/services/RoleService.js +42 -2
package/dist/services/TenantService.js +5 -0
package/dist/services/UserApiKeyService.js +9 -1
package/dist/services/UserService.js +14 -4
package/dist/setup/CreateOrUpdateRole.js +1 -1
package/package.json +4 -4
package/src/controllers/RoleController.ts +94 -0
package/src/controllers/TenantController.ts +1 -2
package/src/controllers/UserApiKeyController.ts +144 -0
package/src/controllers/UserController.ts +300 -0
package/src/index.ts +0 -2
package/src/interfaces/IRoleRepository.ts +2 -2
package/src/repository/mongo/RoleMongoRepository.ts +75 -19
package/src/repository/mongo/TenantMongoRepository.ts +36 -3
package/src/repository/mongo/UserMongoRepository.ts +49 -2
package/src/repository/sqlite/TenantSqliteRepository.ts +0 -1
package/src/routes/RoleRoutes.ts +22 -195
package/src/routes/TenantRoutes.ts +2 -0
package/src/routes/UserApiKeyRoutes.ts +6 -113
package/src/routes/UserRoutes.ts +13 -201
package/src/services/RoleService.ts +45 -4
package/src/services/TenantService.ts +7 -1
package/src/services/UserApiKeyService.ts +11 -1
package/src/services/UserService.ts +16 -4
package/src/setup/CreateOrUpdateRole.ts +1 -1
package/tsconfig.tsbuildinfo +1 -1
package/types/controllers/RoleController.d.ts +14 -0
package/types/controllers/RoleController.d.ts.map +1 -0
package/types/controllers/TenantController.d.ts.map +1 -1
package/types/controllers/UserApiKeyController.d.ts +14 -0
package/types/controllers/UserApiKeyController.d.ts.map +1 -0
package/types/controllers/UserController.d.ts +27 -0
package/types/controllers/UserController.d.ts.map +1 -0
package/types/index.d.ts +1 -2
package/types/index.d.ts.map +1 -1
package/types/interfaces/IRoleRepository.d.ts +2 -2
package/types/interfaces/IRoleRepository.d.ts.map +1 -1
package/types/repository/mongo/RoleMongoRepository.d.ts +33 -1
package/types/repository/mongo/RoleMongoRepository.d.ts.map +1 -1
package/types/repository/mongo/TenantMongoRepository.d.ts +32 -1
package/types/repository/mongo/TenantMongoRepository.d.ts.map +1 -1
package/types/repository/mongo/UserMongoRepository.d.ts +31 -1
package/types/repository/mongo/UserMongoRepository.d.ts.map +1 -1
package/types/repository/sqlite/TenantSqliteRepository.d.ts +1 -1
package/types/repository/sqlite/TenantSqliteRepository.d.ts.map +1 -1
package/types/routes/RoleRoutes.d.ts.map +1 -1
package/types/routes/TenantRoutes.d.ts.map +1 -1
package/types/routes/UserApiKeyRoutes.d.ts.map +1 -1
package/types/routes/UserRoutes.d.ts.map +1 -1
package/types/services/RoleService.d.ts +5 -1
package/types/services/RoleService.d.ts.map +1 -1
package/types/services/TenantService.d.ts +1 -0
package/types/services/TenantService.d.ts.map +1 -1
package/types/services/UserApiKeyService.d.ts +2 -1
package/types/services/UserApiKeyService.d.ts.map +1 -1
package/types/services/UserService.d.ts +3 -1
package/types/services/UserService.d.ts.map +1 -1
package/src/routes/UserAvatarRoutes.ts +0 -82

package/src/routes/UserRoutes.ts CHANGED Viewed

@@ -1,218 +1,30 @@
-import UserServiceFactory from "../factory/UserServiceFactory.js";
-import {IUser} from "@drax/identity-share";
-import {ValidationError, UnauthorizedError} from "@drax/common-back";
-import {IdentityPermissions} from "../permissions/IdentityPermissions.js";
-import BadCredentialsError from "../errors/BadCredentialsError.js";
-import {IDraxPaginateResult} from "@drax/crud-share";
+import UserController from "../controllers/UserController.js";
 async function UserRoutes(fastify, options) {
-    fastify.post('/api/auth', async (request, reply) => {
-        try {
-            const username = request.body.username
-            const password = request.body.password
-            const userService = UserServiceFactory()
-            return await userService.auth(username, password)
-        } catch (e) {
-            console.error('/api/auth error', e)
-            if (e instanceof BadCredentialsError) {
-                reply.code(401)
-                reply.send({error: e.message})
-            }
-            reply.code(500)
-            reply.send({error: 'error.server'})
-        }
-    })
+    const controller: UserController = new UserController()
+    fastify.post('/api/auth', (req,rep) => controller.auth(req,rep))
+    fastify.get('/api/me', (req,rep) => controller.me(req,rep))
-    fastify.get('/api/me', async (request, reply): Promise<IUser | null> => {
-        try {
-            if (request.authUser) {
-                const userService = UserServiceFactory()
-                let user = await userService.findById(request.authUser.id)
-                user.password = undefined
-                delete user.password
-                return user
-            } else {
-                throw new UnauthorizedError()
+    fastify.get('/api/users/export', (req,rep) => controller.export(req,rep) )
-            }
-        } catch (e) {
-            if (e instanceof UnauthorizedError) {
-                reply.code(401)
-                reply.send({error: "Unauthorized"})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
+    fastify.get('/api/users', (req,rep) => controller.paginate(req,rep))
+    fastify.post('/api/users', (req,rep) => controller.create(req,rep))
-    })
+    fastify.put('/api/users/:id', (req,rep) => controller.update(req,rep))
-    fastify.get('/api/users', async (request, reply): Promise<IDraxPaginateResult<IUser>> => {
+    fastify.delete('/api/users/:id', (req,rep) => controller.delete(req,rep))
-        try {
-            request.rbac.assertPermission(IdentityPermissions.ViewUser)
-            const page = request.query.page
-            const limit = request.query.limit
-            const orderBy = request.query.orderBy
-            const order = request.query.order
-            const search = request.query.search
-            const userService = UserServiceFactory()
-            const filters = []
-            if(request.rbac.getAuthUser.tenantId){
-                filters.push({field: 'tenant', operator: 'eq', value: request.rbac.getAuthUser.tenantId})
-            }
-            let paginateResult = await userService.paginate({page, limit, orderBy, order, search, filters})
-            for(let item of paginateResult.items){
-                item.password = undefined
-                delete item.password
-            }
-            return paginateResult
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
+    fastify.post('/api/password', (req,rep) => controller.myPassword(req,rep))
-    fastify.post('/api/users', async (request, reply): Promise<IUser> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.CreateUser)
-            const payload = request.body
-            const userService = UserServiceFactory()
-            if(request.rbac.getAuthUser.tenantId){
-                payload.tenant = request.rbac.getAuthUser.tenantId
-            }
-            let user = await userService.create(payload)
-            return user
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
+    fastify.post('/api/password/:id', (req,rep) => controller.password(req,rep))
-    })
+    fastify.post('/api/user/avatar', (req,rep) => controller.updateAvatar(req,rep))
-    fastify.put('/api/users/:id', async (request, reply): Promise<IUser> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.UpdateUser)
-            const id = request.params.id
-            const payload = request.body
-            const userService = UserServiceFactory()
-            if(request.rbac.getAuthUser.tenantId){
-                payload.tenant = request.rbac.getAuthUser.tenantId
-            }
-            let user = await userService.update(id, payload)
-            return user
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            }
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-    fastify.delete('/api/users/:id', async (request, reply): Promise<any> => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.DeleteUser)
-            const id = request.params.id
-            const userService = UserServiceFactory()
-            let r = await userService.delete(id)
-            return r
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-    fastify.post('/api/password', async (request, reply) => {
-        try {
-            if(!request.authUser){
-                throw new UnauthorizedError()
-            }
-            const userId = request.authUser.id
-            const currentPassword = request.body.currentPassword
-            const newPassword = request.body.newPassword
-            const userService = UserServiceFactory()
-            return await userService.changeOwnPassword(userId, currentPassword, newPassword)
-        } catch (e) {
-            console.error('/api/password error', e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
-    fastify.post('/api/password/:id', async (request, reply) => {
-        try {
-            request.rbac.assertPermission(IdentityPermissions.UpdateUser)
-            const userId = request.params.id
-            if(!userId){
-                throw new UnauthorizedError()
-            }
-            const newPassword = request.body.newPassword
-            const userService = UserServiceFactory()
-            return await userService.changeUserPassword(userId, newPassword)
-        } catch (e) {
-            console.error('/api/password error', e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-    })
+    fastify.get('/api/user/avatar/:filename', (req,rep) => controller.getAvatar(req,rep))
 }

package/src/services/RoleService.ts CHANGED Viewed

@@ -1,15 +1,17 @@
 import {IRoleRepository} from "../interfaces/IRoleRepository";
-import { ZodErrorToValidationError} from "@drax/common-back"
+import {UnauthorizedError, ValidationError, ZodErrorToValidationError} from "@drax/common-back"
+import { AbstractService } from "@drax/crud-back"
 import {roleSchema} from "../zod/RoleZod.js";
 import {ZodError} from "zod";
 import {IDraxPaginateOptions, IDraxPaginateResult} from "@drax/crud-share";
 import type {IRoleBase, IRole} from "@drax/identity-share";
-class RoleService {
+class RoleService extends AbstractService<IRole, IRoleBase, IRoleBase> {
     _repository: IRoleRepository
     constructor(roleRepostitory: IRoleRepository) {
+        super(roleRepostitory, roleSchema)
         this._repository = roleRepostitory
         console.log("RoleService constructor")
     }
@@ -29,11 +31,15 @@ class RoleService {
         }
     }
-    async update(id: string, roleData: IRoleBase) {
+    async update(id: string, roleData: IRoleBase): Promise<IRole> {
         try {
             roleData.name = roleData?.name?.trim()
             await roleSchema.parseAsync(roleData)
-            const role = await this._repository.update(id, roleData)
+            const currentRole = await this.findById(id)
+            if(currentRole.readonly){
+                throw new ValidationError([{field:'name', reason:"role.readonly", value:roleData.name}])
+            }
+            const role: IRole = await this._repository.update(id, roleData)
             return role
         } catch (e) {
             console.error("Error updating role", e)
@@ -44,7 +50,36 @@ class RoleService {
         }
     }
+    async systemUpdate(id: string, roleData: IRoleBase): Promise<IRole> {
+        try {
+            roleData.name = roleData?.name?.trim()
+            await roleSchema.parseAsync(roleData)
+            const role: IRole = await this._repository.update(id, roleData)
+            return role
+        } catch (e) {
+            console.error("Error systemUpdating role", e)
+            if (e instanceof ZodError) {
+                throw ZodErrorToValidationError(e, roleData)
+            }
+            throw e
+        }
+    }
     async delete(id: string): Promise<boolean> {
+        try {
+            const currentRole = await this.findById(id)
+            if(currentRole.readonly){
+                throw new UnauthorizedError()
+            }
+            const deletedRole = await this._repository.delete(id);
+            return deletedRole;
+        } catch (e) {
+            console.error("Error deleting role", e)
+            throw e
+        }
+    }
+    async systemDelete(id: string): Promise<boolean> {
         try {
             const deletedRole = await this._repository.delete(id);
             return deletedRole;
@@ -81,6 +116,12 @@ class RoleService {
         return roles
     }
+    async search(value: any): Promise<IRole[]> {
+        const limit = 100
+        const roles: IRole[] = await this._repository.search(value, limit);
+        return roles;
+    }
     async paginate({
                        page = 1,
                        limit = 5,

package/src/services/TenantService.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import {ITenantRepository} from "../interfaces/ITenantRepository";
 import {ValidationError, ZodErrorToValidationError} from "@drax/common-back"
 import {tenantSchema} from "../zod/TenantZod.js";
 import {ZodError} from "zod";
-import {ITenantBase, ITenant} from "@drax/identity-share";
+import {ITenantBase, ITenant, IRole} from "@drax/identity-share";
 import {IDraxPaginateOptions, IDraxPaginateResult} from "@drax/crud-share";
 import {AbstractService} from "@drax/crud-back";
@@ -90,6 +90,12 @@ class TenantService extends AbstractService<ITenant,ITenantBase,ITenantBase> {
     }
+    async search(value: any): Promise<ITenant[]> {
+        const limit = 100
+        const tenants: ITenant[] = await this._repository.search(value, limit);
+        return tenants;
+    }
     async paginate({
                        page = 1,
                        limit = 5,

package/src/services/UserApiKeyService.ts CHANGED Viewed

@@ -7,12 +7,14 @@ import {IDraxPaginateOptions, IDraxPaginateResult} from "@drax/crud-share";
 import crypto from "node:crypto";
 import AuthUtils from "../utils/AuthUtils.js";
 import IdentityConfig from "../config/IdentityConfig.js";
+import {AbstractService} from "@drax/crud-back";
-class UserApiKeyService {
+class UserApiKeyService extends AbstractService<IUserApiKey, IUserApiKeyBase, IUserApiKeyBase>{
     _repository: IUserApiKeyRepository
     constructor(userApiKeyRepostitory: IUserApiKeyRepository) {
+        super(userApiKeyRepostitory,userApiKeySchema)
         this._repository = userApiKeyRepostitory
         console.log("UserApiKeyService constructor")
     }
@@ -22,6 +24,9 @@ class UserApiKeyService {
             userApiKeyData.name = userApiKeyData?.name?.trim()
             const secret = crypto.randomUUID()
             const APIKEY_SECRET = DraxConfig.getOrLoad(IdentityConfig.ApiKeySecret)
+            if(!APIKEY_SECRET){
+                throw new Error('ApiKey miss configuration')
+            }
             userApiKeyData.secret = AuthUtils.generateHMAC(APIKEY_SECRET, secret)
             await userApiKeySchema.parseAsync(userApiKeyData)
             const userApiKey = await this._repository.create(userApiKeyData)
@@ -74,9 +79,14 @@ class UserApiKeyService {
     }
     async findBySecret(secret: string): Promise<IUserApiKey | null> {
         try{
             const APIKEY_SECRET = DraxConfig.getOrLoad(IdentityConfig.ApiKeySecret)
+            if(!APIKEY_SECRET){
+                throw new Error('ApiKey miss configuration')
+            }
             const hashedSecret = AuthUtils.generateHMAC(APIKEY_SECRET, secret)
             const userApiKey: IUserApiKey = await this._repository.findBySecret(hashedSecret);
             return userApiKey

package/src/services/UserService.ts CHANGED Viewed

@@ -3,15 +3,18 @@ import type {IUserRepository} from "../interfaces/IUserRepository";
 import {ZodError} from "zod";
 import {ValidationError, ZodErrorToValidationError} from "@drax/common-back";
 import AuthUtils from "../utils/AuthUtils.js";
-import {createUserSchema, editUserSchema,} from "../zod/UserZod.js";
+import {createUserSchema, editUserSchema, userBaseSchema} from "../zod/UserZod.js";
 import BadCredentialsError from "../errors/BadCredentialsError.js";
 import {IDraxPaginateOptions, IDraxPaginateResult} from "@drax/crud-share";
+import {AbstractService} from "@drax/crud-back";
+import {ITenant} from "@drax/identity-share";
-class UserService {
+class UserService extends AbstractService<IUser, IUserCreate, IUserUpdate>{
     _repository: IUserRepository
     constructor(userRepository: IUserRepository) {
+        super(userRepository,userBaseSchema);
         this._repository = userRepository;
         console.log("UserService constructor")
     }
@@ -123,8 +126,11 @@ class UserService {
     async delete(id: string): Promise<boolean> {
         try {
-            const deletedRole: boolean = await this._repository.delete(id);
-            return deletedRole;
+            const result: boolean = await this._repository.delete(id);
+            if(!result){
+                throw new Error("error.deletionFailed")
+            }
+            return result;
         } catch (e) {
             console.error("Error deleting user", e)
             throw e
@@ -171,6 +177,12 @@ class UserService {
         }
     }
+    async search(value: any): Promise<IUser[]> {
+        const limit = 100
+        const users: IUser[] = await this._repository.search(value, limit);
+        return users;
+    }
 }
 export default UserService

package/src/setup/CreateOrUpdateRole.ts CHANGED Viewed

@@ -18,7 +18,7 @@ async function CreateOrUpdateRole(roleData: IRoleBase) {
     }
     if(role){
-        const r = await roleService.update(role.id, roleData)
+        const r = await roleService.systemUpdate(role.id, roleData)
         console.log("Role Updated. Name: "+ roleData.name)
     }else{
         const r = await roleService.create(roleData)