@modular-rest/server 1.11.12 → 1.11.14

package/src/services/jwt/router.ts

@@ -0,0 +1,73 @@
+import Router from 'koa-router';
+import { validateObject } from '../../class/validator';
+import { create as reply } from '../../class/reply';
+import { Context } from 'koa';
+import * as service from './service';
+
+const name = 'verify';
+const verify = new Router();
+
+verify.post('/token', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  // validate result
+  const bodyValidate = validateObject(body, 'token');
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', {
+      e: bodyValidate.requires,
+    });
+    return;
+  }
+
+  await service.main
+    .verify(body.token)
+    .then(payload => (ctx.body = reply('s', { user: payload })))
+    .catch(err => {
+      ctx.status = 412;
+      ctx.body = reply('e', { e: err });
+    });
+});
+
+verify.post('/checkAccess', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  // validate result
+  const bodyValidate = validateObject(body, 'token permissionField');
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', {
+      e: bodyValidate.requires,
+    });
+    return;
+  }
+
+  const payload = await service.main.verify(body.token).catch(err => {
+    console.log(err);
+    ctx.throw(412, err.message);
+  });
+
+  const userid = payload.id;
+
+  await (global as any).services.userManager.main
+    .getUserById(userid)
+    .then((user: any) => {
+      const key = user.hasPermission(body.permissionField);
+      ctx.body = reply('s', { access: key });
+    })
+    .catch((err: any) => {
+      ctx.status = 412;
+      ctx.body = reply('e', { e: err });
+    });
+});
+
+verify.get('/ready', async (ctx: Context) => {
+  // it's health check, so return success
+  ctx.body = reply('s', {});
+});
+
+export { name, verify as main };

package/src/services/jwt/service.ts

@@ -0,0 +1,139 @@
+import jwt from 'jsonwebtoken';
+
+/**
+ * Service name constant
+ * @constant {string}
+ */
+export const name = 'jwt';
+
+/**
+ * JWT service class for handling JSON Web Token operations
+ * @class JWT
+ * @description
+ * This class provides methods for signing and verifying JSON Web Tokens using RS256 algorithm.
+ * It requires both private and public keys to be set before use.
+ *
+ * @example
+ * ```typescript
+ * // Set up keys
+ * main.setKies(privateKey, publicKey);
+ *
+ * // Sign a token
+ * const token = await main.sign({ userId: '123', role: 'admin' });
+ *
+ * // Verify a token
+ * const decoded = await main.verify(token);
+ * console.log(decoded.userId); // '123'
+ * ```
+ */
+class JWT {
+  private privateKey?: string;
+  private publicKey?: string;
+
+  /**
+   * Sets the private and public keys for JWT operations
+   * @param {string} privateKey - Private key for signing tokens (PEM format)
+   * @param {string} publicKey - Public key for verifying tokens (PEM format)
+   * @throws {Error} If either key is invalid
+   * @example
+   * ```typescript
+   * // Using PEM format keys
+   * const privateKey = `-----BEGIN PRIVATE KEY-----
+   * MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSnAgEAAoIBAQC9QFi67s...
+   * -----END PRIVATE KEY-----`;
+   *
+   * const publicKey = `-----BEGIN PUBLIC KEY-----
+   * MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUBYuu7...
+   * -----END PUBLIC KEY-----`;
+   *
+   * main.setKies(privateKey, publicKey);
+   * ```
+   */
+  setKies(privateKey: string, publicKey: string): void {
+    if (!privateKey || !publicKey) {
+      throw new Error('Both private and public keys are required');
+    }
+    this.privateKey = privateKey;
+    this.publicKey = publicKey;
+  }
+
+  /**
+   * Signs a payload and creates a JWT token using RS256 algorithm
+   * @param {Record<string, any>} payload - Data to be encoded in the token
+   * @returns {Promise<string>} A promise that resolves to the signed JWT token
+   * @throws {Error} If private key is not set or signing fails
+   * @example
+   * ```typescript
+   * // Sign a token with user data
+   * const token = await main.sign({
+   *   userId: '123',
+   *   role: 'admin',
+   *   exp: Math.floor(Date.now() / 1000) + (60 * 60) // 1 hour expiry
+   * });
+   *
+   * // Sign a token with custom claims
+   * const token = await main.sign({
+   *   sub: 'user123',
+   *   iss: 'myapp.com',
+   *   aud: 'myapp.com',
+   *   iat: Math.floor(Date.now() / 1000)
+   * });
+   * ```
+   */
+  sign(payload: Record<string, any>): Promise<string> {
+    return new Promise((done, reject) => {
+      const option = { algorithm: 'RS256' as const };
+
+      if (!this.privateKey) {
+        return reject(new Error('Private key is not set. Call setKies() first.'));
+      }
+
+      try {
+        const token = jwt.sign(payload, this.privateKey, option);
+        done(token);
+      } catch (error) {
+        reject(error instanceof Error ? error.message : String(error));
+      }
+    });
+  }
+
+  /**
+   * Verifies a JWT token and returns its decoded payload
+   * @param {string} token - JWT token to verify
+   * @returns {Promise<Record<string, any>>} A promise that resolves to the decoded payload
+   * @throws {Error} If public key is not set, token is invalid, or verification fails
+   * @example
+   * ```typescript
+   * try {
+   *   const decoded = await main.verify(token);
+   *   console.log('Token is valid:', decoded);
+   *   // Access decoded data
+   *   const { userId, role } = decoded;
+   * } catch (error) {
+   *   console.error('Token verification failed:', error);
+   * }
+   * ```
+   */
+  verify(token: string): Promise<Record<string, any>> {
+    return new Promise((done, reject) => {
+      const option = { algorithm: 'RS256' as const } as jwt.VerifyOptions;
+
+      if (!this.publicKey) {
+        return reject(new Error('Public key is not set. Call setKies() first.'));
+      }
+
+      try {
+        const decoded = jwt.verify(token, this.publicKey, option);
+        done(decoded as Record<string, any>);
+      } catch (error) {
+        reject(error instanceof Error ? error.message : String(error));
+      }
+    });
+  }
+}
+
+/**
+ * Main JWT service instance
+ * @constant {JWT}
+ */
+export const main = new JWT();

package/src/services/user_manager/db.ts

@@ -0,0 +1,87 @@
+import mongoose from 'mongoose';
+import { Schema } from 'mongoose';
+import { CollectionDefinition } from '../../class/collection_definition';
+import { Permission, PermissionTypes } from '../../class/security';
+import { config } from '../../config';
+import triggerOperator from '../../class/trigger_operator';
+
+interface AuthDocument extends mongoose.Document {
+  password: string;
+  isModified(path: string): boolean;
+}
+
+const authSchema = new Schema(
+  {
+    permissionGroup: String,
+    email: String,
+    phone: String,
+    password: String,
+    type: { type: String, default: 'user', enum: ['user', 'anonymous'] },
+  },
+  { timestamps: true }
+);
+
+authSchema.index({ email: 1 }, { unique: true });
+authSchema.pre(['save', 'updateOne'], function (this: AuthDocument, next) {
+  // Encode the password before saving
+  if (this.isModified && this.isModified('password')) {
+    this.password = Buffer.from(this.password).toString('base64');
+  }
+  next();
+});
+
+authSchema.post('save', function (doc: any, next) {
+  triggerOperator.call('insert-one', 'cms', 'auth', {
+    query: null,
+    queryResult: doc._doc,
+  });
+  next();
+});
+
+authSchema.post('findOneAndUpdate', function (doc: any, next) {
+  triggerOperator.call('update-one', 'cms', 'auth', {
+    query: null,
+    queryResult: doc._doc,
+  });
+  next();
+});
+
+authSchema.post('updateOne', function (result: any, next) {
+  triggerOperator.call('update-one', 'cms', 'auth', {
+    query: null,
+    queryResult: result,
+  });
+  next();
+});
+
+authSchema.post('findOneAndDelete', function (doc: any, next) {
+  triggerOperator.call('remove-one', 'cms', 'auth', {
+    query: null,
+    queryResult: doc._doc,
+  });
+  next();
+});
+
+authSchema.post('deleteOne', function (result: any, next) {
+  triggerOperator.call('remove-one', 'cms', 'auth', {
+    query: null,
+    queryResult: result,
+  });
+  next();
+});
+
+module.exports = [
+  new CollectionDefinition({
+    database: 'cms',
+    collection: 'auth',
+    schema: authSchema,
+    permissions: [
+      new Permission({
+        accessType: PermissionTypes.advanced_settings,
+        read: true,
+        write: true,
+      }),
+    ],
+    triggers: config.authTriggers || [],
+  }),
+];

package/src/services/user_manager/permissionManager.ts

@@ -0,0 +1,49 @@
+import { config } from '../../config';
+import { PermissionGroup } from '../../class/security';
+
+/**
+ * Get the default permission group
+ * @returns Default permission group
+ * @throws Error if default permission group not found
+ */
+export function getDefaultPermissionGroups(): PermissionGroup {
+  const defaultPermissionGroups = config.permissionGroups?.find(group => group.isDefault);
+
+  if (defaultPermissionGroups == null) {
+    throw new Error('Default permission group not found');
+  }
+
+  return defaultPermissionGroups;
+}
+
+/**
+ * Get the anonymous permission group
+ * @returns Anonymous permission group
+ * @throws Error if anonymous permission group not found
+ */
+export function getDefaultAnonymousPermissionGroup(): PermissionGroup {
+  const anonymousPermission = config.permissionGroups?.find(group => group.isAnonymous);
+
+  if (anonymousPermission == null) {
+    throw new Error('Anonymous permission group not found');
+  }
+
+  return anonymousPermission;
+}
+
+/**
+ * Get the administrator permission group
+ * @returns Administrator permission group
+ * @throws Error if administrator permission group not found
+ */
+export function getDefaultAdministratorPermissionGroup(): PermissionGroup {
+  const administratorPermission = config.permissionGroups?.find(
+    group => group.title.toString() === 'administrator'
+  );
+
+  if (administratorPermission == null) {
+    throw new Error('Administrator permission group not found');
+  }
+
+  return administratorPermission;
+}

package/src/services/user_manager/router.ts

@@ -0,0 +1,193 @@
+import Router from 'koa-router';
+import { validateObject } from '../../class/validator';
+import { create as reply } from '../../class/reply';
+import { Context } from 'koa';
+import * as service from './service';
+
+const name = 'user';
+const userManager = new Router();
+
+userManager.post('/register_id', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  const validateOption = {
+    id: '',
+    idType: 'phone email',
+  };
+
+  // validate result
+  const bodyValidate = validateObject(body, validateOption);
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: bodyValidate.requires });
+    return;
+  }
+
+  const serial = service.main.generateVerificationCode(body.id, body.idType);
+
+  if (serial) {
+    service.main.registerTemporaryID(body.id, body.idType, serial);
+    ctx.body = reply('s');
+  } else {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: 'Could not generate verification code.' });
+  }
+});
+
+userManager.post('/validateCode', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  // validate result
+  const bodyValidate = validateObject(body, 'id code');
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: bodyValidate.requires });
+    return;
+  }
+
+  const isValid = service.main.isCodeValid(body.id, body.code);
+
+  if (!isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', {
+      e: 'Verification code is wrong',
+      isValid: isValid,
+    });
+    return;
+  }
+
+  ctx.body = reply('s', { isValid: isValid });
+});
+
+userManager.post('/submit_password', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  // validate result
+  const bodyValidate = validateObject(body, 'id password code');
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: bodyValidate.requires });
+    return;
+  }
+
+  try {
+    const userId = await service.main.submitPasswordForTemporaryID(
+      body.id,
+      body.password,
+      body.code
+    );
+    if (userId) {
+      ctx.body = reply('s');
+    } else {
+      ctx.status = 412;
+      ctx.body = reply('f');
+    }
+  } catch (error) {
+    ctx.status = 412;
+    ctx.body = reply('f');
+  }
+});
+
+userManager.post('/change_password', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  // validate result
+  const bodyValidate = validateObject(body, 'id password code');
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: bodyValidate.requires });
+    return;
+  }
+
+  try {
+    const userId = await service.main.changePasswordForTemporaryID(
+      body.id,
+      body.password,
+      body.code
+    );
+    if (userId) {
+      ctx.body = reply('s');
+    } else {
+      ctx.status = 412;
+      ctx.body = reply('f');
+    }
+  } catch (error) {
+    ctx.status = 412;
+    ctx.body = reply('f');
+  }
+});
+
+userManager.post('/login', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  const validateOption = {
+    id: '',
+    password: '',
+    idType: 'phone email',
+  };
+
+  // validate result
+  const bodyValidate = validateObject(body, validateOption);
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: bodyValidate.requires });
+    return;
+  }
+
+  await service.main
+    .loginUser(body.id, body.idType, body.password)
+    .then(token => (ctx.body = reply('s', { token: token })))
+    .catch(err => {
+      ctx.status = 412;
+      ctx.body = reply('e', { e: err });
+    });
+});
+
+userManager.get('/loginAnonymous', async (ctx: Context) => {
+  await service.main
+    .loginAnonymous()
+    .then(token => (ctx.body = reply('s', { token: token })))
+    .catch(err => {
+      ctx.status = 412;
+      ctx.body = reply('e', { e: err });
+    });
+});
+
+userManager.post('/getPermission', async (ctx: Context) => {
+  const body = ctx.request.body;
+
+  // validate result
+  const bodyValidate = validateObject(body, 'id');
+
+  // fields validation
+  if (!bodyValidate.isValid) {
+    ctx.status = 412;
+    ctx.body = reply('e', { e: bodyValidate.requires });
+    return;
+  }
+
+  const query = { _id: body.id };
+
+  const dataProvider = (global as any).services.dataProvider;
+  const permission = await dataProvider
+    .getCollection('cms', 'permission')
+    .findOne(query)
+    .catch((err: any) => {
+      ctx.status = 412;
+      ctx.body = reply('e', { e: err });
+    });
+
+  ctx.body = reply('s', { permission: permission });
+});
+
+export { name, userManager as main };