@fonoster/identity 0.6.1-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +3 -0
- package/dist/JsonWebErrorEnum.d.ts +5 -0
- package/dist/JsonWebErrorEnum.js +26 -0
- package/dist/apikeys/ApiRoleEnum.d.ts +4 -0
- package/dist/apikeys/ApiRoleEnum.js +25 -0
- package/dist/apikeys/createApiKey.d.ts +24 -0
- package/dist/apikeys/createApiKey.js +73 -0
- package/dist/apikeys/deleteApiKey.d.ts +18 -0
- package/dist/apikeys/deleteApiKey.js +58 -0
- package/dist/apikeys/index.d.ts +5 -0
- package/dist/apikeys/index.js +39 -0
- package/dist/apikeys/listApiKeys.d.ts +23 -0
- package/dist/apikeys/listApiKeys.js +50 -0
- package/dist/apikeys/regenerateApiKey.d.ts +20 -0
- package/dist/apikeys/regenerateApiKey.js +64 -0
- package/dist/createAuthInterceptor.d.ts +15 -0
- package/dist/createAuthInterceptor.js +75 -0
- package/dist/db.d.ts +14 -0
- package/dist/db.js +31 -0
- package/dist/envs.d.ts +1 -0
- package/dist/envs.js +24 -0
- package/dist/errors.d.ts +4 -0
- package/dist/errors.js +35 -0
- package/dist/exchanges/TokenUseEnum.d.ts +6 -0
- package/dist/exchanges/TokenUseEnum.js +27 -0
- package/dist/exchanges/exchangeApiKey.d.ts +24 -0
- package/dist/exchanges/exchangeApiKey.js +86 -0
- package/dist/exchanges/exchangeCredentials.d.ts +24 -0
- package/dist/exchanges/exchangeCredentials.js +86 -0
- package/dist/exchanges/exchangeRefreshToken.d.ts +21 -0
- package/dist/exchanges/exchangeRefreshToken.js +62 -0
- package/dist/exchanges/exchangeTokens.d.ts +8 -0
- package/dist/exchanges/exchangeTokens.js +92 -0
- package/dist/exchanges/index.d.ts +5 -0
- package/dist/exchanges/index.js +39 -0
- package/dist/exchanges/payloads/apikeys/getAccessTokenPayload.d.ts +4 -0
- package/dist/exchanges/payloads/apikeys/getAccessTokenPayload.js +45 -0
- package/dist/exchanges/payloads/apikeys/getRefreshTokenPayload.d.ts +4 -0
- package/dist/exchanges/payloads/apikeys/getRefreshTokenPayload.js +32 -0
- package/dist/exchanges/payloads/apikeys/index.d.ts +2 -0
- package/dist/exchanges/payloads/apikeys/index.js +36 -0
- package/dist/exchanges/payloads/buildRefreshTokenPayload.d.ts +7 -0
- package/dist/exchanges/payloads/buildRefreshTokenPayload.js +34 -0
- package/dist/exchanges/payloads/users/getAccessTokenPayload.d.ts +4 -0
- package/dist/exchanges/payloads/users/getAccessTokenPayload.js +55 -0
- package/dist/exchanges/payloads/users/getIdTokenPayload.d.ts +4 -0
- package/dist/exchanges/payloads/users/getIdTokenPayload.js +39 -0
- package/dist/exchanges/payloads/users/getRefreshTokenPayload.d.ts +4 -0
- package/dist/exchanges/payloads/users/getRefreshTokenPayload.js +35 -0
- package/dist/exchanges/payloads/users/index.d.ts +3 -0
- package/dist/exchanges/payloads/users/index.js +37 -0
- package/dist/exchanges/types.d.ts +56 -0
- package/dist/exchanges/types.js +2 -0
- package/dist/getPublicKey.d.ts +6 -0
- package/dist/getPublicKey.js +21 -0
- package/dist/getPublicKeyClient.d.ts +5 -0
- package/dist/getPublicKeyClient.js +62 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +44 -0
- package/dist/invites/EmailTemplatesEnum.d.ts +5 -0
- package/dist/invites/EmailTemplatesEnum.js +26 -0
- package/dist/invites/createInviteBody.d.ts +8 -0
- package/dist/invites/createInviteBody.js +44 -0
- package/dist/invites/index.d.ts +3 -0
- package/dist/invites/index.js +37 -0
- package/dist/invites/sendInvite.d.ts +11 -0
- package/dist/invites/sendInvite.js +29 -0
- package/dist/invites/templates/inviteExistingUser.hbs +54 -0
- package/dist/invites/templates/inviteNewUser.hbs +55 -0
- package/dist/roles.d.ts +5 -0
- package/dist/roles.js +129 -0
- package/dist/service.d.ts +200 -0
- package/dist/service.js +63 -0
- package/dist/users/createUser.d.ts +27 -0
- package/dist/users/createUser.js +66 -0
- package/dist/users/deleteUser.d.ts +12 -0
- package/dist/users/deleteUser.js +59 -0
- package/dist/users/getUser.d.ts +17 -0
- package/dist/users/getUser.js +67 -0
- package/dist/users/index.d.ts +5 -0
- package/dist/users/index.js +39 -0
- package/dist/users/updateUser.d.ts +27 -0
- package/dist/users/updateUser.js +73 -0
- package/dist/users/upsertDefaultUser.d.ts +17 -0
- package/dist/users/upsertDefaultUser.js +87 -0
- package/dist/utils/createCallAccessToken.d.ts +6 -0
- package/dist/utils/createCallAccessToken.js +65 -0
- package/dist/utils/decodeToken.d.ts +4 -0
- package/dist/utils/decodeToken.js +26 -0
- package/dist/utils/generateAccessKeyId.d.ts +8 -0
- package/dist/utils/generateAccessKeyId.js +39 -0
- package/dist/utils/generateAccessKeySecret.d.ts +2 -0
- package/dist/utils/generateAccessKeySecret.js +26 -0
- package/dist/utils/getAccessKeyIdFromCall.d.ts +3 -0
- package/dist/utils/getAccessKeyIdFromCall.js +9 -0
- package/dist/utils/getAccessKeyIdFromEmail.d.ts +3 -0
- package/dist/utils/getAccessKeyIdFromEmail.js +37 -0
- package/dist/utils/getAccessKeyIdFromToken.d.ts +2 -0
- package/dist/utils/getAccessKeyIdFromToken.js +31 -0
- package/dist/utils/getApiKeyByAccessKeyId.d.ts +12 -0
- package/dist/utils/getApiKeyByAccessKeyId.js +26 -0
- package/dist/utils/getTokenFromCall.d.ts +3 -0
- package/dist/utils/getTokenFromCall.js +9 -0
- package/dist/utils/getUserByEmail.d.ts +15 -0
- package/dist/utils/getUserByEmail.js +26 -0
- package/dist/utils/getUserRefFromToken.d.ts +2 -0
- package/dist/utils/getUserRefFromToken.js +31 -0
- package/dist/utils/hasAccess.d.ts +3 -0
- package/dist/utils/hasAccess.js +10 -0
- package/dist/utils/hasAccessToResource.d.ts +5 -0
- package/dist/utils/hasAccessToResource.js +53 -0
- package/dist/utils/index.d.ts +11 -0
- package/dist/utils/index.js +45 -0
- package/dist/utils/isValidToken.d.ts +2 -0
- package/dist/utils/isValidToken.js +52 -0
- package/dist/utils/tokenHasAccessKeyId.d.ts +2 -0
- package/dist/utils/tokenHasAccessKeyId.js +29 -0
- package/dist/utils/withAccess.d.ts +6 -0
- package/dist/utils/withAccess.js +77 -0
- package/dist/workspaces/WorkspaceRoleEnum.d.ts +6 -0
- package/dist/workspaces/WorkspaceRoleEnum.js +27 -0
- package/dist/workspaces/createSendEmail.d.ts +3 -0
- package/dist/workspaces/createSendEmail.js +38 -0
- package/dist/workspaces/createWorkspace.d.ts +18 -0
- package/dist/workspaces/createWorkspace.js +65 -0
- package/dist/workspaces/deleteWorkspace.d.ts +12 -0
- package/dist/workspaces/deleteWorkspace.js +59 -0
- package/dist/workspaces/getWorkspace.d.ts +16 -0
- package/dist/workspaces/getWorkspace.js +65 -0
- package/dist/workspaces/index.d.ts +9 -0
- package/dist/workspaces/index.js +43 -0
- package/dist/workspaces/inviteUserToWorkspace.d.ts +31 -0
- package/dist/workspaces/inviteUserToWorkspace.js +152 -0
- package/dist/workspaces/isAdminMember.d.ts +3 -0
- package/dist/workspaces/isAdminMember.js +53 -0
- package/dist/workspaces/isWorkspaceMember.d.ts +3 -0
- package/dist/workspaces/isWorkspaceMember.js +32 -0
- package/dist/workspaces/listWorkspaces.d.ts +16 -0
- package/dist/workspaces/listWorkspaces.js +55 -0
- package/dist/workspaces/removeUserFromWorkspace.d.ts +12 -0
- package/dist/workspaces/removeUserFromWorkspace.js +84 -0
- package/dist/workspaces/resendWorkspaceMembershipInvitation.d.ts +14 -0
- package/dist/workspaces/resendWorkspaceMembershipInvitation.js +98 -0
- package/dist/workspaces/updateWorkspace.d.ts +21 -0
- package/dist/workspaces/updateWorkspace.js +76 -0
- package/package.json +50 -0
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getTokenFromCall = void 0;
|
|
4
|
+
function getTokenFromCall(call) {
|
|
5
|
+
var _a;
|
|
6
|
+
const metadata = call.metadata.getMap();
|
|
7
|
+
return (_a = metadata["token"]) === null || _a === void 0 ? void 0 : _a.toString();
|
|
8
|
+
}
|
|
9
|
+
exports.getTokenFromCall = getTokenFromCall;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { Prisma } from "../db";
|
|
2
|
+
declare function getUserByEmail(prisma: Prisma): (email: string) => Promise<{
|
|
3
|
+
name: string;
|
|
4
|
+
ref: string;
|
|
5
|
+
email: string;
|
|
6
|
+
accessKeyId: string;
|
|
7
|
+
emailVerified: boolean;
|
|
8
|
+
password: string;
|
|
9
|
+
phoneNumber: string;
|
|
10
|
+
phoneNumberVerified: boolean;
|
|
11
|
+
avatar: string;
|
|
12
|
+
createdAt: Date;
|
|
13
|
+
updatedAt: Date;
|
|
14
|
+
}>;
|
|
15
|
+
export { getUserByEmail };
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.getUserByEmail = void 0;
|
|
13
|
+
function getUserByEmail(prisma) {
|
|
14
|
+
return (email) => __awaiter(this, void 0, void 0, function* () {
|
|
15
|
+
const user = yield prisma.user.findFirst({
|
|
16
|
+
where: {
|
|
17
|
+
email
|
|
18
|
+
}
|
|
19
|
+
});
|
|
20
|
+
if (!user) {
|
|
21
|
+
return null;
|
|
22
|
+
}
|
|
23
|
+
return user;
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
exports.getUserByEmail = getUserByEmail;
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getUserRefFromToken = void 0;
|
|
4
|
+
/*
|
|
5
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
6
|
+
* http://github.com/fonoster/fonoster
|
|
7
|
+
*
|
|
8
|
+
* This file is part of Fonoster
|
|
9
|
+
*
|
|
10
|
+
* Licensed under the MIT License (the "License");
|
|
11
|
+
* you may not use this file except in compliance with
|
|
12
|
+
* the License. You may obtain a copy of the License at
|
|
13
|
+
*
|
|
14
|
+
* https://opensource.org/licenses/MIT
|
|
15
|
+
*
|
|
16
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
17
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
18
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
19
|
+
* See the License for the specific language governing permissions and
|
|
20
|
+
* limitations under the License.
|
|
21
|
+
*/
|
|
22
|
+
const decodeToken_1 = require("./decodeToken");
|
|
23
|
+
const TokenUseEnum_1 = require("../exchanges/TokenUseEnum");
|
|
24
|
+
function getUserRefFromToken(token) {
|
|
25
|
+
const decodedToken = (0, decodeToken_1.decodeToken)(token);
|
|
26
|
+
if (decodedToken.tokenUse !== TokenUseEnum_1.TokenUseEnum.ACCESS) {
|
|
27
|
+
throw new Error("Invalid token type");
|
|
28
|
+
}
|
|
29
|
+
return decodedToken.sub;
|
|
30
|
+
}
|
|
31
|
+
exports.getUserRefFromToken = getUserRefFromToken;
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.hasAccess = void 0;
|
|
4
|
+
const roles_1 = require("../roles");
|
|
5
|
+
// This method only checks if the role has access to the path
|
|
6
|
+
function hasAccess(access, grpcPath) {
|
|
7
|
+
const roleList = access.map((a) => a.role);
|
|
8
|
+
return roleList.some((r) => roles_1.roles.find((role) => role.name === r && role.access.includes(grpcPath)));
|
|
9
|
+
}
|
|
10
|
+
exports.hasAccess = hasAccess;
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.hasAccessToResource = void 0;
|
|
13
|
+
/*
|
|
14
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
15
|
+
* http://github.com/fonoster/fonoster
|
|
16
|
+
*
|
|
17
|
+
* This file is part of Fonoster
|
|
18
|
+
*
|
|
19
|
+
* Licensed under the MIT License (the "License");
|
|
20
|
+
* you may not use this file except in compliance with
|
|
21
|
+
* the License. You may obtain a copy of the License at
|
|
22
|
+
*
|
|
23
|
+
* https://opensource.org/licenses/MIT
|
|
24
|
+
*
|
|
25
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
26
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
27
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
28
|
+
* See the License for the specific language governing permissions and
|
|
29
|
+
* limitations under the License.
|
|
30
|
+
*/
|
|
31
|
+
const logger_1 = require("@fonoster/logger");
|
|
32
|
+
const decodeToken_1 = require("./decodeToken");
|
|
33
|
+
const getTokenFromCall_1 = require("./getTokenFromCall");
|
|
34
|
+
const logger = (0, logger_1.getLogger)({ service: "sipnet", filePath: __filename });
|
|
35
|
+
function hasAccessToResource(call, getFn) {
|
|
36
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
37
|
+
var _a;
|
|
38
|
+
const { request } = call;
|
|
39
|
+
const { extended } = yield getFn(request.ref);
|
|
40
|
+
logger.verbose("call to hasAccessToResource", {
|
|
41
|
+
ref: request.ref,
|
|
42
|
+
accessKeyId: extended === null || extended === void 0 ? void 0 : extended.accessKeyId
|
|
43
|
+
});
|
|
44
|
+
// If the resource doesn't exist, allow the operation
|
|
45
|
+
if (!extended)
|
|
46
|
+
return true;
|
|
47
|
+
const token = (0, getTokenFromCall_1.getTokenFromCall)(call);
|
|
48
|
+
const decodedToken = (0, decodeToken_1.decodeToken)(token);
|
|
49
|
+
const accessKeyIds = (_a = decodedToken.access) === null || _a === void 0 ? void 0 : _a.map((a) => a.accessKeyId);
|
|
50
|
+
return accessKeyIds.includes(extended === null || extended === void 0 ? void 0 : extended.accessKeyId);
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
exports.hasAccessToResource = hasAccessToResource;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export * from "./generateAccessKeyId";
|
|
2
|
+
export * from "./decodeToken";
|
|
3
|
+
export * from "./getAccessKeyIdFromToken";
|
|
4
|
+
export * from "./getAccessKeyIdFromCall";
|
|
5
|
+
export * from "./hasAccess";
|
|
6
|
+
export * from "./isValidToken";
|
|
7
|
+
export * from "./getTokenFromCall";
|
|
8
|
+
export * from "./tokenHasAccessKeyId";
|
|
9
|
+
export * from "./hasAccessToResource";
|
|
10
|
+
export * from "./withAccess";
|
|
11
|
+
export * from "./createCallAccessToken";
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
/*
|
|
18
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
19
|
+
* http://github.com/fonoster/fonoster
|
|
20
|
+
*
|
|
21
|
+
* This file is part of Fonoster
|
|
22
|
+
*
|
|
23
|
+
* Licensed under the MIT License (the "License");
|
|
24
|
+
* you may not use this file except in compliance with
|
|
25
|
+
* the License. You may obtain a copy of the License at
|
|
26
|
+
*
|
|
27
|
+
* https://opensource.org/licenses/MIT
|
|
28
|
+
*
|
|
29
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
30
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
31
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
32
|
+
* See the License for the specific language governing permissions and
|
|
33
|
+
* limitations under the License.
|
|
34
|
+
*/
|
|
35
|
+
__exportStar(require("./generateAccessKeyId"), exports);
|
|
36
|
+
__exportStar(require("./decodeToken"), exports);
|
|
37
|
+
__exportStar(require("./getAccessKeyIdFromToken"), exports);
|
|
38
|
+
__exportStar(require("./getAccessKeyIdFromCall"), exports);
|
|
39
|
+
__exportStar(require("./hasAccess"), exports);
|
|
40
|
+
__exportStar(require("./isValidToken"), exports);
|
|
41
|
+
__exportStar(require("./getTokenFromCall"), exports);
|
|
42
|
+
__exportStar(require("./tokenHasAccessKeyId"), exports);
|
|
43
|
+
__exportStar(require("./hasAccessToResource"), exports);
|
|
44
|
+
__exportStar(require("./withAccess"), exports);
|
|
45
|
+
__exportStar(require("./createCallAccessToken"), exports);
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.isValidToken = void 0;
|
|
7
|
+
/*
|
|
8
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
9
|
+
* http://github.com/fonoster/fonoster
|
|
10
|
+
*
|
|
11
|
+
* This file is part of Fonoster
|
|
12
|
+
*
|
|
13
|
+
* Licensed under the MIT License (the "License");
|
|
14
|
+
* you may not use this file except in compliance with
|
|
15
|
+
* the License. You may obtain a copy of the License at
|
|
16
|
+
*
|
|
17
|
+
* https://opensource.org/licenses/MIT
|
|
18
|
+
*
|
|
19
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
20
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
21
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
22
|
+
* See the License for the specific language governing permissions and
|
|
23
|
+
* limitations under the License.
|
|
24
|
+
*/
|
|
25
|
+
const logger_1 = require("@fonoster/logger");
|
|
26
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
27
|
+
const JsonWebErrorEnum_1 = require("../JsonWebErrorEnum");
|
|
28
|
+
const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
|
|
29
|
+
function isValidToken(token, secret) {
|
|
30
|
+
try {
|
|
31
|
+
const decoded = jsonwebtoken_1.default.verify(token, secret);
|
|
32
|
+
const currentTime = Math.floor(Date.now() / 1000);
|
|
33
|
+
if (decoded.exp <= currentTime) {
|
|
34
|
+
logger.verbose("token expired", { exp: decoded.exp, currentTime });
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
return true;
|
|
38
|
+
}
|
|
39
|
+
catch (error) {
|
|
40
|
+
if (error.name === JsonWebErrorEnum_1.JsonWebErrorEnum.JsonWebTokenError) {
|
|
41
|
+
logger.verbose("invalid JWT token", { token });
|
|
42
|
+
}
|
|
43
|
+
else if (error.name === JsonWebErrorEnum_1.JsonWebErrorEnum.TokenExpiredError) {
|
|
44
|
+
logger.verbose("token expired", { token });
|
|
45
|
+
}
|
|
46
|
+
else {
|
|
47
|
+
logger.verbose("unexpected JWT error:", error);
|
|
48
|
+
}
|
|
49
|
+
return false;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
exports.isValidToken = isValidToken;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.tokenHasAccessKeyId = void 0;
|
|
4
|
+
/*
|
|
5
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
6
|
+
* http://github.com/fonoster/fonoster
|
|
7
|
+
*
|
|
8
|
+
* This file is part of Fonoster
|
|
9
|
+
*
|
|
10
|
+
* Licensed under the MIT License (the "License");
|
|
11
|
+
* you may not use this file except in compliance with
|
|
12
|
+
* the License. You may obtain a copy of the License at
|
|
13
|
+
*
|
|
14
|
+
* https://opensource.org/licenses/MIT
|
|
15
|
+
*
|
|
16
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
17
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
18
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
19
|
+
* See the License for the specific language governing permissions and
|
|
20
|
+
* limitations under the License.
|
|
21
|
+
*/
|
|
22
|
+
const decodeToken_1 = require("./decodeToken");
|
|
23
|
+
function tokenHasAccessKeyId(token, accessKeyId) {
|
|
24
|
+
var _a;
|
|
25
|
+
const decodedToken = (0, decodeToken_1.decodeToken)(token);
|
|
26
|
+
const accessKeyIds = (_a = decodedToken.access) === null || _a === void 0 ? void 0 : _a.map((a) => a.accessKeyId);
|
|
27
|
+
return accessKeyIds.includes(accessKeyId);
|
|
28
|
+
}
|
|
29
|
+
exports.tokenHasAccessKeyId = tokenHasAccessKeyId;
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { GrpcErrorMessage } from "@fonoster/common";
|
|
2
|
+
import { JsonObject } from "@prisma/client/runtime/library";
|
|
3
|
+
declare function withAccess<T, A>(handler: (call: T) => Promise<A>, getFn: (ref: string) => Promise<{
|
|
4
|
+
extended?: JsonObject;
|
|
5
|
+
}>): (call: T, callback: (error?: GrpcErrorMessage, response?: A) => void) => Promise<void>;
|
|
6
|
+
export { withAccess };
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
+
});
|
|
33
|
+
};
|
|
34
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
+
exports.withAccess = void 0;
|
|
36
|
+
/*
|
|
37
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
38
|
+
* http://github.com/fonoster/fonoster
|
|
39
|
+
*
|
|
40
|
+
* This file is part of Fonoster
|
|
41
|
+
*
|
|
42
|
+
* Licensed under the MIT License (the "License");
|
|
43
|
+
* you may not use this file except in compliance with
|
|
44
|
+
* the License. You may obtain a copy of the License at
|
|
45
|
+
*
|
|
46
|
+
* https://opensource.org/licenses/MIT
|
|
47
|
+
*
|
|
48
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
49
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
50
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
51
|
+
* See the License for the specific language governing permissions and
|
|
52
|
+
* limitations under the License.
|
|
53
|
+
*/
|
|
54
|
+
const common_1 = require("@fonoster/common");
|
|
55
|
+
const grpc = __importStar(require("@grpc/grpc-js"));
|
|
56
|
+
const hasAccessToResource_1 = require("./hasAccessToResource");
|
|
57
|
+
function withAccess(handler, getFn) {
|
|
58
|
+
return (call, callback) => __awaiter(this, void 0, void 0, function* () {
|
|
59
|
+
try {
|
|
60
|
+
const typedCall = call;
|
|
61
|
+
const hasAccess = yield (0, hasAccessToResource_1.hasAccessToResource)(typedCall, getFn);
|
|
62
|
+
if (!hasAccess) {
|
|
63
|
+
callback({
|
|
64
|
+
code: grpc.status.PERMISSION_DENIED,
|
|
65
|
+
message: "You don't have permission to access this resource"
|
|
66
|
+
});
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
69
|
+
const response = yield handler(call);
|
|
70
|
+
callback(null, response);
|
|
71
|
+
}
|
|
72
|
+
catch (error) {
|
|
73
|
+
(0, common_1.handleError)(error, callback);
|
|
74
|
+
}
|
|
75
|
+
});
|
|
76
|
+
}
|
|
77
|
+
exports.withAccess = withAccess;
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.WorkspaceRoleEnum = void 0;
|
|
4
|
+
/*
|
|
5
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
6
|
+
* http://github.com/fonoster/fonoster
|
|
7
|
+
*
|
|
8
|
+
* This file is part of Fonoster
|
|
9
|
+
*
|
|
10
|
+
* Licensed under the MIT License (the "License");
|
|
11
|
+
* you may not use this file except in compliance with
|
|
12
|
+
* the License. You may obtain a copy of the License at
|
|
13
|
+
*
|
|
14
|
+
* https://opensource.org/licenses/MIT
|
|
15
|
+
*
|
|
16
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
17
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
18
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
19
|
+
* See the License for the specific language governing permissions and
|
|
20
|
+
* limitations under the License.
|
|
21
|
+
*/
|
|
22
|
+
var WorkspaceRoleEnum;
|
|
23
|
+
(function (WorkspaceRoleEnum) {
|
|
24
|
+
WorkspaceRoleEnum["OWNER"] = "OWNER";
|
|
25
|
+
WorkspaceRoleEnum["ADMIN"] = "ADMIN";
|
|
26
|
+
WorkspaceRoleEnum["USER"] = "USER";
|
|
27
|
+
})(WorkspaceRoleEnum || (exports.WorkspaceRoleEnum = WorkspaceRoleEnum = {}));
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.createSendEmail = void 0;
|
|
4
|
+
/*
|
|
5
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
6
|
+
* http://github.com/fonoster/fonoster
|
|
7
|
+
*
|
|
8
|
+
* This file is part of Fonoster
|
|
9
|
+
*
|
|
10
|
+
* Licensed under the MIT License (the "License");
|
|
11
|
+
* you may not use this file except in compliance with
|
|
12
|
+
* the License. You may obtain a copy of the License at
|
|
13
|
+
*
|
|
14
|
+
* https://opensource.org/licenses/MIT
|
|
15
|
+
*
|
|
16
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
17
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
18
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
19
|
+
* See the License for the specific language governing permissions and
|
|
20
|
+
* limitations under the License.
|
|
21
|
+
*/
|
|
22
|
+
const common_1 = require("@fonoster/common");
|
|
23
|
+
function createSendEmail(identityConfig) {
|
|
24
|
+
const { smtpConfig } = identityConfig;
|
|
25
|
+
const { host, port, secure, sender, auth } = smtpConfig;
|
|
26
|
+
const { user, pass } = auth;
|
|
27
|
+
return (0, common_1.createEmailSender)({
|
|
28
|
+
sender,
|
|
29
|
+
host,
|
|
30
|
+
port,
|
|
31
|
+
secure,
|
|
32
|
+
auth: {
|
|
33
|
+
user,
|
|
34
|
+
pass
|
|
35
|
+
}
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
exports.createSendEmail = createSendEmail;
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { GrpcErrorMessage } from "@fonoster/common";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
import { Prisma } from "../db";
|
|
4
|
+
declare const CreateWorkspaceRequestSchema: z.ZodObject<{
|
|
5
|
+
name: z.ZodString;
|
|
6
|
+
}, "strip", z.ZodTypeAny, {
|
|
7
|
+
name?: string;
|
|
8
|
+
}, {
|
|
9
|
+
name?: string;
|
|
10
|
+
}>;
|
|
11
|
+
type CreateWorkspaceRequest = z.infer<typeof CreateWorkspaceRequestSchema>;
|
|
12
|
+
type CreateWorkspaceResponse = {
|
|
13
|
+
ref: string;
|
|
14
|
+
};
|
|
15
|
+
declare function createWorkspace(prisma: Prisma): (call: {
|
|
16
|
+
request: CreateWorkspaceRequest;
|
|
17
|
+
}, callback: (error: GrpcErrorMessage, response?: CreateWorkspaceResponse) => void) => Promise<void>;
|
|
18
|
+
export { createWorkspace };
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.createWorkspace = void 0;
|
|
13
|
+
/*
|
|
14
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
15
|
+
* http://github.com/fonoster/fonoster
|
|
16
|
+
*
|
|
17
|
+
* This file is part of Fonoster
|
|
18
|
+
*
|
|
19
|
+
* Licensed under the MIT License (the "License");
|
|
20
|
+
* you may not use this file except in compliance with
|
|
21
|
+
* the License. You may obtain a copy of the License at
|
|
22
|
+
*
|
|
23
|
+
* https://opensource.org/licenses/MIT
|
|
24
|
+
*
|
|
25
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
26
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
27
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
28
|
+
* See the License for the specific language governing permissions and
|
|
29
|
+
* limitations under the License.
|
|
30
|
+
*/
|
|
31
|
+
const common_1 = require("@fonoster/common");
|
|
32
|
+
const logger_1 = require("@fonoster/logger");
|
|
33
|
+
const zod_1 = require("zod");
|
|
34
|
+
const generateAccessKeyId_1 = require("../utils/generateAccessKeyId");
|
|
35
|
+
const getTokenFromCall_1 = require("../utils/getTokenFromCall");
|
|
36
|
+
const getUserRefFromToken_1 = require("../utils/getUserRefFromToken");
|
|
37
|
+
const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
|
|
38
|
+
const CreateWorkspaceRequestSchema = zod_1.z.object({
|
|
39
|
+
name: zod_1.z.string().min(3, "Name must contain at least 3 characters").max(50)
|
|
40
|
+
});
|
|
41
|
+
function createWorkspace(prisma) {
|
|
42
|
+
return (call, callback) => __awaiter(this, void 0, void 0, function* () {
|
|
43
|
+
try {
|
|
44
|
+
const validatedRequest = CreateWorkspaceRequestSchema.parse(call.request);
|
|
45
|
+
const token = (0, getTokenFromCall_1.getTokenFromCall)(call);
|
|
46
|
+
const ownerRef = (0, getUserRefFromToken_1.getUserRefFromToken)(token);
|
|
47
|
+
const { name } = validatedRequest;
|
|
48
|
+
logger.verbose("call to createWorkspace", { name, ownerRef });
|
|
49
|
+
const workspace = yield prisma.workspace.create({
|
|
50
|
+
data: {
|
|
51
|
+
name,
|
|
52
|
+
accessKeyId: (0, generateAccessKeyId_1.generateAccessKeyId)(generateAccessKeyId_1.AccessKeyIdType.WORKSPACE),
|
|
53
|
+
ownerRef
|
|
54
|
+
}
|
|
55
|
+
});
|
|
56
|
+
callback(null, {
|
|
57
|
+
ref: workspace.ref
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
catch (error) {
|
|
61
|
+
(0, common_1.handleError)(error, callback);
|
|
62
|
+
}
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
exports.createWorkspace = createWorkspace;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { GrpcErrorMessage } from "@fonoster/common";
|
|
2
|
+
import { Prisma } from "../db";
|
|
3
|
+
type DeleteWorkspaceRequest = {
|
|
4
|
+
ref: string;
|
|
5
|
+
};
|
|
6
|
+
type DeleteWorkspaceResponse = {
|
|
7
|
+
ref: string;
|
|
8
|
+
};
|
|
9
|
+
declare function deleteWorkspace(prisma: Prisma): (call: {
|
|
10
|
+
request: DeleteWorkspaceRequest;
|
|
11
|
+
}, callback: (error: GrpcErrorMessage, response?: DeleteWorkspaceResponse) => void) => Promise<void>;
|
|
12
|
+
export { deleteWorkspace };
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.deleteWorkspace = void 0;
|
|
13
|
+
/*
|
|
14
|
+
* Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
|
|
15
|
+
* http://github.com/fonoster/fonoster
|
|
16
|
+
*
|
|
17
|
+
* This file is part of Fonoster
|
|
18
|
+
*
|
|
19
|
+
* Licensed under the MIT License (the "License");
|
|
20
|
+
* you may not use this file except in compliance with
|
|
21
|
+
* the License. You may obtain a copy of the License at
|
|
22
|
+
*
|
|
23
|
+
* https://opensource.org/licenses/MIT
|
|
24
|
+
*
|
|
25
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
26
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
27
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
28
|
+
* See the License for the specific language governing permissions and
|
|
29
|
+
* limitations under the License.
|
|
30
|
+
*/
|
|
31
|
+
const common_1 = require("@fonoster/common");
|
|
32
|
+
const logger_1 = require("@fonoster/logger");
|
|
33
|
+
const getTokenFromCall_1 = require("../utils/getTokenFromCall");
|
|
34
|
+
const getUserRefFromToken_1 = require("../utils/getUserRefFromToken");
|
|
35
|
+
const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
|
|
36
|
+
function deleteWorkspace(prisma) {
|
|
37
|
+
return (call, callback) => __awaiter(this, void 0, void 0, function* () {
|
|
38
|
+
try {
|
|
39
|
+
const { ref } = call.request;
|
|
40
|
+
const token = (0, getTokenFromCall_1.getTokenFromCall)(call);
|
|
41
|
+
const ownerRef = (0, getUserRefFromToken_1.getUserRefFromToken)(token);
|
|
42
|
+
logger.verbose("deleting workspace from the system", { ref, ownerRef });
|
|
43
|
+
yield prisma.workspace.delete({
|
|
44
|
+
where: {
|
|
45
|
+
ref,
|
|
46
|
+
ownerRef
|
|
47
|
+
}
|
|
48
|
+
});
|
|
49
|
+
const response = {
|
|
50
|
+
ref
|
|
51
|
+
};
|
|
52
|
+
callback(null, response);
|
|
53
|
+
}
|
|
54
|
+
catch (error) {
|
|
55
|
+
(0, common_1.handleError)(error, callback);
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
exports.deleteWorkspace = deleteWorkspace;
|