@hed-hog/core 0.0.141 → 0.0.150
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/guards/auth.guard.d.ts.map +1 -1
- package/dist/auth/guards/auth.guard.js +10 -0
- package/dist/auth/guards/auth.guard.js.map +1 -1
- package/dist/oauth/oauth.controller.d.ts +7 -8
- package/dist/oauth/oauth.controller.d.ts.map +1 -1
- package/dist/oauth/oauth.controller.js +4 -5
- package/dist/oauth/oauth.controller.js.map +1 -1
- package/dist/oauth/oauth.module.d.ts.map +1 -1
- package/dist/oauth/oauth.module.js +2 -1
- package/dist/oauth/oauth.module.js.map +1 -1
- package/dist/oauth/oauth.service.d.ts +3 -2
- package/dist/oauth/oauth.service.d.ts.map +1 -1
- package/dist/oauth/oauth.service.js +6 -3
- package/dist/oauth/oauth.service.js.map +1 -1
- package/dist/oauth/providers/microsoft-entra-id.provider.d.ts +11 -0
- package/dist/oauth/providers/microsoft-entra-id.provider.d.ts.map +1 -0
- package/dist/oauth/providers/microsoft-entra-id.provider.js +88 -0
- package/dist/oauth/providers/microsoft-entra-id.provider.js.map +1 -0
- package/dist/session/session.controller.d.ts +11 -2
- package/dist/session/session.controller.d.ts.map +1 -1
- package/dist/session/session.controller.js +21 -11
- package/dist/session/session.controller.js.map +1 -1
- package/dist/session/session.service.d.ts +9 -2
- package/dist/session/session.service.d.ts.map +1 -1
- package/dist/session/session.service.js +61 -10
- package/dist/session/session.service.js.map +1 -1
- package/dist/token/token.module.d.ts.map +1 -1
- package/dist/token/token.module.js +2 -0
- package/dist/token/token.module.js.map +1 -1
- package/dist/token/token.service.d.ts +2 -2
- package/dist/token/token.service.d.ts.map +1 -1
- package/dist/token/token.service.js +26 -17
- package/dist/token/token.service.js.map +1 -1
- package/hedhog/data/route.yaml +10 -0
- package/hedhog/data/setting_group.yaml +51 -0
- package/package.json +4 -4
- package/src/auth/guards/auth.guard.ts +18 -5
- package/src/language/en.json +2 -1
- package/src/language/pt.json +2 -1
- package/src/oauth/oauth.controller.ts +21 -14
- package/src/oauth/oauth.module.ts +2 -1
- package/src/oauth/oauth.service.ts +7 -4
- package/src/oauth/providers/microsoft-entra-id.provider.ts +76 -0
- package/src/session/session.controller.ts +19 -10
- package/src/session/session.service.ts +80 -11
- package/src/token/token.module.ts +2 -0
- package/src/token/token.service.ts +22 -13
|
@@ -133,7 +133,46 @@ let SessionService = class SessionService {
|
|
|
133
133
|
};
|
|
134
134
|
}
|
|
135
135
|
catch (err) {
|
|
136
|
-
throw new common_1.HttpException('
|
|
136
|
+
throw new common_1.HttpException((0, api_locale_1.getLocaleText)('session.errorFetchingSessions', locale, 'Error fetching user sessions'), common_1.HttpStatus.SERVICE_UNAVAILABLE);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
async getUserSessionsActive(paginationParams, userId, locale) {
|
|
140
|
+
var _a, _b, _c;
|
|
141
|
+
const userExists = await this.prisma.user.findUnique({
|
|
142
|
+
where: { id: userId },
|
|
143
|
+
select: { id: true },
|
|
144
|
+
});
|
|
145
|
+
if (!userExists) {
|
|
146
|
+
throw new common_1.BadRequestException((0, api_locale_1.getLocaleText)('session.userNotFound', locale, 'User not found.'));
|
|
147
|
+
}
|
|
148
|
+
try {
|
|
149
|
+
const paginate = await this.paginationService.paginatePrismaModel(this.prisma.user_session, Object.assign(Object.assign({}, paginationParams), { where: { user_id: userId, revoked_at: null, expires_at: { gt: new Date() } } }));
|
|
150
|
+
const itemsWithLocation = await Promise.all(paginate.data.map(async (s) => {
|
|
151
|
+
const ip = s.ip_address || s.ip || null;
|
|
152
|
+
let location = null;
|
|
153
|
+
if (ip && ip !== '127.0.0.1' && ip !== '::1') {
|
|
154
|
+
try {
|
|
155
|
+
location = await this.fetchGeoByIp(ip);
|
|
156
|
+
}
|
|
157
|
+
catch (_a) {
|
|
158
|
+
location = { ip, raw: null };
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
else if (ip) {
|
|
162
|
+
location = { ip: '127.0.0.1', country: 'Localhost', region: '', city: '' };
|
|
163
|
+
}
|
|
164
|
+
return Object.assign(Object.assign({}, s), { location });
|
|
165
|
+
}));
|
|
166
|
+
return {
|
|
167
|
+
data: itemsWithLocation,
|
|
168
|
+
total: paginate.total || 0,
|
|
169
|
+
lastPage: Math.ceil((paginate.total || 0) / (paginate.pageSize || 1)),
|
|
170
|
+
page: (_a = paginate.page) !== null && _a !== void 0 ? _a : 1,
|
|
171
|
+
pageSize: (_c = (_b = paginate.pageSize) !== null && _b !== void 0 ? _b : paginationParams.pageSize) !== null && _c !== void 0 ? _c : 10,
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
catch (err) {
|
|
175
|
+
throw new common_1.HttpException((0, api_locale_1.getLocaleText)('session.errorFetchingSessions', locale, 'Error fetching user sessions'), common_1.HttpStatus.SERVICE_UNAVAILABLE);
|
|
137
176
|
}
|
|
138
177
|
}
|
|
139
178
|
async fetchGeoByIp(ip) {
|
|
@@ -161,26 +200,38 @@ let SessionService = class SessionService {
|
|
|
161
200
|
data: { revoked_at: new Date() },
|
|
162
201
|
});
|
|
163
202
|
}
|
|
164
|
-
async revokeAllOtherSessions(userId) {
|
|
165
|
-
const latestSession = await this.prisma.user_session.
|
|
166
|
-
where: {
|
|
167
|
-
|
|
203
|
+
async revokeAllOtherSessions(userId, sessionId) {
|
|
204
|
+
const latestSession = await this.prisma.user_session.findUnique({
|
|
205
|
+
where: {
|
|
206
|
+
id: sessionId
|
|
207
|
+
},
|
|
168
208
|
select: { id: true },
|
|
169
209
|
});
|
|
170
210
|
if (!latestSession) {
|
|
171
211
|
return { count: 0 };
|
|
172
212
|
}
|
|
173
|
-
return this.markRevokedByFilter(userId, {
|
|
213
|
+
return this.markRevokedByFilter(userId, {
|
|
214
|
+
NOT: { id: latestSession.id },
|
|
215
|
+
revoked_at: null
|
|
216
|
+
}, 'revokeAllOtherSessions');
|
|
174
217
|
}
|
|
175
218
|
async revokeAllSessions(userId) {
|
|
176
|
-
return this.markRevokedByFilter(userId, {}, 'revokeAllSessions');
|
|
219
|
+
return this.markRevokedByFilter(userId, { revoked_at: null }, 'revokeAllSessions');
|
|
177
220
|
}
|
|
178
|
-
async revokeUserSession(userId, sessionId) {
|
|
179
|
-
await this.
|
|
180
|
-
return this.prisma.user_session.update({
|
|
221
|
+
async revokeUserSession(userId, sessionId, locale) {
|
|
222
|
+
const session = await this.prisma.user_session.findFirst({
|
|
181
223
|
where: {
|
|
182
224
|
id: sessionId,
|
|
183
225
|
user_id: userId
|
|
226
|
+
}
|
|
227
|
+
});
|
|
228
|
+
if (!session) {
|
|
229
|
+
throw new common_1.NotFoundException((0, api_locale_1.getLocaleText)('session.notFound', locale, 'Session not found or does not belong to user'));
|
|
230
|
+
}
|
|
231
|
+
await this.user.registerUserActivity(userId, "revokeSession");
|
|
232
|
+
return this.prisma.user_session.update({
|
|
233
|
+
where: {
|
|
234
|
+
id: sessionId
|
|
184
235
|
},
|
|
185
236
|
data: {
|
|
186
237
|
revoked_at: new Date()
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.service.js","sourceRoot":"","sources":["../../src/session/session.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,oDAAoD;AACpD,4DAA2E;AAC3E,oDAAoD;AACpD,yCAA4C;AAC5C,
|
|
1
|
+
{"version":3,"file":"session.service.js","sourceRoot":"","sources":["../../src/session/session.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,oDAAoD;AACpD,4DAA2E;AAC3E,oDAAoD;AACpD,yCAA4C;AAC5C,2CAAmI;AACnI,+BAAsC;AACtC,mEAA+D;AAC/D,gEAA4D;AAC5D,0DAAsD;AACtD,uDAAmD;AAc5C,IAAM,cAAc,GAApB,MAAM,cAAc;IAEzB,YACU,MAAqB,EAErB,QAAyB,EAEhB,OAAuB,EAEvB,KAAmB,EAEnB,IAAiB,EAEjB,IAAiB,EAEjB,iBAAoC;QAZ7C,WAAM,GAAN,MAAM,CAAe;QAErB,aAAQ,GAAR,QAAQ,CAAiB;QAEhB,YAAO,GAAP,OAAO,CAAgB;QAEvB,UAAK,GAAL,KAAK,CAAc;QAEnB,SAAI,GAAJ,IAAI,CAAa;QAEjB,SAAI,GAAJ,IAAI,CAAa;QAEjB,sBAAiB,GAAjB,iBAAiB,CAAmB;IACnD,CAAC;IAEL,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,MAAc,EAAE,SAAiB,EAAE,SAAiB;QAC/E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,4BAAmB,CAAC,IAAA,0BAAa,EAAC,wBAAwB,EAAE,MAAM,EAAE,0CAA0C,CAAC,CAAC,CAAC;QAC7H,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,4BAAmB,CAAC,IAAA,0BAAa,EAAC,2BAA2B,EAAE,MAAM,EAAE,6CAA6C,CAAC,CAAC,CAAC;QACnI,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,4BAAmB,CAAC,IAAA,0BAAa,EAAC,2BAA2B,EAAE,MAAM,EAAE,6CAA6C,CAAC,CAAC,CAAC;QACnI,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;YACnD,kCAAkC;YAClC,yBAAyB;SAC1B,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAA;QAChD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC,IAAI,CAAC,CAAC;QAErE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC;YACpD,IAAI,EAAE;gBACJ,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,kCAAkC,CAAC,IAAI,KAAK,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBACxG,IAAI;aACL;SACF,CAAC,CAAC;QAEH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,YAAoB,EAAE,SAAiB,EAAE,SAAiB;QACtF,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC;YACvD,KAAK,EAAE;gBACL,IAAI;gBACJ,UAAU,EAAE,IAAI;aACjB;YACD,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,4BAAmB,CAAC,IAAA,0BAAa,EAAC,cAAc,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC;YACpC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE;YACzB,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,IAAI,EAAE;aACvB;SACF,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,GAAG,EAAE,YAAoB;QACtD,MAAM,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE;gBACL,UAAU,EAAE,IAAI;gBAChB,IAAI;aACL;YACD,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,IAAI,EAAE;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,gBAA+B,EAAE,MAAc,EAAE,MAAc;;QAEnF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACnD,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4BAAmB,CAAC,IAAA,0BAAa,EAAC,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAClG,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,kCACrF,gBAAgB,KACnB,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,IAC1B,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;gBAC5B,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC;gBACxC,IAAI,QAAQ,GAAuB,IAAI,CAAC;gBACxC,IAAI,EAAE,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;oBAC7C,IAAI,CAAC;wBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;oBACzC,CAAC;oBAAC,WAAM,CAAC;wBACP,QAAQ,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;oBAC/B,CAAC;gBACH,CAAC;qBAAM,IAAI,EAAE,EAAE,CAAC;oBACd,QAAQ,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBAC7E,CAAC;gBACD,uCAAY,CAAC,KAAE,QAAQ,IAAG;YAC5B,CAAC,CAAC,CACH,CAAC;YAEF,OAAO;gBACL,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC;gBAC1B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBACrE,IAAI,EAAE,MAAA,QAAQ,CAAC,IAAI,mCAAI,CAAC;gBACxB,QAAQ,EAAE,MAAA,MAAA,QAAQ,CAAC,QAAQ,mCAAI,gBAAgB,CAAC,QAAQ,mCAAI,EAAE;aAC/D,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,sBAAa,CACrB,IAAA,0BAAa,EAAC,+BAA+B,EAAE,MAAM,EAAE,8BAA8B,CAAC,EACtF,mBAAU,CAAC,mBAAmB,CAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,gBAA+B,EAAE,MAAc,EAAE,MAAc;;QAEzF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACnD,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,4BAAmB,CAAC,IAAA,0BAAa,EAAC,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAClG,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,kCACrF,gBAAgB,KACnB,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,EAAE,EAAE,IAC5E,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;gBAC5B,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC;gBACxC,IAAI,QAAQ,GAAuB,IAAI,CAAC;gBACxC,IAAI,EAAE,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;oBAC7C,IAAI,CAAC;wBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;oBACzC,CAAC;oBAAC,WAAM,CAAC;wBACP,QAAQ,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;oBAC/B,CAAC;gBACH,CAAC;qBAAM,IAAI,EAAE,EAAE,CAAC;oBACd,QAAQ,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBAC7E,CAAC;gBACD,uCAAY,CAAC,KAAE,QAAQ,IAAG;YAC5B,CAAC,CAAC,CACH,CAAC;YAEF,OAAO;gBACL,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC;gBAC1B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBACrE,IAAI,EAAE,MAAA,QAAQ,CAAC,IAAI,mCAAI,CAAC;gBACxB,QAAQ,EAAE,MAAA,MAAA,QAAQ,CAAC,QAAQ,mCAAI,gBAAgB,CAAC,QAAQ,mCAAI,EAAE;aAC/D,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,sBAAa,CACrB,IAAA,0BAAa,EAAC,+BAA+B,EAAE,MAAM,EAAE,8BAA8B,CAAC,EACtF,mBAAU,CAAC,mBAAmB,CAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,EAAU;QACnC,MAAM,GAAG,GAAG,0BAA0B,kBAAkB,CAAC,EAAE,CAAC,4DAA4D,CAAC;QACzH,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,MAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO;YACH,EAAE;YACF,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,UAAU;YACvB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,MAA2B,EAAE,QAAgB;QAC7F,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;YACzC,KAAK,kBAAI,OAAO,EAAE,MAAM,IAAK,MAAM,CAAE;YACrC,IAAI,EAAE,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,SAAiB;QAC5D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;YAC9D,KAAK,EAAE;gBACL,EAAE,EAAE,SAAS;aACd;YACD,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;QAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE;YACtC,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,CAAC,EAAE,EAAE;YAC7B,UAAU,EAAE,IAAI;SACjB,EAAE,wBAAwB,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,mBAAmB,CAAC,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,SAAiB,EAAE,MAAc;QACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC;YACvD,KAAK,EAAE;gBACL,EAAE,EAAE,SAAS;gBACb,OAAO,EAAE,MAAM;aAChB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,0BAAiB,CACzB,IAAA,0BAAa,EAAC,kBAAkB,EAAE,MAAM,EAAE,8CAA8C,CAAC,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAE9D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC;YACrC,KAAK,EAAE;gBACL,EAAE,EAAE,SAAS;aACd;YACD,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,IAAI,EAAE;aACvB;SACF,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,WAAmB;QACnE,sCAAsC;QACtC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC7D,KAAK,EAAE;gBACL,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,IAAI;gBAChB,UAAU,EAAE;oBACV,EAAE,EAAE,IAAI,IAAI,EAAE;iBACf;aACF;YACD,OAAO,EAAE;gBACP,UAAU,EAAE,KAAK;aAClB;YACD,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;aACT;SACF,CAAC,CAAC;QAEH,4DAA4D;QAC5D,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,GAAG,WAAW,GAAG,CAAC,CAAC;QACjE,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,kBAAkB,GAAG,cAAc;iBACtC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC;iBAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAElB,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;gBACxC,KAAK,EAAE;oBACL,EAAE,EAAE;wBACF,EAAE,EAAE,kBAAkB;qBACvB;iBACF;gBACD,IAAI,EAAE;oBACJ,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,qBAAqB;iBAC7C;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CAEF,CAAA;AArTY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,kCAAe,CAAC,CAAC,CAAA;IAEzC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,gCAAc,CAAC,CAAC,CAAA;IAExC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,4BAAY,CAAC,CAAC,CAAA;IAEtC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,mBAAW,CAAC,CAAC,CAAA;IAErC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,0BAAW,CAAC,CAAC,CAAA;IAErC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,kCAAiB,CAAC,CAAC,CAAA;qCAX5B,0BAAa;QAEX,kCAAe;QAEP,gCAAc;QAEhB,4BAAY;QAEb,mBAAW;QAEX,0BAAW;QAEE,kCAAiB;GAf5C,cAAc,CAqT1B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.module.d.ts","sourceRoot":"","sources":["../../src/token/token.module.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"token.module.d.ts","sourceRoot":"","sources":["../../src/token/token.module.ts"],"names":[],"mappings":"AAMA,qBASa,WAAW;CAAG"}
|
|
@@ -7,6 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
7
7
|
};
|
|
8
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
9
|
exports.TokenModule = void 0;
|
|
10
|
+
const api_prisma_1 = require("@hed-hog/api-prisma");
|
|
10
11
|
const common_1 = require("@nestjs/common");
|
|
11
12
|
const security_module_1 = require("../security/security.module");
|
|
12
13
|
const setting_module_1 = require("../setting/setting.module");
|
|
@@ -19,6 +20,7 @@ exports.TokenModule = TokenModule = __decorate([
|
|
|
19
20
|
providers: [token_service_1.TokenService],
|
|
20
21
|
exports: [token_service_1.TokenService],
|
|
21
22
|
imports: [
|
|
23
|
+
(0, common_1.forwardRef)(() => api_prisma_1.PrismaModule),
|
|
22
24
|
(0, common_1.forwardRef)(() => setting_module_1.SettingModule),
|
|
23
25
|
(0, common_1.forwardRef)(() => security_module_1.SecurityModule),
|
|
24
26
|
]
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.module.js","sourceRoot":"","sources":["../../src/token/token.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAoD;AACpD,iEAA6D;AAC7D,8DAA0D;AAC1D,mDAA+C;
|
|
1
|
+
{"version":3,"file":"token.module.js","sourceRoot":"","sources":["../../src/token/token.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAmD;AACnD,2CAAoD;AACpD,iEAA6D;AAC7D,8DAA0D;AAC1D,mDAA+C;AAWxC,IAAM,WAAW,GAAjB,MAAM,WAAW;CAAG,CAAA;AAAd,kCAAW;sBAAX,WAAW;IATvB,IAAA,eAAM,EAAC;QACN,SAAS,EAAE,CAAC,4BAAY,CAAC;QACzB,OAAO,EAAE,CAAC,4BAAY,CAAC;QACvB,OAAO,EAAE;YACL,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,yBAAY,CAAC;YAC9B,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,8BAAa,CAAC;YAC/B,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,gCAAc,CAAC;SACjC;KACJ,CAAC;GACW,WAAW,CAAG"}
|
|
@@ -3,11 +3,11 @@ import { JwtService } from "@nestjs/jwt";
|
|
|
3
3
|
import { SecurityService } from "../security/security.service";
|
|
4
4
|
import { SettingService } from "../setting/setting.service";
|
|
5
5
|
export declare class TokenService {
|
|
6
|
+
private readonly prisma;
|
|
6
7
|
private readonly jwt;
|
|
7
8
|
private readonly security;
|
|
8
9
|
private readonly setting;
|
|
9
|
-
|
|
10
|
-
constructor(jwt: JwtService, security: SecurityService, setting: SettingService, prisma: PrismaService);
|
|
10
|
+
constructor(prisma: PrismaService, jwt: JwtService, security: SecurityService, setting: SettingService);
|
|
11
11
|
verify(locale: string, token: string): Promise<any>;
|
|
12
12
|
createAccessToken(payload: Record<string, any>): Promise<string>;
|
|
13
13
|
createOpaqueToken(size?: number): Promise<string>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.service.d.ts","sourceRoot":"","sources":["../../src/token/token.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,qBACa,YAAY;
|
|
1
|
+
{"version":3,"file":"token.service.d.ts","sourceRoot":"","sources":["../../src/token/token.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,qBACa,YAAY;IAGrB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAEvB,OAAO,CAAC,QAAQ,CAAC,GAAG;IAEpB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAEzB,OAAO,CAAC,QAAQ,CAAC,OAAO;gBANP,MAAM,EAAE,aAAa,EAErB,GAAG,EAAE,UAAU,EAEf,QAAQ,EAAE,eAAe,EAEzB,OAAO,EAAE,cAAc;IAGpC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IA0CpC,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAM9C,iBAAiB,CAAC,IAAI,SAAK;YAInB,eAAe;IAgBvB,wBAAwB,CAAC,GAAG,KAAA,GAAG,OAAO,CAAC,IAAI,CAAC;IAe5C,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,KAAA,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAiB1F,uBAAuB,CAAC,OAAO,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAOxG,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAgBxH,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;CAUtD"}
|
|
@@ -20,25 +20,35 @@ const jwt_1 = require("@nestjs/jwt");
|
|
|
20
20
|
const security_service_1 = require("../security/security.service");
|
|
21
21
|
const setting_service_1 = require("../setting/setting.service");
|
|
22
22
|
let TokenService = class TokenService {
|
|
23
|
-
constructor(jwt, security, setting
|
|
23
|
+
constructor(prisma, jwt, security, setting) {
|
|
24
|
+
this.prisma = prisma;
|
|
24
25
|
this.jwt = jwt;
|
|
25
26
|
this.security = security;
|
|
26
27
|
this.setting = setting;
|
|
27
|
-
this.prisma = prisma;
|
|
28
28
|
}
|
|
29
29
|
async verify(locale, token) {
|
|
30
30
|
try {
|
|
31
31
|
const payload = await this.jwt.verifyAsync(token, {
|
|
32
32
|
secret: this.security.getJwtSecret(),
|
|
33
33
|
});
|
|
34
|
-
// Verify session is not revoked
|
|
35
|
-
if (payload.sessionId) {
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
34
|
+
// Verify session is not revoked (only if prisma is available)
|
|
35
|
+
if (payload.sessionId && this.prisma) {
|
|
36
|
+
try {
|
|
37
|
+
const session = await this.prisma.user_session.findUnique({
|
|
38
|
+
where: { id: payload.sessionId },
|
|
39
|
+
select: { revoked_at: true, expires_at: true }
|
|
40
|
+
});
|
|
41
|
+
if (!session || session.revoked_at !== null || session.expires_at <= new Date()) {
|
|
42
|
+
throw new common_1.UnauthorizedException((0, api_locale_1.getLocaleText)('sessionRevoked', locale, 'Session has been revoked.'));
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
catch (sessionError) {
|
|
46
|
+
// If it's an Unauthorized error from revoked session, rethrow it
|
|
47
|
+
if (sessionError instanceof common_1.UnauthorizedException) {
|
|
48
|
+
throw sessionError;
|
|
49
|
+
}
|
|
50
|
+
// Otherwise, log the error but allow auth to continue
|
|
51
|
+
console.error('Session validation error:', sessionError);
|
|
42
52
|
}
|
|
43
53
|
}
|
|
44
54
|
return payload;
|
|
@@ -136,13 +146,12 @@ let TokenService = class TokenService {
|
|
|
136
146
|
exports.TokenService = TokenService;
|
|
137
147
|
exports.TokenService = TokenService = __decorate([
|
|
138
148
|
(0, common_1.Injectable)(),
|
|
139
|
-
__param(
|
|
140
|
-
__param(
|
|
141
|
-
__param(
|
|
142
|
-
|
|
143
|
-
|
|
149
|
+
__param(1, (0, common_1.Inject)((0, common_1.forwardRef)(() => jwt_1.JwtService))),
|
|
150
|
+
__param(2, (0, common_1.Inject)((0, common_1.forwardRef)(() => security_service_1.SecurityService))),
|
|
151
|
+
__param(3, (0, common_1.Inject)((0, common_1.forwardRef)(() => setting_service_1.SettingService))),
|
|
152
|
+
__metadata("design:paramtypes", [api_prisma_1.PrismaService,
|
|
153
|
+
jwt_1.JwtService,
|
|
144
154
|
security_service_1.SecurityService,
|
|
145
|
-
setting_service_1.SettingService
|
|
146
|
-
api_prisma_1.PrismaService])
|
|
155
|
+
setting_service_1.SettingService])
|
|
147
156
|
], TokenService);
|
|
148
157
|
//# sourceMappingURL=token.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.service.js","sourceRoot":"","sources":["../../src/token/token.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,oDAAoD;AACpD,oDAAoD;AACpD,2CAA2G;AAC3G,qCAAyC;AACzC,mEAA+D;AAC/D,gEAA4D;AAGrD,IAAM,YAAY,GAAlB,MAAM,YAAY;IAEvB,
|
|
1
|
+
{"version":3,"file":"token.service.js","sourceRoot":"","sources":["../../src/token/token.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,oDAAoD;AACpD,oDAAoD;AACpD,2CAA2G;AAC3G,qCAAyC;AACzC,mEAA+D;AAC/D,gEAA4D;AAGrD,IAAM,YAAY,GAAlB,MAAM,YAAY;IAEvB,YACmB,MAAqB,EAErB,GAAe,EAEf,QAAyB,EAEzB,OAAuB;QANvB,WAAM,GAAN,MAAM,CAAe;QAErB,QAAG,GAAH,GAAG,CAAY;QAEf,aAAQ,GAAR,QAAQ,CAAiB;QAEzB,YAAO,GAAP,OAAO,CAAgB;IACtC,CAAC;IAEL,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,KAAa;QACxC,IAAI,CAAC;YAEH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,EAAE;gBAChD,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;aACrC,CAAC,CAAC;YAEH,8DAA8D;YAC9D,IAAI,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACrC,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;wBACxD,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE;wBAChC,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;qBAC/C,CAAC,CAAC;oBAEH,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;wBAChF,MAAM,IAAI,8BAAqB,CAC7B,IAAA,0BAAa,EAAC,gBAAgB,EAAE,MAAM,EAAE,2BAA2B,CAAC,CACrE,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,OAAO,YAAY,EAAE,CAAC;oBACtB,iEAAiE;oBACjE,IAAI,YAAY,YAAY,8BAAqB,EAAE,CAAC;wBAClD,MAAM,YAAY,CAAC;oBACrB,CAAC;oBACD,sDAAsD;oBACtD,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,YAAY,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAEhC,qDAAqD;YACrD,MAAM,IAAI,8BAAqB,CAC5B,KAAa,CAAC,OAAO,IAAI,IAAA,0BAAa,EAAC,cAAc,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAClF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAA4B;QAClD,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE;YACjC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;SACrC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,IAAI,GAAG,EAAE;QAC/B,OAAO,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAEO,KAAK,CAAC,eAAe;QAE3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;YACnD,KAAK;SACN,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC3C,CAAC;YAAC,WAAM,CAAC;gBACP,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;YACnC,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,GAAG;QAEhC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,CAAC,MAAM,IAAI,MAAM,KAAK,WAAW,CAAC;QACtD,MAAM,aAAa,GAAQ;YACzB,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;SACzC,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC;YAC5B,aAAa,CAAC,MAAM,GAAG,MAAM,CAAC;QAChC,CAAC;QACD,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAc,EAAE,GAAG,EAAE,KAAa,EAAE,UAAgB;QAC9E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,CAAC,MAAM,IAAI,MAAM,KAAK,WAAW,CAAC;QACtD,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACjD,MAAM,aAAa,GAAQ;YACzB,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;YACxC,MAAM;SACP,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC;YAC5B,aAAa,CAAC,MAAM,GAAG,MAAM,CAAC;QAChC,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;IAEzC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,OAAgF;QAC5G,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE;YACjC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;YACpC,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,EAAE;gBAChD,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;aACrC,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,2BAAkB,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,EAAE;gBACvC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;gBACpC,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF,CAAA;AAjJY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,gBAAU,CAAC,CAAC,CAAA;IAEpC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,kCAAe,CAAC,CAAC,CAAA;IAEzC,WAAA,IAAA,eAAM,EAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,CAAC,gCAAc,CAAC,CAAC,CAAA;qCALhB,0BAAa;QAEhB,gBAAU;QAEL,kCAAe;QAEhB,gCAAc;GAT/B,YAAY,CAiJxB"}
|
package/hedhog/data/route.yaml
CHANGED
|
@@ -62,6 +62,16 @@
|
|
|
62
62
|
slug: admin-access
|
|
63
63
|
- where:
|
|
64
64
|
slug: user
|
|
65
|
+
- url: /sessions/active
|
|
66
|
+
method: GET
|
|
67
|
+
relations:
|
|
68
|
+
role:
|
|
69
|
+
- where:
|
|
70
|
+
slug: admin
|
|
71
|
+
- where:
|
|
72
|
+
slug: admin-access
|
|
73
|
+
- where:
|
|
74
|
+
slug: user
|
|
65
75
|
- url: /menu/system
|
|
66
76
|
method: GET
|
|
67
77
|
relations:
|
|
@@ -367,6 +367,47 @@
|
|
|
367
367
|
order: 2
|
|
368
368
|
- value: microsoft
|
|
369
369
|
order: 3
|
|
370
|
+
- value: microsoft_entra_id
|
|
371
|
+
order: 4
|
|
372
|
+
- slug: microsoft_entra_id_client_id
|
|
373
|
+
type: string
|
|
374
|
+
name:
|
|
375
|
+
en: Microsoft Entra ID Client ID
|
|
376
|
+
pt: ID do Cliente Microsoft Entra ID
|
|
377
|
+
description:
|
|
378
|
+
en: The client ID for Microsoft Entra ID OAuth
|
|
379
|
+
pt: O ID do cliente para o OAuth do Microsoft Entra ID
|
|
380
|
+
value: ""
|
|
381
|
+
user_override: false
|
|
382
|
+
- slug: microsoft_entra_id_client_secret
|
|
383
|
+
type: secret
|
|
384
|
+
component: input-secret
|
|
385
|
+
name:
|
|
386
|
+
en: Microsoft Entra ID Client Secret
|
|
387
|
+
pt: Segredo do Cliente Microsoft Entra ID
|
|
388
|
+
description:
|
|
389
|
+
en: The client secret for Microsoft Entra ID OAuth
|
|
390
|
+
pt: O segredo do cliente para o OAuth do Microsoft Entra ID
|
|
391
|
+
value: ""
|
|
392
|
+
user_override: false
|
|
393
|
+
- slug: microsoft_entra_id_scopes
|
|
394
|
+
type: array
|
|
395
|
+
name:
|
|
396
|
+
en: Microsoft Entra ID Scopes
|
|
397
|
+
pt: Escopos do Microsoft Entra ID
|
|
398
|
+
description:
|
|
399
|
+
en: The scopes for Microsoft Entra ID OAuth
|
|
400
|
+
pt: Os escopos para o OAuth do Microsoft Entra ID
|
|
401
|
+
value: '["openid","profile","email"]'
|
|
402
|
+
component: checkbox
|
|
403
|
+
relations:
|
|
404
|
+
setting_list:
|
|
405
|
+
- value: openid
|
|
406
|
+
order: 0
|
|
407
|
+
- value: profile
|
|
408
|
+
order: 1
|
|
409
|
+
- value: email
|
|
410
|
+
order: 2
|
|
370
411
|
- slug: google_client_id
|
|
371
412
|
type: string
|
|
372
413
|
name:
|
|
@@ -495,6 +536,16 @@
|
|
|
495
536
|
- value: offline_access
|
|
496
537
|
order: 4
|
|
497
538
|
user_override: false
|
|
539
|
+
- slug: microsoft_tenant_id
|
|
540
|
+
type: string
|
|
541
|
+
name:
|
|
542
|
+
en: Microsoft Tenant ID
|
|
543
|
+
pt: ID do Tenant Microsoft
|
|
544
|
+
description:
|
|
545
|
+
en: The Azure AD tenant ID for corporate Microsoft Entra ID (Azure AD) authentication. Leave empty to use common endpoint for personal Microsoft accounts.
|
|
546
|
+
pt: O ID do tenant do Azure AD para autenticação corporativa Microsoft Entra ID (Azure AD). Deixe vazio para usar o endpoint comum para contas pessoais da Microsoft.
|
|
547
|
+
value: ""
|
|
548
|
+
user_override: false
|
|
498
549
|
- slug: github_client_id
|
|
499
550
|
type: string
|
|
500
551
|
name:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hed-hog/core",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.150",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"dependencies": {
|
|
@@ -31,10 +31,10 @@
|
|
|
31
31
|
"uuid": "^11.1.0",
|
|
32
32
|
"@hed-hog/api-locale": "0.0.11",
|
|
33
33
|
"@hed-hog/api-prisma": "0.0.4",
|
|
34
|
-
"@hed-hog/api-mail": "0.0.7",
|
|
35
|
-
"@hed-hog/api-pagination": "0.0.5",
|
|
36
34
|
"@hed-hog/types": "0.0.1",
|
|
37
|
-
"@hed-hog/api": "0.0.3"
|
|
35
|
+
"@hed-hog/api": "0.0.3",
|
|
36
|
+
"@hed-hog/api-pagination": "0.0.5",
|
|
37
|
+
"@hed-hog/api-mail": "0.0.7"
|
|
38
38
|
},
|
|
39
39
|
"exports": {
|
|
40
40
|
".": {
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { IS_PUBLIC_KEY } from '@hed-hog/api';
|
|
1
|
+
import { IS_PUBLIC_KEY, WITH_ROLE } from '@hed-hog/api';
|
|
2
2
|
import { getLocaleText } from '@hed-hog/api-locale';
|
|
3
3
|
import {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
4
|
+
CanActivate,
|
|
5
|
+
ExecutionContext,
|
|
6
|
+
Injectable,
|
|
7
|
+
UnauthorizedException,
|
|
8
8
|
} from '@nestjs/common';
|
|
9
9
|
import { Reflector } from '@nestjs/core';
|
|
10
10
|
import { Request } from 'express';
|
|
@@ -23,19 +23,32 @@ export class AuthGuard implements CanActivate {
|
|
|
23
23
|
context.getClass(),
|
|
24
24
|
]);
|
|
25
25
|
|
|
26
|
+
const withRole = this.reflector.getAllAndOverride<boolean>(WITH_ROLE, [
|
|
27
|
+
context.getHandler(),
|
|
28
|
+
context.getClass(),
|
|
29
|
+
]);
|
|
30
|
+
|
|
26
31
|
const request = context.switchToHttp().getRequest();
|
|
27
32
|
const token = this.extractTokenFromHeader(request);
|
|
28
33
|
const locale = request.headers['locale'] || request.headers['accept-language'] || 'en';
|
|
29
34
|
|
|
35
|
+
// If endpoint requires role/authentication and no token provided
|
|
30
36
|
if (!token) {
|
|
31
37
|
if (isPublic) {
|
|
32
38
|
return true;
|
|
39
|
+
} else if (withRole) {
|
|
40
|
+
// @Role() decorator requires authentication
|
|
41
|
+
throw new UnauthorizedException(
|
|
42
|
+
getLocaleText('accessDenied', locale, 'Access denied.'),
|
|
43
|
+
);
|
|
33
44
|
} else {
|
|
45
|
+
// No explicit decorator, default behavior (deny)
|
|
34
46
|
throw new UnauthorizedException(
|
|
35
47
|
getLocaleText('accessDenied', locale, 'Access denied.'),
|
|
36
48
|
);
|
|
37
49
|
}
|
|
38
50
|
}
|
|
51
|
+
|
|
39
52
|
try {
|
|
40
53
|
const payload = await this.token.verify(locale, token);
|
|
41
54
|
|
package/src/language/en.json
CHANGED
|
@@ -166,5 +166,6 @@
|
|
|
166
166
|
}
|
|
167
167
|
},
|
|
168
168
|
"mail_sent_not_found": "Mail sent record not found.",
|
|
169
|
-
"validationSslugMustBeString": "Slug must be a string."
|
|
169
|
+
"validationSslugMustBeString": "Slug must be a string.",
|
|
170
|
+
"sessionRevoked": "Session has been revoked or expired."
|
|
170
171
|
}
|
package/src/language/pt.json
CHANGED
|
@@ -166,5 +166,6 @@
|
|
|
166
166
|
}
|
|
167
167
|
},
|
|
168
168
|
"mail_sent_not_found": "Registro de e-mail enviado não encontrado.",
|
|
169
|
-
"validationSslugMustBeString": "O slug deve ser uma string."
|
|
169
|
+
"validationSslugMustBeString": "O slug deve ser uma string.",
|
|
170
|
+
"sessionRevoked": "Sessão foi revogada ou expirada."
|
|
170
171
|
}
|
|
@@ -33,84 +33,91 @@ export class OAuthController {
|
|
|
33
33
|
return res.redirect(redirectURL);
|
|
34
34
|
}
|
|
35
35
|
|
|
36
|
+
|
|
36
37
|
@Public()
|
|
37
38
|
@Get(':provider/login')
|
|
38
|
-
async login(@Param('provider') provider:
|
|
39
|
+
async login(@Param('provider') provider: string, @Res() res) {
|
|
39
40
|
const url = this.service.getAuthUrl(
|
|
40
|
-
provider,
|
|
41
|
+
provider as user_account_provider_enum,
|
|
41
42
|
`/callback/${provider}/login`,
|
|
42
43
|
);
|
|
43
44
|
return res.redirect(url);
|
|
44
45
|
}
|
|
45
46
|
|
|
47
|
+
|
|
46
48
|
@Public()
|
|
47
49
|
@Get(':provider/register')
|
|
48
|
-
async register(@Param('provider') provider:
|
|
50
|
+
async register(@Param('provider') provider: string, @Res() res) {
|
|
49
51
|
const url = this.service.getAuthUrl(
|
|
50
|
-
provider,
|
|
52
|
+
provider as user_account_provider_enum,
|
|
51
53
|
`/callback/${provider}/register`,
|
|
52
54
|
);
|
|
53
55
|
return res.redirect(url);
|
|
54
56
|
}
|
|
55
57
|
|
|
58
|
+
|
|
56
59
|
@Public()
|
|
57
60
|
@Get(':provider/connect')
|
|
58
|
-
async connect(@Param('provider') provider:
|
|
61
|
+
async connect(@Param('provider') provider: string, @Res() res) {
|
|
59
62
|
const url = this.service.getAuthUrl(
|
|
60
|
-
provider,
|
|
63
|
+
provider as user_account_provider_enum,
|
|
61
64
|
`/callback/${provider}/connect`,
|
|
62
65
|
);
|
|
63
66
|
return res.redirect(url);
|
|
64
67
|
}
|
|
65
68
|
|
|
69
|
+
|
|
66
70
|
@Public()
|
|
67
71
|
@Get(':provider/callback/login')
|
|
68
72
|
async callbackLogin(
|
|
69
73
|
@Locale() locale: string,
|
|
70
74
|
@Ip() ipAddress: string,
|
|
71
75
|
@Headers('user-agent') userAgent: string,
|
|
72
|
-
@Param('provider') provider:
|
|
76
|
+
@Param('provider') provider: string,
|
|
73
77
|
@Query('code') code: string,
|
|
74
78
|
@Res({ passthrough: true }) res,
|
|
75
79
|
) {
|
|
76
|
-
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider, code, type: 'login' });
|
|
80
|
+
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider: provider as user_account_provider_enum, code, type: 'login' });
|
|
77
81
|
}
|
|
78
82
|
|
|
83
|
+
|
|
79
84
|
@Public()
|
|
80
85
|
@Get(':provider/callback/register')
|
|
81
86
|
async callbackRegister(
|
|
82
87
|
@Locale() locale: string,
|
|
83
88
|
@Ip() ipAddress: string,
|
|
84
89
|
@Headers('user-agent') userAgent: string,
|
|
85
|
-
@Param('provider') provider:
|
|
90
|
+
@Param('provider') provider: string,
|
|
86
91
|
@Query('code') code: string,
|
|
87
92
|
@Res({ passthrough: true }) res,
|
|
88
93
|
) {
|
|
89
|
-
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider, code, type: 'register' });
|
|
94
|
+
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider: provider as user_account_provider_enum, code, type: 'register' });
|
|
90
95
|
}
|
|
91
96
|
|
|
97
|
+
|
|
92
98
|
@Get(':provider/callback/connect')
|
|
93
99
|
async callbackConnect(
|
|
94
100
|
@Locale() locale: string,
|
|
95
101
|
@Ip() ipAddress: string,
|
|
96
102
|
@Headers('user-agent') userAgent: string,
|
|
97
103
|
@User() { id },
|
|
98
|
-
@Param('provider') provider:
|
|
104
|
+
@Param('provider') provider: string,
|
|
99
105
|
@Query('code') code: string,
|
|
100
106
|
@Res({ passthrough: true }) res,
|
|
101
107
|
) {
|
|
102
|
-
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider, code, type: 'connect', userId: id });
|
|
108
|
+
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider: provider as user_account_provider_enum, code, type: 'connect', userId: id });
|
|
103
109
|
}
|
|
104
110
|
|
|
111
|
+
|
|
105
112
|
@Delete(':provider')
|
|
106
113
|
async disconnect(
|
|
107
114
|
@Locale() locale: string,
|
|
108
115
|
@Ip() ipAddress: string,
|
|
109
116
|
@Headers('user-agent') userAgent: string,
|
|
110
|
-
@Param('provider') provider:
|
|
117
|
+
@Param('provider') provider: string,
|
|
111
118
|
@Body('email') email: string,
|
|
112
119
|
@Res({ passthrough: true }) res,
|
|
113
120
|
) {
|
|
114
|
-
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider, email, type: 'disconnect' });
|
|
121
|
+
return this.service.handleCallback({ res, locale, ipAddress, userAgent, provider: provider as user_account_provider_enum, email, type: 'disconnect' });
|
|
115
122
|
}
|
|
116
123
|
}
|
|
@@ -14,6 +14,7 @@ import { OAuthService } from './oauth.service';
|
|
|
14
14
|
import { FacebookProvider } from './providers/facebook.provider';
|
|
15
15
|
import { GithubProvider } from './providers/github.provider';
|
|
16
16
|
import { GoogleProvider } from './providers/google.provider';
|
|
17
|
+
import { MicrosoftEntraIdProvider } from './providers/microsoft-entra-id.provider';
|
|
17
18
|
import { MicrosoftProvider } from './providers/microsoft.provider';
|
|
18
19
|
|
|
19
20
|
@Module({
|
|
@@ -30,7 +31,7 @@ import { MicrosoftProvider } from './providers/microsoft.provider';
|
|
|
30
31
|
forwardRef(() => UserModule),
|
|
31
32
|
],
|
|
32
33
|
controllers: [OAuthController],
|
|
33
|
-
providers: [OAuthService, GoogleProvider, FacebookProvider, GithubProvider, MicrosoftProvider],
|
|
34
|
+
providers: [OAuthService, GoogleProvider, FacebookProvider, GithubProvider, MicrosoftProvider, MicrosoftEntraIdProvider],
|
|
34
35
|
exports: [OAuthService],
|
|
35
36
|
})
|
|
36
37
|
export class OAuthModule {}
|
|
@@ -2,14 +2,14 @@ import { PrismaService, user_account_provider_enum } from '@hed-hog/api-prisma';
|
|
|
2
2
|
import {
|
|
3
3
|
BadRequestException,
|
|
4
4
|
ConflictException,
|
|
5
|
-
forwardRef,
|
|
6
5
|
Inject,
|
|
7
6
|
Injectable,
|
|
8
|
-
NotFoundException
|
|
7
|
+
NotFoundException,
|
|
8
|
+
forwardRef
|
|
9
9
|
} from '@nestjs/common';
|
|
10
10
|
import { AuthService } from '../auth/auth.service';
|
|
11
11
|
import { FileService } from '../file/file.service';
|
|
12
|
-
import { MailService
|
|
12
|
+
import { MailService } from '../mail/mail.service';
|
|
13
13
|
import { SecurityService } from '../security/security.service';
|
|
14
14
|
import { SettingService } from '../setting/setting.service';
|
|
15
15
|
import { TokenService } from '../token/token.service';
|
|
@@ -18,6 +18,7 @@ import { OAuthProvider } from './interfaces/OAuthProvider';
|
|
|
18
18
|
import { FacebookProvider } from './providers/facebook.provider';
|
|
19
19
|
import { GithubProvider } from './providers/github.provider';
|
|
20
20
|
import { GoogleProvider } from './providers/google.provider';
|
|
21
|
+
import { MicrosoftEntraIdProvider } from './providers/microsoft-entra-id.provider';
|
|
21
22
|
import { MicrosoftProvider } from './providers/microsoft.provider';
|
|
22
23
|
|
|
23
24
|
type HandleCallbackProps = {
|
|
@@ -41,10 +42,11 @@ export class OAuthService {
|
|
|
41
42
|
facebook: FacebookProvider,
|
|
42
43
|
microsoft: MicrosoftProvider,
|
|
43
44
|
github: GithubProvider,
|
|
45
|
+
microsoftEntraId: MicrosoftEntraIdProvider,
|
|
44
46
|
@Inject(forwardRef(() => AuthService))
|
|
45
47
|
private readonly auth: AuthService,
|
|
46
48
|
private readonly file: FileService,
|
|
47
|
-
private readonly mail:
|
|
49
|
+
private readonly mail: MailService,
|
|
48
50
|
private readonly security: SecurityService,
|
|
49
51
|
private readonly prisma: PrismaService,
|
|
50
52
|
private readonly token: TokenService,
|
|
@@ -56,6 +58,7 @@ export class OAuthService {
|
|
|
56
58
|
this.providers.set(facebook.getProviderType(), facebook);
|
|
57
59
|
this.providers.set(microsoft.getProviderType(), microsoft);
|
|
58
60
|
this.providers.set(github.getProviderType(), github);
|
|
61
|
+
this.providers.set(microsoftEntraId.getProviderType(), microsoftEntraId);
|
|
59
62
|
}
|
|
60
63
|
|
|
61
64
|
getAuthUrl(provider: user_account_provider_enum, callbackPath: string) {
|