npm - @drax/identity-back - Versions diffs - 3.13.0 → 3.15.0 - Mend

@drax/identity-back 3.13.0 → 3.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/dist/config/PasswordPolicyConfig.js ADDED Viewed

@@ -0,0 +1,14 @@
+var PasswordPolicyConfig;
+(function (PasswordPolicyConfig) {
+    PasswordPolicyConfig["MinLength"] = "PASSWORD_POLICY_MIN_LENGTH";
+    PasswordPolicyConfig["MaxLength"] = "PASSWORD_POLICY_MAX_LENGTH";
+    PasswordPolicyConfig["RequireUppercase"] = "PASSWORD_POLICY_REQUIRE_UPPERCASE";
+    PasswordPolicyConfig["RequireLowercase"] = "PASSWORD_POLICY_REQUIRE_LOWERCASE";
+    PasswordPolicyConfig["RequireNumber"] = "PASSWORD_POLICY_REQUIRE_NUMBER";
+    PasswordPolicyConfig["RequireSpecialChar"] = "PASSWORD_POLICY_REQUIRE_SPECIAL_CHAR";
+    PasswordPolicyConfig["DisallowSpaces"] = "PASSWORD_POLICY_DISALLOW_SPACES";
+    PasswordPolicyConfig["PreventReuse"] = "PASSWORD_POLICY_PREVENT_REUSE";
+    PasswordPolicyConfig["ExpirationDays"] = "PASSWORD_POLICY_EXPIRATION_DAYS";
+})(PasswordPolicyConfig || (PasswordPolicyConfig = {}));
+export default PasswordPolicyConfig;
+export { PasswordPolicyConfig };

package/dist/controllers/UserApiKeyController.js CHANGED Viewed

@@ -1,129 +1,18 @@
 import { AbstractFastifyController } from "@drax/crud-back";
-import { ValidationError, UnauthorizedError } from "@drax/common-back";
 import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import UserApiKeyPermissions from "../permissions/UserApiKeyPermissions.js";
 class UserApiKeyController extends AbstractFastifyController {
     constructor() {
         super(UserApiKeyServiceFactory(), UserApiKeyPermissions);
+        this.userField = 'user';
+        this.userFilter = true;
+        this.userSetter = true;
+        this.userAssert = true;
     }
-    async paginate(request, reply) {
-        try {
-            request.rbac.assertAuthenticated();
-            request.rbac.assertOrPermissions([
-                UserApiKeyPermissions.View,
-                UserApiKeyPermissions.ViewMy
-            ]);
-            const filters = [];
-            if (!request.rbac.hasPermission(UserApiKeyPermissions.View)) {
-                filters.push({ field: "user", operator: "eq", value: request.rbac.userId });
-            }
-            const page = request.query.page;
-            const limit = request.query.limit;
-            const orderBy = request.query.orderBy;
-            const order = request.query.order;
-            const search = request.query.search;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let paginateResult = await userApiKeyService.paginate({ page, limit, orderBy, order, search, filters });
-            return paginateResult;
-        }
-        catch (e) {
-            console.log("/api/user-api-keys", e);
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
-    }
-    async create(request, reply) {
-        try {
-            request.rbac.assertOrPermissions([UserApiKeyPermissions.Create, UserApiKeyPermissions.CreateMy]);
-            const payload = request.body;
-            if (!request.rbac.hasPermission(UserApiKeyPermissions.Create) || !payload.user) {
-                payload.user = request.rbac.userId;
-            }
-            payload.createdBy = request.rbac.userId;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let userApiKey = await userApiKeyService.create(payload);
-            return userApiKey;
-        }
-        catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
-    }
-    async update(request, reply) {
-        try {
-            request.rbac.assertPermission(UserApiKeyPermissions.Update);
-            const id = request.params.id;
-            const payload = request.body;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let userApiKey = await userApiKeyService.update(id, payload);
-            return userApiKey;
-        }
-        catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
-    }
-    async delete(request, reply) {
-        try {
-            request.rbac.assertPermission(UserApiKeyPermissions.Delete);
-            const id = request.params.id;
-            const userApiKeyService = UserApiKeyServiceFactory();
-            let r = await userApiKeyService.delete(id);
-            if (r) {
-                reply.send({ message: 'Deleted successfully' });
-            }
-            else {
-                reply.statusCode(400).send({ message: 'Not deleted' });
-            }
-        }
-        catch (e) {
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message, inputErrors: e.errors });
-            }
-            else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode;
-                reply.send({ error: e.message });
-            }
-            else {
-                reply.statusCode = 500;
-                reply.send({ error: 'error.server' });
-            }
-        }
+    async preCreate(request, payload) {
+        request.rbac.assertAuthenticated();
+        payload.createdBy = request.rbac.userId;
+        return payload;
     }
 }
 export default UserApiKeyController;

package/dist/controllers/UserController.js CHANGED Viewed

@@ -9,6 +9,7 @@ import { join } from "path";
 import { IdentityConfig } from "../config/IdentityConfig.js";
 import UserEmailService from "../services/UserEmailService.js";
 import TenantServiceFactory from "../factory/TenantServiceFactory.js";
+import PasswordPolicyServiceFactory from "../factory/PasswordPolicyServiceFactory.js";
 const BASE_FILE_DIR = DraxConfig.getOrLoad(CommonConfig.FileDir) || 'files';
 const AVATAR_DIR = DraxConfig.getOrLoad(IdentityConfig.AvatarDir) || 'avatar';
 const BASE_URL = DraxConfig.getOrLoad(CommonConfig.BaseUrl) ? DraxConfig.get(CommonConfig.BaseUrl).replace(/\/$/, '') : '';
@@ -72,6 +73,15 @@ class UserController extends AbstractFastifyController {
             reply.send({ error: 'error.server' });
         }
     }
+    async passwordPolicy(request, reply) {
+        try {
+            const passwordPolicyService = PasswordPolicyServiceFactory();
+            return await passwordPolicyService.getFinalPolicy();
+        }
+        catch (e) {
+            this.handleError(e, reply);
+        }
+    }
     async me(request, reply) {
         try {
             if (request.authUser) {

package/dist/factory/PasswordPolicyResolverFactory.js ADDED Viewed

@@ -0,0 +1,9 @@
+import PasswordPolicyResolver from "../resolver/PasswordPolicyResolver.js";
+let passwordPolicyResolver;
+const PasswordPolicyResolverFactory = () => {
+    if (!passwordPolicyResolver) {
+        passwordPolicyResolver = new PasswordPolicyResolver();
+    }
+    return passwordPolicyResolver;
+};
+export default PasswordPolicyResolverFactory;

package/dist/factory/PasswordPolicyServiceFactory.js ADDED Viewed

@@ -0,0 +1,27 @@
+import PasswordPolicyService from "../services/PasswordPolicyService.js";
+import PasswordPolicyResolverFactory from "./PasswordPolicyResolverFactory.js";
+import UserPasswordHistoryServiceFactory from "./UserPasswordHistoryServiceFactory.js";
+import UserMongoRepository from "../repository/mongo/UserMongoRepository.js";
+import UserSqliteRepository from "../repository/sqlite/UserSqliteRepository.js";
+import { COMMON, CommonConfig, DraxConfig } from "@drax/common-back";
+let passwordPolicyService;
+const PasswordPolicyServiceFactory = (verbose = false) => {
+    if (!passwordPolicyService) {
+        let userRepository;
+        switch (DraxConfig.getOrLoad(CommonConfig.DbEngine)) {
+            case COMMON.DB_ENGINES.MONGODB:
+                userRepository = new UserMongoRepository();
+                break;
+            case COMMON.DB_ENGINES.SQLITE:
+                userRepository = new UserSqliteRepository(DraxConfig.getOrLoad(CommonConfig.SqliteDbFile), verbose);
+                userRepository.build();
+                break;
+            default:
+                throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
+        }
+        const passwordPolicyResolver = PasswordPolicyResolverFactory();
+        passwordPolicyService = new PasswordPolicyService(passwordPolicyResolver, userRepository, UserPasswordHistoryServiceFactory(verbose));
+    }
+    return passwordPolicyService;
+};
+export default PasswordPolicyServiceFactory;

package/dist/factory/UserPasswordHistoryServiceFactory.js ADDED Viewed

@@ -0,0 +1,25 @@
+import { COMMON, CommonConfig, DraxConfig } from "@drax/common-back";
+import UserPasswordHistoryMongoRepository from "../repository/mongo/UserPasswordHistoryMongoRepository.js";
+import UserPasswordHistorySqliteRepository from "../repository/sqlite/UserPasswordHistorySqliteRepository.js";
+import UserPasswordHistoryService from "../services/UserPasswordHistoryService.js";
+let userPasswordHistoryService;
+const UserPasswordHistoryServiceFactory = (verbose = false) => {
+    if (!userPasswordHistoryService) {
+        let repository;
+        switch (DraxConfig.getOrLoad(CommonConfig.DbEngine)) {
+            case COMMON.DB_ENGINES.MONGODB:
+                repository = new UserPasswordHistoryMongoRepository();
+                break;
+            case COMMON.DB_ENGINES.SQLITE:
+                const sqliteRepository = new UserPasswordHistorySqliteRepository(DraxConfig.getOrLoad(CommonConfig.SqliteDbFile), verbose);
+                sqliteRepository.build();
+                repository = sqliteRepository;
+                break;
+            default:
+                throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
+        }
+        userPasswordHistoryService = new UserPasswordHistoryService(repository);
+    }
+    return userPasswordHistoryService;
+};
+export default UserPasswordHistoryServiceFactory;

package/dist/factory/UserServiceFactory.js CHANGED Viewed

@@ -2,6 +2,8 @@ import UserMongoRepository from "../repository/mongo/UserMongoRepository.js";
 import UserService from "../services/UserService.js";
 import UserSqliteRepository from "../repository/sqlite/UserSqliteRepository.js";
 import { COMMON, CommonConfig, DraxConfig } from "@drax/common-back";
+import PasswordPolicyServiceFactory from "./PasswordPolicyServiceFactory.js";
+import UserPasswordHistoryServiceFactory from "./UserPasswordHistoryServiceFactory.js";
 let userService;
 const UserServiceFactory = (verbose = false) => {
     if (!userService) {
@@ -18,7 +20,7 @@ const UserServiceFactory = (verbose = false) => {
             default:
                 throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
         }
-        userService = new UserService(userRepository);
+        userService = new UserService(userRepository, PasswordPolicyServiceFactory(verbose), UserPasswordHistoryServiceFactory(verbose));
     }
     return userService;
 };

package/dist/graphql/resolvers/user-api-key.resolvers.js CHANGED Viewed

@@ -9,13 +9,12 @@ export default {
             try {
                 rbac.assertAuthenticated();
                 rbac.assertOrPermissions([
-                    UserApiKeyPermissions.View,
-                    UserApiKeyPermissions.ViewMy
+                    UserApiKeyPermissions.View
                 ]);
                 if (!Array.isArray(options.filters)) {
                     options.filters = [];
                 }
-                if (!rbac.hasPermission(UserApiKeyPermissions.View)) {
+                if (!rbac.hasPermission(UserApiKeyPermissions.ViewAll)) {
                     options.filters.push({ field: "user", operator: "eq", value: rbac.userId });
                 }
                 const userApiKeyService = UserApiKeyServiceFactory();

package/dist/index.js CHANGED Viewed

@@ -5,6 +5,8 @@ import TenantServiceFactory from "./factory/TenantServiceFactory.js";
 import UserApiKeyServiceFactory from "./factory/UserApiKeyServiceFactory.js";
 import UserLoginFailServiceFactory from "./factory/UserLoginFailServiceFactory.js";
 import UserSessionServiceFactory from "./factory/UserSessionServiceFactory.js";
+import PasswordPolicyServiceFactory from "./factory/PasswordPolicyServiceFactory.js";
+import UserPasswordHistoryServiceFactory from "./factory/UserPasswordHistoryServiceFactory.js";
 import RoleService from "./services/RoleService.js";
 import UserService from "./services/UserService.js";
 import TenantService from "./services/TenantService.js";
@@ -12,6 +14,9 @@ import PermissionService from "./services/PermissionService.js";
 import UserApiKeyService from "./services/UserApiKeyService.js";
 import UserSessionService from "./services/UserSessionService.js";
 import UserLoginFailService from "./services/UserLoginFailService.js";
+import UserPasswordHistoryService from "./services/UserPasswordHistoryService.js";
+import PasswordPolicyService from "./services/PasswordPolicyService.js";
+import PasswordPolicyResolver from "./resolver/PasswordPolicyResolver.js";
 import Rbac from "./rbac/Rbac.js";
 import { UserRoutes } from "./routes/UserRoutes.js";
 import { RoleRoutes } from "./routes/RoleRoutes.js";
@@ -24,6 +29,7 @@ import { jwtMiddleware } from "./middleware/jwtMiddleware.js";
 import { rbacMiddleware } from "./middleware/rbacMiddleware.js";
 import { apiKeyMiddleware } from "./middleware/apiKeyMiddleware.js";
 import IdentityConfig from "./config/IdentityConfig.js";
+import PasswordPolicyConfig from "./config/PasswordPolicyConfig.js";
 import BadCredentialsError from "./errors/BadCredentialsError.js";
 import CreateUserIfNotExist from "./setup/CreateUserIfNotExist.js";
 import CreateTenantIfNotExist from "./setup/CreateTenantIfNotExist.js";
@@ -31,24 +37,28 @@ import CreateOrUpdateRole from "./setup/CreateOrUpdateRole.js";
 import LoadPermissions from "./setup/LoadPermissions.js";
 import LoadIdentityConfigFromEnv from "./setup/LoadIdentityConfigFromEnv.js";
 import RecoveryUserPassword from "./setup/RecoveryUserPassword.js";
+import SetProjectPasswordPolicy from "./setup/SetProjectPasswordPolicy.js";
 import { RoleModel, RoleMongoSchema } from "./models/RoleModel.js";
 import { TenantModel, TenantMongoSchema } from "./models/TenantModel.js";
 import { UserModel, UserMongoSchema } from "./models/UserModel.js";
 import { UserApiKeyModel, UserApiKeyMongoSchema } from "./models/UserApiKeyModel.js";
 import { UserSessionModel, UserSessionMongoSchema } from "./models/UserSessionModel.js";
 import { UserLoginFailModel, UserLoginFailMongoSchema } from "./models/UserLoginFailModel.js";
+import { UserPasswordHistoryModel, UserPasswordHistoryMongoSchema } from "./models/UserPasswordHistoryModel.js";
 import RoleMongoRepository from "./repository/mongo/RoleMongoRepository.js";
 import TenantMongoRepository from "./repository/mongo/TenantMongoRepository.js";
 import UserMongoRepository from "./repository/mongo/UserMongoRepository.js";
 import UserApiKeyMongoRepository from "./repository/mongo/UserApiKeyMongoRepository.js";
 import UserSessionMongoRepository from "./repository/mongo/UserSessionMongoRepository.js";
 import UserLoginFailMongoRepository from "./repository/mongo/UserLoginFailMongoRepository.js";
+import UserPasswordHistoryMongoRepository from "./repository/mongo/UserPasswordHistoryMongoRepository.js";
 import RoleSqliteRepository from "./repository/sqlite/RoleSqliteRepository.js";
 import TenantSqliteRepository from "./repository/sqlite/TenantSqliteRepository.js";
 import UserSqliteRepository from "./repository/sqlite/UserSqliteRepository.js";
 import UserApiKeySqliteRepository from "./repository/sqlite/UserApiKeySqliteRepository.js";
 import UserLoginFailSqliteRepository from "./repository/sqlite/UserLoginFailSqliteRepository.js";
 import UserSessionSqliteRepository from "./repository/sqlite/UserSessionSqliteRepository.js";
+import UserPasswordHistorySqliteRepository from "./repository/sqlite/UserPasswordHistorySqliteRepository.js";
 import { RolePermissions } from "./permissions/RolePermissions.js";
 import { TenantPermissions } from "./permissions/TenantPermissions.js";
 import { UserPermissions } from "./permissions/UserPermissions.js";
@@ -61,6 +71,8 @@ import { RoleSchema, RoleBaseSchema } from "./schemas/RoleSchema.js";
 import { UserApiKeySchema, UserApiKeyBaseSchema } from "./schemas/UserApiKeySchema.js";
 import { UserLoginFailBaseSchema } from "./schemas/UserLoginFailSchema.js";
 import { UserSessionBaseSchema } from "./schemas/UserSessionSchema.js";
+import { defaultPasswordPolicy } from "./policies/defaultPasswordPolicy.js";
+import { PasswordPolicySchema } from "./schemas/PasswordPolicySchema.js";
 const graphqlMergeResult = await GraphqlMerge();
 const identityTypeDefs = await graphqlMergeResult.typeDefs;
 const identityResolvers = await graphqlMergeResult.resolvers;
@@ -68,9 +80,9 @@ export {
 //Schemas
 UserSchema, UserBaseSchema, TenantSchema, TenantBaseSchema, RoleSchema, RoleBaseSchema, UserApiKeyBaseSchema, UserApiKeySchema, UserLoginFailBaseSchema, UserSessionBaseSchema,
 //Service
-UserService, RoleService, TenantService, UserApiKeyService, UserSessionService, UserLoginFailService, PermissionService, Rbac,
+UserService, RoleService, TenantService, UserApiKeyService, UserSessionService, UserLoginFailService, UserPasswordHistoryService, PasswordPolicyService, PasswordPolicyResolver, PermissionService, Rbac,
 //Factories
-UserServiceFactory, RoleServiceFactory, TenantServiceFactory, UserApiKeyServiceFactory, UserSessionServiceFactory, UserLoginFailServiceFactory,
+UserServiceFactory, RoleServiceFactory, TenantServiceFactory, UserApiKeyServiceFactory, UserSessionServiceFactory, UserLoginFailServiceFactory, UserPasswordHistoryServiceFactory, PasswordPolicyServiceFactory,
 //GQL
 identityTypeDefs, identityResolvers,
 //API REST
@@ -80,14 +92,14 @@ jwtMiddleware, rbacMiddleware, apiKeyMiddleware,
 //Permissions
 RolePermissions, TenantPermissions, UserPermissions, UserApiKeyPermissions, UserSessionPermissions, UserLoginFailPermissions,
 //Mongo Repositories
-RoleMongoRepository, TenantMongoRepository, UserMongoRepository, UserApiKeyMongoRepository, UserSessionMongoRepository, UserLoginFailMongoRepository,
+RoleMongoRepository, TenantMongoRepository, UserMongoRepository, UserApiKeyMongoRepository, UserSessionMongoRepository, UserLoginFailMongoRepository, UserPasswordHistoryMongoRepository,
 //Mongo Models
-RoleModel, TenantModel, UserModel, UserApiKeyModel, UserSessionModel, UserLoginFailModel, RoleMongoSchema, TenantMongoSchema, UserMongoSchema, UserApiKeyMongoSchema, UserSessionMongoSchema, UserLoginFailMongoSchema,
+RoleModel, TenantModel, UserModel, UserApiKeyModel, UserSessionModel, UserLoginFailModel, UserPasswordHistoryModel, RoleMongoSchema, TenantMongoSchema, UserMongoSchema, UserApiKeyMongoSchema, UserSessionMongoSchema, UserLoginFailMongoSchema, UserPasswordHistoryMongoSchema,
 //Sqlite Repositories
-RoleSqliteRepository, TenantSqliteRepository, UserSqliteRepository, UserApiKeySqliteRepository, UserLoginFailSqliteRepository, UserSessionSqliteRepository,
+RoleSqliteRepository, TenantSqliteRepository, UserSqliteRepository, UserApiKeySqliteRepository, UserLoginFailSqliteRepository, UserSessionSqliteRepository, UserPasswordHistorySqliteRepository,
 //Config
-IdentityConfig,
+IdentityConfig, PasswordPolicyConfig,
 //Errors
-BadCredentialsError,
+BadCredentialsError, defaultPasswordPolicy, PasswordPolicySchema,
 //Setup
-LoadIdentityConfigFromEnv, LoadPermissions, CreateOrUpdateRole, CreateUserIfNotExist, CreateTenantIfNotExist, RecoveryUserPassword };
+LoadIdentityConfigFromEnv, LoadPermissions, CreateOrUpdateRole, CreateUserIfNotExist, CreateTenantIfNotExist, RecoveryUserPassword, SetProjectPasswordPolicy };

package/dist/interfaces/IUserPasswordHistory.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/interfaces/IUserPasswordHistoryRepository.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/middleware/apiKeyMiddleware.js CHANGED Viewed

@@ -3,7 +3,7 @@ import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 const verifyIp = DraxConfig.getOrLoad(IdentityConfig.VerifyIP, 'boolean', true);
 const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL, 'number', 10000);
-const draxCache = new DraxCache(cacheTTL);
+const draxCache = new DraxCache({ ttl: cacheTTL, namespace: 'identity:api-key' });
 async function userApiKeyLoader(k) {
     const userApiKeyService = UserApiKeyServiceFactory();
     const userApiKey = await userApiKeyService.findBySecret(k);

package/dist/middleware/rbacMiddleware.js CHANGED Viewed

@@ -3,7 +3,7 @@ import RoleServiceFactory from "../factory/RoleServiceFactory.js";
 import Rbac from "../rbac/Rbac.js";
 import IdentityConfig from "../config/IdentityConfig.js";
 const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.RbacCacheTTL, 'number', 10000);
-const draxCache = new DraxCache(cacheTTL);
+const draxCache = new DraxCache({ ttl: cacheTTL, namespace: 'identity:role' });
 async function roleLoader(k) {
     const roleService = RoleServiceFactory();
     const role = await roleService.findById(k);

package/dist/models/UserPasswordHistoryModel.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { mongoose } from "@drax/common-back";
+import uniqueValidator from "mongoose-unique-validator";
+import mongoosePaginate from "mongoose-paginate-v2";
+const UserPasswordHistoryMongoSchema = new mongoose.Schema({
+    user: { type: String, required: true, index: true },
+    passwordHash: { type: String, required: true, index: false }
+}, { timestamps: true });
+UserPasswordHistoryMongoSchema.plugin(uniqueValidator, { message: "validation.unique" });
+UserPasswordHistoryMongoSchema.plugin(mongoosePaginate);
+UserPasswordHistoryMongoSchema.virtual("id").get(function () {
+    return this._id.toString();
+});
+UserPasswordHistoryMongoSchema.set("toJSON", { getters: true, virtuals: true });
+UserPasswordHistoryMongoSchema.set("toObject", { getters: true, virtuals: true });
+const MODEL_NAME = "UserPasswordHistory";
+const COLLECTION_NAME = "user_password_history";
+let UserPasswordHistoryModel;
+try {
+    UserPasswordHistoryModel = mongoose.model(MODEL_NAME, UserPasswordHistoryMongoSchema, COLLECTION_NAME);
+}
+catch (e) {
+    if (e.name === "OverwriteModelError") {
+        UserPasswordHistoryModel = mongoose.model(MODEL_NAME);
+    }
+    else {
+        throw e;
+    }
+}
+export { UserPasswordHistoryMongoSchema, UserPasswordHistoryModel };
+export default UserPasswordHistoryModel;

package/dist/permissions/UserApiKeyPermissions.js CHANGED Viewed

@@ -1,11 +1,10 @@
 var UserApiKeyPermissions;
 (function (UserApiKeyPermissions) {
     UserApiKeyPermissions["Create"] = "userApiKey:create";
-    UserApiKeyPermissions["CreateMy"] = "userApiKey:createMy";
     UserApiKeyPermissions["Update"] = "userApiKey:update";
     UserApiKeyPermissions["Delete"] = "userApiKey:delete";
     UserApiKeyPermissions["View"] = "userApiKey:view";
-    UserApiKeyPermissions["ViewMy"] = "userApiKey:viewMy";
+    UserApiKeyPermissions["ViewAll"] = "userApiKey:viewAll";
     UserApiKeyPermissions["Manage"] = "userApiKey:manage";
 })(UserApiKeyPermissions || (UserApiKeyPermissions = {}));
 export default UserApiKeyPermissions;

package/dist/policies/defaultPasswordPolicy.js ADDED Viewed

@@ -0,0 +1,12 @@
+const defaultPasswordPolicy = {
+    minLength: 8,
+    maxLength: 64,
+    requireUppercase: true,
+    requireLowercase: true,
+    requireNumber: true,
+    requireSpecialChar: false,
+    disallowSpaces: true,
+    preventReuse: 3,
+    expirationDays: null
+};
+export { defaultPasswordPolicy };

package/dist/repository/mongo/UserPasswordHistoryMongoRepository.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { AbstractMongoRepository } from "@drax/crud-back";
+import { UserPasswordHistoryModel } from "../../models/UserPasswordHistoryModel.js";
+class UserPasswordHistoryMongoRepository extends AbstractMongoRepository {
+    constructor() {
+        super();
+        this._model = UserPasswordHistoryModel;
+        this._searchFields = ["user"];
+        this._populateFields = ["user"];
+    }
+    async findLatestByUserId(userId, limit) {
+        return UserPasswordHistoryModel
+            .find({ user: userId })
+            .sort({ createdAt: -1 })
+            .limit(limit)
+            .lean(true)
+            .exec();
+    }
+}
+export default UserPasswordHistoryMongoRepository;
+export { UserPasswordHistoryMongoRepository };

package/dist/repository/sqlite/UserPasswordHistorySqliteRepository.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { AbstractSqliteRepository } from "@drax/crud-back";
+class UserPasswordHistorySqliteRepository extends AbstractSqliteRepository {
+    constructor() {
+        super(...arguments);
+        this.tableName = "user_password_history";
+        this.searchFields = [];
+        this.booleanFields = [];
+        this.identifier = "_id";
+        this.populateFields = [
+            { field: "user", table: "users", identifier: "_id" }
+        ];
+        this.tableFields = [
+            { name: "user", type: "TEXT", unique: false, primary: false },
+            { name: "passwordHash", type: "TEXT", unique: false, primary: false },
+            { name: "createdAt", type: "TEXT", unique: false, primary: false },
+            { name: "updatedAt", type: "TEXT", unique: false, primary: false },
+        ];
+    }
+    async prepareData() {
+    }
+    async prepareItem(item) {
+        if (item.createdAt && typeof item.createdAt === "string") {
+            item.createdAt = new Date(item.createdAt);
+        }
+        if (item.updatedAt && typeof item.updatedAt === "string") {
+            item.updatedAt = new Date(item.updatedAt);
+        }
+    }
+    async findLatestByUserId(userId, limit) {
+        const rows = this.db.prepare(`SELECT * FROM ${this.tableName} WHERE user = ? ORDER BY createdAt DESC LIMIT ?`).all(userId, limit);
+        for (const row of rows) {
+            await this.decorate(row);
+        }
+        return rows;
+    }
+}
+export default UserPasswordHistorySqliteRepository;
+export { UserPasswordHistorySqliteRepository };

package/dist/resolver/PasswordPolicyResolver.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { defaultPasswordPolicy } from "../policies/defaultPasswordPolicy.js";
+import { PartialPasswordPolicySchema, PasswordPolicySchema } from "../schemas/PasswordPolicySchema.js";
+import getPasswordEnvPolicy from "../utils/getPasswordEnvPolicy.js";
+class PasswordPolicyResolver {
+    constructor() {
+        this.projectPolicy = {};
+    }
+    setProjectPolicy(projectPolicy) {
+        this.projectPolicy = projectPolicy;
+    }
+    async resolve() {
+        const projectPolicy = await this.getProjectPolicy();
+        const envPolicy = getPasswordEnvPolicy();
+        return PasswordPolicySchema.parse({
+            ...defaultPasswordPolicy,
+            ...projectPolicy,
+            ...envPolicy
+        });
+    }
+    async getProjectPolicy() {
+        return this.projectPolicy
+            ? PartialPasswordPolicySchema.parse(this.projectPolicy)
+            : {};
+    }
+}
+export default PasswordPolicyResolver;
+export { PasswordPolicyResolver };

package/dist/routes/UserRoutes.js CHANGED Viewed

@@ -6,6 +6,7 @@ import { RegisterBodyRequestSchema, RegisterBodyResponseSchema } from "../schema
 import { MyPasswordBodyRequestSchema, PasswordBodyRequestSchema, PasswordBodyResponseSchema } from "../schemas/PasswordSchema.js";
 import { SwitchTenantBodyRequestSchema, SwitchTenantBodyResponseSchema } from "../schemas/SwitchTenantSchema.js";
 import zod from "zod";
+import { PasswordPolicySchema } from "../schemas/PasswordPolicySchema.js";
 async function UserRoutes(fastify, options) {
     const controller = new UserController();
     const schemas = new CrudSchemaBuilder(UserSchema, UserCreateSchema, UserUpdateSchema, 'tenant', 'openapi-3.0', ['Identity']);
@@ -26,6 +27,15 @@ async function UserRoutes(fastify, options) {
             },
         },
     }, (req, rep) => controller.auth(req, rep));
+    fastify.get('/api/auth/password-policy', {
+        schema: {
+            tags: ['Auth'],
+            response: {
+                200: zod.toJSONSchema(PasswordPolicySchema),
+                500: schemas.jsonErrorBodyResponse,
+            },
+        },
+    }, (req, rep) => controller.passwordPolicy(req, rep));
     fastify.get('/api/auth/me', {
         schema: {
             tags: ['Auth'],

package/dist/schemas/PasswordPolicySchema.js ADDED Viewed

@@ -0,0 +1,18 @@
+import z from "zod";
+const PasswordPolicySchemaBase = z.object({
+    minLength: z.number().int().min(1),
+    maxLength: z.number().int().min(1),
+    requireUppercase: z.boolean(),
+    requireLowercase: z.boolean(),
+    requireNumber: z.boolean(),
+    requireSpecialChar: z.boolean(),
+    disallowSpaces: z.boolean(),
+    preventReuse: z.number().int().min(0),
+    expirationDays: z.number().int().min(1).nullable(),
+});
+const PasswordPolicySchema = PasswordPolicySchemaBase.refine((policy) => policy.maxLength >= policy.minLength, {
+    message: "validation.password.maxLength",
+    path: ["maxLength"]
+});
+const PartialPasswordPolicySchema = PasswordPolicySchemaBase.partial();
+export { PasswordPolicySchema, PartialPasswordPolicySchema };

package/dist/schemas/RegisterSchema.js CHANGED Viewed

@@ -7,9 +7,7 @@ const RegisterBodyRequestSchema = z.object({
     email: email("validation.email.invalid"),
     phone: string({ error: "validation.required" }).optional(),
     password: string({ error: "validation.required" })
-        .min(1, "validation.required")
-        .min(8, "validation.password.min8")
-        .max(64, "validation.password.max64"),
+        .min(1, "validation.required"),
 });
 const RegisterBodyResponseSchema = z.object({
     success: z.boolean(),

package/dist/schemas/UserSchema.js CHANGED Viewed

@@ -13,9 +13,7 @@ const UserBaseSchema = object({
 });
 const UserCreateSchema = UserBaseSchema.extend({
     password: string({ error: "validation.required" })
-        .min(1, "validation.required")
-        .min(8, "validation.password.min8")
-        .max(64, "validation.password.max64"),
+        .min(1, "validation.required"),
 });
 const UserUpdateSchema = UserBaseSchema.extend({});
 const UserSchema = UserBaseSchema

package/dist/security/constants/defaultPasswordPolicy.js ADDED Viewed

@@ -0,0 +1,12 @@
+const defaultPasswordPolicy = {
+    minLength: 8,
+    maxLength: 64,
+    requireUppercase: true,
+    requireLowercase: true,
+    requireNumber: true,
+    requireSpecialChar: false,
+    disallowSpaces: true,
+    preventReuse: 3,
+    expirationDays: null
+};
+export { defaultPasswordPolicy };

package/dist/security/interfaces/IPasswordPolicy.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/security/interfaces/IPasswordPolicyProjectContext.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};