@drax/identity-back 3.13.0 → 3.14.0

package/dist/controllers/UserApiKeyController.js

@@ -1,129 +1,18 @@
 import { AbstractFastifyController } from "@drax/crud-back";
-import { ValidationError, UnauthorizedError } from "@drax/common-back";
 import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import UserApiKeyPermissions from "../permissions/UserApiKeyPermissions.js";
 class UserApiKeyController extends AbstractFastifyController {
     constructor() {
         super(UserApiKeyServiceFactory(), UserApiKeyPermissions);
+        this.userField = 'user';
+        this.userFilter = true;
+        this.userSetter = true;
+        this.userAssert = true;
     }
-    async paginate(request, reply) {
-        try {
-            request.rbac.assertAuthenticated();
-            request.rbac.assertOrPermissions([
-                UserApiKeyPermissions.View,
-                UserApiKeyPermissions.ViewMy
-            ]);
-            const filters = [];
-            if (!request.rbac.hasPermission(UserApiKeyPermissions.View)) {
-                filters.push({ field: "user", operator: "eq", value: request.rbac.userId });
-            }
-            const page = request.query.page;
-            const limit = request.query.limit;
-            const orderBy = request.query.orderBy;
-            const order = request.query.order;
-            const search = request.query.search;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let paginateResult = await userApiKeyService.paginate({ page, limit, orderBy, order, search, filters });
-            return paginateResult;
-        }
-        catch (e) {
-            console.log("/api/user-api-keys", e);
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
-    }
-    async create(request, reply) {
-        try {
-            request.rbac.assertOrPermissions([UserApiKeyPermissions.Create, UserApiKeyPermissions.CreateMy]);
-            const payload = request.body;
-            if (!request.rbac.hasPermission(UserApiKeyPermissions.Create) || !payload.user) {
-                payload.user = request.rbac.userId;
-            }
-            payload.createdBy = request.rbac.userId;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let userApiKey = await userApiKeyService.create(payload);
-            return userApiKey;
-        }
-        catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
-    }
-    async update(request, reply) {
-        try {
-            request.rbac.assertPermission(UserApiKeyPermissions.Update);
-            const id = request.params.id;
-            const payload = request.body;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let userApiKey = await userApiKeyService.update(id, payload);
-            return userApiKey;
-        }
-        catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
-    }
-    async delete(request, reply) {
-        try {
-            request.rbac.assertPermission(UserApiKeyPermissions.Delete);
-            const id = request.params.id;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let r = await userApiKeyService.delete(id);
-            if (r) {
-                reply.send({ message: 'Deleted successfully' });
-            }
-            else {
-                reply.statusCode(400).send({ message: 'Not deleted' });
-            }
-        }
-        catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
+    async preCreate(request, payload) {
+        request.rbac.assertAuthenticated();
+        payload.createdBy = request.rbac.userId;
+        return payload;
     }
 }
 export default UserApiKeyController;

package/dist/graphql/resolvers/user-api-key.resolvers.js

@@ -9,13 +9,12 @@ export default {
             try {
                 rbac.assertAuthenticated();
                 rbac.assertOrPermissions([
-                    UserApiKeyPermissions.View,
-                    UserApiKeyPermissions.ViewMy
+                    UserApiKeyPermissions.View
                 ]);
                 if (!Array.isArray(options.filters)) {
                     options.filters = [];
                 }
-                if (!rbac.hasPermission(UserApiKeyPermissions.View)) {
+                if (!rbac.hasPermission(UserApiKeyPermissions.ViewAll)) {
                     options.filters.push({ field: "user", operator: "eq", value: rbac.userId });
                 }
                 const userApiKeyService = UserApiKeyServiceFactory();

package/dist/middleware/apiKeyMiddleware.js

@@ -3,7 +3,7 @@ import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 const verifyIp = DraxConfig.getOrLoad(IdentityConfig.VerifyIP, 'boolean', true);
 const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL, 'number', 10000);
-const draxCache = new DraxCache(cacheTTL);
+const draxCache = new DraxCache({ ttl: cacheTTL, namespace: 'identity:api-key' });
 async function userApiKeyLoader(k) {
     const userApiKeyService = UserApiKeyServiceFactory();
     const userApiKey = await userApiKeyService.findBySecret(k);

package/dist/middleware/rbacMiddleware.js

@@ -3,7 +3,7 @@ import RoleServiceFactory from "../factory/RoleServiceFactory.js";
 import Rbac from "../rbac/Rbac.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL, 'number', 10000);
-const draxCache = new DraxCache(cacheTTL);
+const draxCache = new DraxCache({ ttl: cacheTTL, namespace: 'identity:role' });
 async function roleLoader(k) {
     const roleService = RoleServiceFactory();
     const role = await roleService.findById(k);

package/dist/permissions/UserApiKeyPermissions.js

@@ -1,11 +1,10 @@
 var UserApiKeyPermissions;
 (function (UserApiKeyPermissions) {
     UserApiKeyPermissions["Create"] = "userApiKey:create";
-    UserApiKeyPermissions["CreateMy"] = "userApiKey:createMy";
     UserApiKeyPermissions["Update"] = "userApiKey:update";
     UserApiKeyPermissions["Delete"] = "userApiKey:delete";
     UserApiKeyPermissions["View"] = "userApiKey:view";
-    UserApiKeyPermissions["ViewMy"] = "userApiKey:viewMy";
+    UserApiKeyPermissions["ViewAll"] = "userApiKey:viewAll";
     UserApiKeyPermissions["Manage"] = "userApiKey:manage";
 })(UserApiKeyPermissions || (UserApiKeyPermissions = {}));
 export default UserApiKeyPermissions;

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "3.13.0",
+  "version": "3.14.0",
   "description": "Identity module for user management, authentication and authorization.",
   "main": "dist/index.js",
   "types": "types/index.d.ts",
@@ -28,9 +28,9 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^3.10.0",
-    "@drax/crud-back": "^3.13.0",
-    "@drax/crud-share": "^3.13.0",
+    "@drax/common-back": "^3.14.0",
+    "@drax/crud-back": "^3.14.0",
+    "@drax/crud-share": "^3.14.0",
     "@drax/email-back": "^3.1.0",
     "@drax/identity-share": "^3.0.0",
     "bcryptjs": "^2.4.3",
@@ -63,5 +63,5 @@
       "debug": "0"
     }
   },
-  "gitHead": "5f68eefbcb01c876471e387a815fee1040489c2c"
+  "gitHead": "cec0f824be0bfff0965d7bc7b95241406c53c04d"
 }

package/src/controllers/UserApiKeyController.ts

@@ -1,149 +1,35 @@
 import type {IUserApiKey, IUserApiKeyBase} from "@drax/identity-share";
-import {AbstractFastifyController} from "@drax/crud-back";
-import {ValidationError, UnauthorizedError} from "@drax/common-back";
+import {AbstractFastifyController, CustomRequest} from "@drax/crud-back";
 
 import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import UserApiKeyService from "../services/UserApiKeyService.js";
 import UserApiKeyPermissions from "../permissions/UserApiKeyPermissions.js";
 
-class UserApiKeyController extends AbstractFastifyController<IUserApiKey, IUserApiKeyBase, IUserApiKeyBase>   {
+type UserApiKeyPayload = IUserApiKeyBase & {
+    user?: string
+}
+
+class UserApiKeyController extends AbstractFastifyController<IUserApiKey, UserApiKeyPayload, UserApiKeyPayload> {
 
     protected service: UserApiKeyService
 
+    protected userField: string = 'user'
+    protected userFilter: boolean = true
+    protected userSetter: boolean = true
+    protected userAssert: boolean = true
+
     constructor() {
         super(UserApiKeyServiceFactory(), UserApiKeyPermissions)
     }
 
-
-    async paginate(request, reply) {
-        try {
-            request.rbac.assertAuthenticated()
-
-            request.rbac.assertOrPermissions([
-                UserApiKeyPermissions.View,
-                UserApiKeyPermissions.ViewMy
-            ])
-
-            const filters = []
-
-            if(!request.rbac.hasPermission(UserApiKeyPermissions.View)){
-                filters.push({field: "user", operator: "eq", value: request.rbac.userId})
-            }
-
-            const page = request.query.page
-            const limit = request.query.limit
-            const orderBy = request.query.orderBy
-            const order = request.query.order
-            const search = request.query.search
-            const userApiKeyService = UserApiKeyServiceFactory()
-
-
-            let paginateResult = await userApiKeyService.paginate({page, limit, orderBy, order, search, filters})
-            return paginateResult
-        } catch (e) {
-            console.log("/api/user-api-keys",e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-
+    async preCreate(request: CustomRequest, payload: UserApiKeyPayload): Promise<UserApiKeyPayload> {
+        request.rbac.assertAuthenticated()
+        payload.createdBy = request.rbac.userId
+        return payload
     }
-
-    async create(request, reply) {
-        try {
-            request.rbac.assertOrPermissions([UserApiKeyPermissions.Create, UserApiKeyPermissions.CreateMy])
-            const payload = request.body
-
-            if(!request.rbac.hasPermission(UserApiKeyPermissions.Create) || !payload.user){
-                payload.user = request.rbac.userId
-            }
-
-            payload.createdBy = request.rbac.userId
-
-            const userApiKeyService = UserApiKeyServiceFactory()
-
-            let userApiKey = await userApiKeyService.create(payload)
-            return userApiKey
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-
-    }
-
-
-    async update(request, reply) {
-        try {
-            request.rbac.assertPermission(UserApiKeyPermissions.Update)
-            const id = request.params.id
-            const payload = request.body
-            const userApiKeyService = UserApiKeyServiceFactory()
-            let userApiKey = await userApiKeyService.update(id, payload)
-            return userApiKey
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            }
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-
-    }
-
-    async delete(request, reply) : Promise<void>  {
-        try {
-            request.rbac.assertPermission(UserApiKeyPermissions.Delete)
-            const id = request.params.id
-            const userApiKeyService = UserApiKeyServiceFactory()
-            let r = await userApiKeyService.delete(id)
-            if(r){
-                reply.send({message: 'Deleted successfully'})
-            }else{
-                reply.statusCode(400).send({message: 'Not deleted'})
-            }
-        } catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'error.server'})
-            }
-        }
-
-    }
-
 }
 
 export default UserApiKeyController;
 export {
     UserApiKeyController
 }
-

package/src/graphql/resolvers/user-api-key.resolvers.ts

@@ -14,15 +14,14 @@ export default {
 
 
                 rbac.assertOrPermissions([
-                    UserApiKeyPermissions.View,
-                    UserApiKeyPermissions.ViewMy
+                    UserApiKeyPermissions.View
                 ])
 
                 if(!Array.isArray(options.filters)){
                     options.filters = []
                 }
 
-                if(!rbac.hasPermission(UserApiKeyPermissions.View)){
+                if(!rbac.hasPermission(UserApiKeyPermissions.ViewAll)){
                     options.filters.push({field: "user", operator: "eq", value: rbac.userId})
                 }
 

package/src/middleware/apiKeyMiddleware.ts

@@ -6,7 +6,7 @@ import IdentityConfig from "../config/IdentityConfig.js";
 const verifyIp = DraxConfig.getOrLoad(IdentityConfig.VerifyIP, 'boolean', true);
 const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL, 'number',10000)
 
-const draxCache = new DraxCache<IUserApiKey>(cacheTTL);
+const draxCache = new DraxCache<IUserApiKey>({ ttl: cacheTTL, namespace: 'identity:api-key' });
 
 
 async function userApiKeyLoader(k): Promise<IUserApiKey | null> {

package/src/middleware/rbacMiddleware.ts

@@ -5,7 +5,7 @@ import Rbac from "../rbac/Rbac.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 
 const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL, 'number',10000) ;
-const draxCache = new DraxCache<IRole>(cacheTTL);
+const draxCache = new DraxCache<IRole>({ ttl: cacheTTL, namespace: 'identity:role' });
 
 
 async function roleLoader(k):Promise<IRole | null> {

package/src/permissions/UserApiKeyPermissions.ts

@@ -1,10 +1,9 @@
 enum UserApiKeyPermissions {
     Create = "userApiKey:create",
-    CreateMy = "userApiKey:createMy",
     Update = "userApiKey:update",
     Delete = "userApiKey:delete",
     View = "userApiKey:view",
-    ViewMy = "userApiKey:viewMy",
+    ViewAll = "userApiKey:viewAll",
     Manage = "userApiKey:manage",
 
 }