@live-change/access-control-frontend 0.0.3

package/front/src/notifications/InviteNotification.vue

@@ -0,0 +1,71 @@
+<template>
+  <SimpleNotification :notification="notification">
+    <div>
+      <UserIdentification :ownerType="notification.fromType" :owner="notification.from"
+                        :data="notification.fromIdentification" inline />
+      Invited you to
+      <ObjectIdentification :objectType="notification.objectType" :object="notification.object" />
+    </div>
+    <div class="mt-2 ml-4" v-if="!notification.state">
+      <Button label="Accept" icon="pi pi-check" class="p-button-sm mr-2" @click="acceptInvitation" />
+      <Button label="Ignore" icon="pi pi-times" class="p-button-sm" @click="deleteNotification" />
+    </div>
+<!--    <pre class="w-full overflow-hidden">{{ notification }}</pre>-->
+  </SimpleNotification>
+</template>
+
+<script setup>
+
+  import { SimpleNotification, UserIdentification, ObjectIdentification } from "@live-change/user-frontend"
+  import Button from "primevue/button"
+
+  import { useToast } from 'primevue/usetoast'
+  import { useConfirm } from 'primevue/useconfirm'
+  const confirm = useConfirm()
+  const toast = useToast()
+
+  const { notification } = defineProps({
+    notification: {
+      type: Object,
+      required: true
+    }
+  })
+
+  import { inject } from "vue"
+  const workingZone = inject('workingZone')
+
+  import { actions } from "@live-change/vue3-ssr"
+
+  const notificationApi = actions().notification
+  const accessControlApi = actions().accessControl
+
+  function deleteNotification() {
+    workingZone.addPromise('deleteNotification', (async () => {
+      await notificationApi.delete({ notification: notification.to || notification.id })
+      toast.add({
+        severity: 'warn', summary: 'Notification deleted',
+        detail: 'Notification has been deleted', life: 3000
+      })
+    })())
+  }
+
+  function acceptInvitation() {
+    workingZone.addPromise('acceptInvitation', (async () => {
+      const { objectType, object } = notification
+      await Promise.all([
+        accessControlApi.acceptInvitation({ objectType, object }),
+        notificationApi.markRead({ notification: notification.to || notification.id }),
+        notificationApi.mark({ notification: notification.to || notification.id, state: 'accepted' })
+      ])
+      toast.add({
+        severity: 'success', summary: 'Invitation Accepted',
+        detail: 'Invitation has been accepted', life: 3000
+      })
+    })())
+  }
+
+</script>
+
+<style scoped>
+
+</style>

package/front/src/notifications/index.js

@@ -0,0 +1,6 @@
+import { notificationTypes } from "@live-change/user-frontend"
+import InviteNotification from "./InviteNotification.vue"
+
+notificationTypes.accessControl_Invitation = {
+  component: InviteNotification
+}

package/front/src/router.js

@@ -0,0 +1,55 @@
+import {
+  createMemoryHistory,
+  createRouter as _createRouter,
+  createWebHistory
+} from 'vue-router'
+
+import configurationRoutes from "./configuration/routes.js"
+import inviteRoutes from "./invite/routes.js"
+
+import { userRoutes, installUserRedirects } from "@live-change/user-frontend"
+import { dbAdminRoutes } from "@live-change/db-admin"
+
+export function routes(config = {}) {
+  console.log("DB ROUTES", dbAdminRoutes({ prefix: '/_db' }))
+  const { prefix = '/', route = (r) => r } = config
+  return [
+    ...userRoutes({ ...config, prefix: prefix + 'user/' }),
+
+    ...configurationRoutes(config),
+    ...inviteRoutes(config),
+
+    route({
+      name: 'accessControl:testPage', path: prefix + '', meta: { },
+      component: () => import("./configuration/AccessControl.vue"),
+      props: {
+        objectType: 'example_Example',
+        object: 'one'
+      }
+    }),
+
+    ...dbAdminRoutes({ prefix: '/_db', route: r => ({ ...r, meta: { ...r.meta, raw: true }}) })
+  ]
+}
+
+export async function sitemap(route, api) {
+
+}
+
+import { client as useClient } from '@live-change/vue3-ssr'
+import messageAuthRoutes from "../../../user-frontend/front/src/message-auth/routes";
+import signRoutes from "../../../user-frontend/front/src/sign/routes";
+
+export function createRouter(app, config) {
+  //console.log("APP CTX", app._context)
+  const client = useClient(app._context)
+  const router = _createRouter({
+    // use appropriate history implementation for server/client
+    // import.meta.env.SSR is injected by Vite.
+    history: import.meta.env.SSR ? createMemoryHistory() : createWebHistory(),
+    routes: routes(config)
+  })
+  installUserRedirects(router, app, config)
+  return router
+}
+

package/front/vite.config.js

@@ -0,0 +1,11 @@
+import { defineConfig } from 'vite'
+
+import baseViteConfig from '@live-change/frontend-base/vite-config.js'
+
+export default defineConfig(async ({ command, mode }) => {
+  return {
+    ...(await baseViteConfig({ command, mode })),
+
+
+  }
+})

package/package.json

@@ -0,0 +1,75 @@
+{
+  "name": "@live-change/access-control-frontend",
+  "version": "0.0.3",
+  "scripts": {
+    "memDev": "lcli memDev --enableSessions --initScript ./init.js --dbAccess",
+    "localDevInit": "rm tmp.db; lcli localDev --enableSessions --initScript ./init.js",
+    "localDev": "lcli localDev --enableSessions",
+    "dev": "lcli dev --enableSessions",
+    "ssrDev": "lcli ssrDev --enableSessions",
+    "serveAllMem": "cross-env NODE_ENV=production lcli ssrServer --withApi --withServices --updateServices --enableSessions --withDb --dbBackend mem --createDb",
+    "serveAll": "cross-env NODE_ENV=production lcli ssrServer --withApi --withServices --updateServices --enableSessions",
+    "serve": "cross-env NODE_ENV=production lcli ssrServer --enableSessions",
+    "apiServer": "lcli apiServer --enableSessions",
+    "devApiServer": "lcli devApiServer --enableSessions",
+    "memApiServer": "lcli memApiServer --enableSessions",
+    "build": "cd front; yarn build:client && yarn build:server",
+    "build:client": "cd front; vite build --ssrManifest --outDir dist/client",
+    "build:server": "cd front; vite build --ssr src/entry-server.js --outDir dist/server",
+    "generate": "vite build --ssrManifest --outDir dist/static && yarn build:server && node prerender",
+    "debug": "node --inspect-brk server"
+  },
+  "dependencies": {
+    "@live-change/framework": "0.6.5",
+    "@live-change/cli": "0.6.5",
+    "@live-change/dao": "0.4.13",
+    "@live-change/dao-vue3": "0.4.13",
+    "@live-change/dao-websocket": "0.4.13",
+    "@live-change/vue3-ssr": "0.2.14",
+    "@live-change/vue3-components": "0.2.12",
+    "@live-change/session-service": "0.2.39",
+    "@live-change/user-service": "0.2.37",
+    "@live-change/password-authentication-service": "0.2.39",
+    "@live-change/secret-link-service": "0.2.39",
+    "@live-change/secret-code-service": "0.2.39",
+    "@live-change/access-control-service": "0.2.37",
+    "@live-change/user-frontend": "0.0.3",
+    "@live-change/db-admin": "0.5.12",
+    "@vitejs/plugin-vue": "^2.3.1",
+    "@vitejs/plugin-vue-jsx": "^1.3.10",
+    "@vue/compiler-sfc": "^3.2.33",
+    "@vueuse/core": "^8.3.1",
+    "v-shared-element": "3.1.0",
+    "vue3-scroll-border": "0.1.2",
+    "codeceptjs-assert": "^0.0.5",
+    "compression": "^1.7.4",
+    "cross-env": "^7.0.3",
+    "get-port-sync": "1.0.1",
+    "primeicons": "^5.0.0",
+    "primevue": "^3.15.0",
+    "primeflex": "^3.2.1",
+    "rollup-plugin-node-builtins": "^2.1.2",
+    "serialize-javascript": "^6.0.0",
+    "serve-static": "^1.15.0",
+    "vite": "^2.9.6",
+    "vue": "^3.2.33",
+    "vue-meta": "^3.0.0-alpha.9",
+    "vue-router": "^4.0.14",
+    "vite-plugin-compression": "0.5.1",
+    "vite-plugin-vue-images": "^0.6.1",
+    "rollup-plugin-visualizer": "5.6.0"
+  },
+  "devDependencies": {
+    "@live-change/codeceptjs-helper": "0.6.5",
+    "@wdio/selenium-standalone-service": "^7.19.5",
+    "codeceptjs": "^3.3.1",
+    "playwright": "^1.21.1",
+    "random-profile-generator": "^2.3.0",
+    "txtgen": "^3.0.1",
+    "generate-password": "1.7.0",
+    "webdriverio": "^7.19.5"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": ""
+}

package/server/init.js

@@ -0,0 +1,84 @@
+const App = require('@live-change/framework')
+const app = App.app()
+
+module.exports = async function(services) {
+
+  const { PasswordAuthentication } = services.passwordAuthentication.models
+  const { PublicAccess, Access, AccessRequest, AccessInvitation } = services.accessControl.models
+
+  async function createUser(name, email, password, user = app.generateUid()) {
+    const passwordHash = PasswordAuthentication.definition.properties.passwordHash.preFilter(password)
+    await services.user.models.User.create({ id: user, roles: [] })
+    await PasswordAuthentication.create({ id: user, user, passwordHash })
+    await services.email.models.Email.create({ id: email, email, user })
+    await services.userIdentification.models.Identification.create({
+      id: App.encodeIdentifier(['user_User', user]), sessionOrUserType: 'user_User', sessionOrUser: user,
+      name
+    })
+    return {
+      id: user,
+      name,
+      email,
+      password
+    }
+  }
+
+  const session = 'GOzz0WylRDklhLCSppS6bwRYUeIQJqzt'
+
+  //console.log("MDL", services.passwordAuthentication.models.PasswordAuthentication)
+
+  const user1 = await createUser('Test User 1', 'test1@test.com', 'Testy123', 'u1')
+  const user2 = await createUser('Test User 2 with very long name!', 'test2@test.com', 'Testy123')
+  const user3 = await createUser('Test User 3', 'test3@test.com', 'Testy123')
+
+  await services.user.models.AuthenticatedUser.create({ id: session, session, user: user2.id })
+
+  await services.notification.models.Notification.create({
+    "id": app.generateUid(),
+    "notificationType": "accessControl_Invitation",
+    "objectType": "example_Example",
+    "object": "two",
+    "fromType": "user_User",
+    "from": user1.id,
+    "sessionOrUserType": "user_User",
+    "sessionOrUser": user2.id,
+    "time": "2022-05-23T13:13:25.501Z",
+    "readState": "new"
+  })
+
+/*  await PublicAccess.create({
+    id: App.encodeIdentifier(['example_Example', 'one']),
+    objectType: 'example_Example', object: 'one',
+    userRoles: ['reader'],
+    sessionRoles: []
+  })*/
+
+  await Access.create({
+    id: App.encodeIdentifier(['user_User', user1.id, 'example_Example', 'one']),
+    sessionOrUserType: 'user_User', sessionOrUser: user1.id,
+    objectType: 'example_Example', object: 'one',
+    roles: ['administrator']
+  })
+
+  await AccessRequest.create({
+    id: App.encodeIdentifier(['user_User', user2.id, 'example_Example', 'one']),
+    sessionOrUserType: 'user_User', sessionOrUser: user2.id,
+    objectType: 'example_Example', object: 'one',
+    roles: ['writer']
+  })
+
+  await AccessInvitation.create({
+    id: App.encodeIdentifier(['user_User', user3.id, 'example_Example', 'one']),
+    contactOrUserType: 'user_User', contactOrUser: user3.id,
+    objectType: 'example_Example', object: 'one',
+    roles: ['moderator']
+  })
+
+  await AccessInvitation.create({
+    id: App.encodeIdentifier(['email_Email', 'tester@test.com', 'example_Example', 'one']),
+    contactOrUserType: 'email_Email', contactOrUser: 'tester@test.com',
+    objectType: 'example_Example', object: 'one',
+    roles: ['moderator']
+  })
+
+}

package/server/security.config.js

@@ -0,0 +1,53 @@
+const lcp = require("@live-change/pattern")
+
+const clientKeys = (client) => [
+  { key: 'user', value: client.user },
+  { key: 'session', value: client.session },
+  { key: 'ip', value: client.ip }
+]
+
+const failedAuthCodes = lcp.chain([
+  { type: "wrong-secret-code", id: "1st-failed-secret-code" },
+  { eq: "ip", expire: "10m" },
+  { type: "wrong-secret-code", id: "2nd-failed-secret-code" },
+  { eq: "ip", expire: "10m" },
+  { type: "wrong-secret-code", id: "3rd-failed-secret-code",
+    actions: [
+      { type: 'ban', keys: ['ip'], ban: { type: 'captcha', actions: ['checkSecretCode'], expire: "30m" } }
+    ]
+  }
+]).model
+
+const patterns = lcp.mergeModels(
+  //failedAuthCodes
+)
+
+const counters = [
+  {
+    id: 'wrong-codes-captcha',
+    match: ['wrong-secret-code'],
+    keys: ['ip'],
+    max: 2,
+    duration: '1m',
+    actions: [
+      { type: 'ban', keys: ['ip'], ban: { type: 'captcha', actions: ['checkSecretCode'], expire: "30m" } }
+    ]
+  },
+  {
+    id: 'wrong-codes-ban',
+    visible: true,
+    match: ['wrong-secret-code'],
+    keys: ['ip'],
+    max: 5,
+    duration: '10m',
+    actions: [
+      { type: 'ban', keys: ['ip'], ban: { type: 'block', actions: ['checkSecretCode'], expire: "2m" } }
+    ]
+  }
+]
+
+module.exports = {
+  clientKeys,
+  patterns,
+  counters
+}

package/server/services.config.js

@@ -0,0 +1,84 @@
+const contactTypes = ['email']
+
+module.exports = {
+  services: [
+    {
+      name: 'timer',
+      path: '@live-change/timer-service'
+    },
+    {
+      name: 'session',
+      path: '@live-change/session-service',
+      createSessionOnUpdate: true
+    },
+    {
+      name: 'user',
+      path: '@live-change/user-service'
+    },
+    {
+      name: 'email',
+      path: '@live-change/email-service'
+    },
+    {
+      name: 'security',
+      path: '@live-change/security-service',
+      ...require('./security.config.js')
+    },
+    {
+      name: 'secretLink',
+      path: '@live-change/secret-link-service'
+    },
+    {
+      name: 'secretCode',
+      path: '@live-change/secret-code-service'
+    },
+    {
+      name: 'messageAuthentication',
+      path: '@live-change/message-authentication-service',
+      contactTypes,
+      signUp: true,
+      signIn: true,
+      connect: true
+    },
+    {
+      name: 'passwordAuthentication',
+      path: '@live-change/password-authentication-service',
+      contactTypes,
+      signInWithoutPassword: true
+    },
+    {
+      name: 'userIdentification',
+      path: '@live-change/user-identification-service'
+    },
+    {
+      name: 'identicon',
+      path: '@live-change/identicon-service'
+    },
+    {
+      name: 'accessControl',
+      path: '@live-change/access-control-service',
+      createSessionOnUpdate: true,
+      contactTypes,
+    },
+    {
+      name: 'notification',
+      path: '@live-change/notification-service',
+      contactTypes,
+      notificationTypes: ['accessControl_Invitation'],
+      fields: {
+        objectType: {
+          type: String
+        },
+        object: {
+          type: String
+        },
+        fromType: {
+          type: String
+        },
+        from: {
+          type: String
+        }
+      }
+    },
+  ]
+}