@mondomob/gae-node-nestjs 12.0.0-alpha-2 → 12.0.0-alpha-3

package/dist/auth/auth.controller.js

@@ -0,0 +1,312 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const __1 = require("..");
+const logging_1 = require("../logging");
+const auth_configurer_1 = require("./auth.configurer");
+const auth_guard_1 = require("./auth.guard");
+const auth_listener_1 = require("./auth.listener");
+let AuthController = class AuthController {
+    constructor(authConfigurer, inviteUserService, configuration, authListener) {
+        this.authConfigurer = authConfigurer;
+        this.inviteUserService = inviteUserService;
+        this.configuration = configuration;
+        this.authListener = authListener;
+        this.logger = (0, logging_1.createLogger)('auth-controller');
+    }
+    signIn(req, res, next) {
+        this.authConfigurer.authenticateLocal()(req, res, (result) => {
+            if (result) {
+                if (result instanceof common_1.HttpException) {
+                    return res.status(result.getStatus()).send(result.getResponse());
+                }
+                next(result);
+            }
+            else {
+                this.authListener.onLogin(req);
+                res.send({
+                    result: 'success',
+                });
+            }
+        });
+    }
+    signInFake(req, res, next) {
+        this.authConfigurer.authenticateFake()(req, res, (result) => {
+            if (result) {
+                if (result instanceof common_1.HttpException) {
+                    return res.status(result.getStatus()).send(result.getResponse());
+                }
+                next(result);
+            }
+            else {
+                this.authListener.onLogin(req);
+                res.send({
+                    result: 'success',
+                });
+            }
+        });
+    }
+    async activate(req, res, next, context) {
+        await this.inviteUserService.activateAccount(context, req.body.code, req.body.name, req.body.password);
+        res.send({
+            result: 'Activated successfully',
+        });
+    }
+    async reInviteUser(req, res, next, context) {
+        if (!req.body.userId) {
+            throw new Error('User id not supplied');
+        }
+        this.logger.info('Re invite requested for ' + req.body.userId);
+        const userInviteResponse = await this.inviteUserService.reInviteForUserId(context, req.body.userId);
+        if (userInviteResponse) {
+            res.send({
+                result: 'Re Invited user successfully',
+            });
+        }
+        else {
+            res.status(common_1.HttpStatus.INTERNAL_SERVER_ERROR).send('Error while re inviting user');
+        }
+    }
+    signOutLocal(req, res, next) {
+        this.logger.debug('Logging out local user');
+        req.logout(() => undefined);
+        if (req.xhr) {
+            res.status(204).send();
+        }
+        else {
+            const redirectUrl = '/';
+            this.logger.debug(`Redirecting to ${redirectUrl} for non-xhr request`);
+            res.redirect(redirectUrl);
+        }
+    }
+    signOut(req, res, next) {
+        this.logger.warn('This endpoint is deprecated and will be removed in future releases - please use GET /auth/signout/local instead');
+        req.logout(() => undefined);
+        res.redirect('/');
+    }
+    signInGoogle(req, res, next) {
+        this.authConfigurer.beginAuthenticateGoogle()(req, res, next);
+    }
+    completeSignInGoogle(req, res) {
+        this.authConfigurer.completeAuthenticateGoogle()(req, res, (err) => {
+            if (req.user) {
+                this.authListener.onLogin(req);
+                res.redirect(`/`);
+            }
+            else {
+                this.logger.warn('Login with google failed', err);
+                res.redirect(`/signin?error=${encodeURIComponent('Login with google failed.')}`);
+            }
+        });
+    }
+    signInSaml(req, res, next) {
+        this.logger.info('Redirecting to SAML Identity Provider');
+        this.authConfigurer.beginAuthenticateSaml()(req, res, next);
+    }
+    completeSignInSaml(req, res) {
+        this.logger.info('Received ACS callback from SAML Identity Provider');
+        this.authConfigurer.completeAuthenticateSaml()(req, res, (err) => {
+            if (req.user) {
+                this.logger.info('user: %o', req.user);
+                this.authListener.onLogin(req);
+                res.redirect('/');
+            }
+            else {
+                this.logger.warn('Login with SAML failed', err);
+                res.redirect(`/signin?error=${encodeURIComponent('Login with SAML failed.')}`);
+            }
+        });
+    }
+    signInAuth0(req, res, next) {
+        this.authConfigurer.beginAuthenticateAuth0(req)(req, res, next);
+    }
+    signOutAuth0(req, res) {
+        const redirectUrl = this.authConfigurer.getSignoutUrlAuth0();
+        this.logger.info('Redirecting to ', redirectUrl);
+        res.redirect(redirectUrl);
+    }
+    completeSignInAuth0(req, res) {
+        this.authConfigurer.completeAuthenticateAuth0(req)(req, res, (err) => {
+            if (req.user) {
+                this.authListener.onLogin(req);
+                res.redirect(`/`);
+            }
+            else {
+                this.logger.warn('Login with auth0 failed', err);
+                res.redirect(`/signin?error=${encodeURIComponent('Login with auth0 failed.')}`);
+            }
+        });
+    }
+    signInOidc(req, res, next) {
+        this.authConfigurer.beginAuthenticateOidc()(req, res, next);
+    }
+    completeSignInOidc(req, res) {
+        this.authConfigurer.completeAuthenticateOidc()(req, res, (err) => {
+            if (req.user) {
+                this.authListener.onLogin(req);
+                res.redirect(`/`);
+            }
+            else {
+                this.logger.warn('Login with oidc failed', err);
+                res.redirect(`/signin?error=${encodeURIComponent('Login with oidc failed.')}`);
+            }
+        });
+    }
+};
+exports.AuthController = AuthController;
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Post)('signin/local'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signIn", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Post)('signin/fake'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signInFake", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Post)('activate'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__param(3, (0, __1.Ctxt)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "activate", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.Roles)('admin'),
+    (0, common_1.Post)('re-invite'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__param(3, (0, __1.Ctxt)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "reInviteUser", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signout/local'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signOutLocal", null);
+tslib_1.__decorate([
+    (0, common_1.Post)('signout/local'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signOut", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/google'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signInGoogle", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/google/callback'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "completeSignInGoogle", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/saml'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signInSaml", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Post)('signin/saml/acs'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "completeSignInSaml", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/auth0'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signInAuth0", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signout/auth0'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signOutAuth0", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/auth0/callback'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "completeSignInAuth0", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/oidc'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__param(2, (0, common_1.Next)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "signInOidc", null);
+tslib_1.__decorate([
+    (0, auth_guard_1.AllowAnonymous)(),
+    (0, common_1.Get)('signin/oidc/callback'),
+    tslib_1.__param(0, (0, common_1.Req)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object]),
+    tslib_1.__metadata("design:returntype", void 0)
+], AuthController.prototype, "completeSignInOidc", null);
+exports.AuthController = AuthController = tslib_1.__decorate([
+    (0, common_1.Controller)('auth'),
+    tslib_1.__param(2, (0, common_1.Inject)('Configuration')),
+    tslib_1.__param(3, (0, common_1.Inject)(auth_listener_1.AUTH_LISTENER)),
+    tslib_1.__metadata("design:paramtypes", [auth_configurer_1.AuthConfigurer,
+        __1.InviteUserService, Object, Object])
+], AuthController);
+//# sourceMappingURL=auth.controller.js.map

package/dist/auth/auth.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.controller.js","sourceRoot":"","sources":["../../src/auth/auth.controller.ts"],"names":[],"mappings":";;;;AAAA,2CAA0G;AAE1G,0BAAqE;AACrE,wCAAkD;AAClD,uDAAmD;AACnD,6CAAqD;AACrD,mDAA8D;AAGvD,IAAM,cAAc,GAApB,MAAM,cAAc;IAEzB,YACmB,cAA8B,EAC9B,iBAAoC,EACX,aAA4B,EAC9B,YAA0B;QAHjD,mBAAc,GAAd,cAAc,CAAgB;QAC9B,sBAAiB,GAAjB,iBAAiB,CAAmB;QACX,kBAAa,GAAb,aAAa,CAAe;QAC9B,iBAAY,GAAZ,YAAY,CAAc;QAElE,IAAI,CAAC,MAAM,GAAG,IAAA,sBAAY,EAAC,iBAAiB,CAAC,CAAC;IAChD,CAAC;IAID,MAAM,CAAQ,GAAY,EAAS,GAAa,EAAU,IAA0B;QAClF,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,MAAc,EAAE,EAAE;YACnE,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,MAAM,YAAY,sBAAa,EAAE,CAAC;oBACpC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;gBACnE,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,IAAI,CAAC;oBACP,MAAM,EAAE,SAAS;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAID,UAAU,CAAQ,GAAY,EAAS,GAAa,EAAU,IAA0B;QACtF,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,MAAc,EAAE,EAAE;YAClE,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,MAAM,YAAY,sBAAa,EAAE,CAAC;oBACpC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;gBACnE,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,IAAI,CAAC;oBACP,MAAM,EAAE,SAAS;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAIK,AAAN,KAAK,CAAC,QAAQ,CACL,GAAY,EACZ,GAAa,EACZ,IAA0B,EAC1B,OAAgB;QAExB,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvG,GAAG,CAAC,IAAI,CAAC;YACP,MAAM,EAAE,wBAAwB;SACjC,CAAC,CAAC;IACL,CAAC;IAIK,AAAN,KAAK,CAAC,YAAY,CACT,GAAY,EACZ,GAAa,EACZ,IAA0B,EAC1B,OAAgB;QAExB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEpG,IAAI,kBAAkB,EAAE,CAAC;YACvB,GAAG,CAAC,IAAI,CAAC;gBACP,MAAM,EAAE,8BAA8B;aACvC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,mBAAU,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAID,YAAY,CAAQ,GAAY,EAAS,GAAa,EAAU,IAA0B;QACxF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAE5B,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,WAAW,GAAG,GAAG,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,WAAW,sBAAsB,CAAC,CAAC;YACvE,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAMD,OAAO,CAAQ,GAAY,EAAS,GAAa,EAAU,IAA0B;QACnF,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,iHAAiH,CAClH,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC5B,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAID,YAAY,CAAQ,GAAY,EAAS,GAAa,EAAU,IAAgB;QAC9E,IAAI,CAAC,cAAc,CAAC,uBAAuB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IAID,oBAAoB,CAAQ,GAAY,EAAS,GAAa;QAC5D,IAAI,CAAC,cAAc,CAAC,0BAA0B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAQ,EAAE,EAAE;YACtE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;gBAClD,GAAG,CAAC,QAAQ,CAAC,iBAAiB,kBAAkB,CAAC,2BAA2B,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAID,UAAU,CAAQ,GAAY,EAAS,GAAa,EAAU,IAAgB;QAC5E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAC1D,IAAI,CAAC,cAAc,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAID,kBAAkB,CAAQ,GAAY,EAAS,GAAa;QAC1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACtE,IAAI,CAAC,cAAc,CAAC,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAQ,EAAE,EAAE;YACpE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;gBAChD,GAAG,CAAC,QAAQ,CAAC,iBAAiB,kBAAkB,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC;YACjF,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAID,WAAW,CAAQ,GAAY,EAAS,GAAa,EAAU,IAAgB;QAC7E,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;IAID,YAAY,CAAQ,GAAY,EAAS,GAAa;QACpD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;QACjD,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAID,mBAAmB,CAAQ,GAAY,EAAS,GAAa;QAC3D,IAAI,CAAC,cAAc,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAQ,EAAE,EAAE;YACxE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;gBACjD,GAAG,CAAC,QAAQ,CAAC,iBAAiB,kBAAkB,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;YAClF,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAID,UAAU,CAAQ,GAAY,EAAS,GAAa,EAAU,IAAgB;QAC5E,IAAI,CAAC,cAAc,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAID,kBAAkB,CAAQ,GAAY,EAAS,GAAa;QAC1D,IAAI,CAAC,cAAc,CAAC,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAQ,EAAE,EAAE;YACpE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;gBAChD,GAAG,CAAC,QAAQ,CAAC,iBAAiB,kBAAkB,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC;YACjF,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AA1MY,wCAAc;AAazB;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,aAAI,EAAC,cAAc,CAAC;IACb,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;4CAcxD;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,aAAI,EAAC,aAAa,CAAC;IACR,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;gDAc5D;AAIK;IAFL,IAAA,2BAAc,GAAE;IAChB,IAAA,aAAI,EAAC,UAAU,CAAC;IAEd,mBAAA,IAAA,YAAG,GAAE,CAAA;IACL,mBAAA,IAAA,YAAG,GAAE,CAAA;IACL,mBAAA,IAAA,aAAI,GAAE,CAAA;IACN,mBAAA,IAAA,QAAI,GAAE,CAAA;;;;8CAMR;AAIK;IAFL,IAAA,kBAAK,EAAC,OAAO,CAAC;IACd,IAAA,aAAI,EAAC,WAAW,CAAC;IAEf,mBAAA,IAAA,YAAG,GAAE,CAAA;IACL,mBAAA,IAAA,YAAG,GAAE,CAAA;IACL,mBAAA,IAAA,aAAI,GAAE,CAAA;IACN,mBAAA,IAAA,QAAI,GAAE,CAAA;;;;kDAgBR;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,eAAe,CAAC;IACP,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;kDAW9D;AAMD;IADC,IAAA,aAAI,EAAC,eAAe,CAAC;IACb,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;6CAMzD;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,eAAe,CAAC;IACP,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;kDAE9D;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,wBAAwB,CAAC;IACR,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;;;;0DAU/C;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,aAAa,CAAC;IACP,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;gDAG5D;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,aAAI,EAAC,iBAAiB,CAAC;IACJ,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;;;;wDAY7C;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,cAAc,CAAC;IACP,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;iDAE7D;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,eAAe,CAAC;IACP,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;;;;kDAIvC;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,uBAAuB,CAAC;IACR,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;;;;yDAU9C;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,aAAa,CAAC;IACP,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAiB,mBAAA,IAAA,aAAI,GAAE,CAAA;;;;gDAE5D;AAID;IAFC,IAAA,2BAAc,GAAE;IAChB,IAAA,YAAG,EAAC,sBAAsB,CAAC;IACR,mBAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,mBAAA,IAAA,YAAG,GAAE,CAAA;;;;wDAU7C;yBAzMU,cAAc;IAD1B,IAAA,mBAAU,EAAC,MAAM,CAAC;IAMd,mBAAA,IAAA,eAAM,EAAC,eAAe,CAAC,CAAA;IACvB,mBAAA,IAAA,eAAM,EAAC,6BAAa,CAAC,CAAA;6CAHW,gCAAc;QACX,qBAAiB;GAJ5C,cAAc,CA0M1B"}

package/dist/auth/auth.guard.d.ts

@@ -0,0 +1,16 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Observable } from 'rxjs';
+import { Configuration } from '../configuration';
+export declare const Roles: (...roles: string[]) => import("@nestjs/common").CustomDecorator<string>;
+export declare const AllowAnonymous: () => import("@nestjs/common").CustomDecorator<string>;
+export declare const Task: () => import("@nestjs/common").CustomDecorator<string>;
+export declare const Cron: () => import("@nestjs/common").CustomDecorator<string>;
+export declare const System: () => import("@nestjs/common").CustomDecorator<string>;
+export declare class AuthGuard implements CanActivate {
+    private readonly reflector;
+    private readonly configurationProvider;
+    private logger;
+    constructor(reflector: Reflector, configurationProvider: Configuration);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean>;
+}

package/dist/auth/auth.guard.js

@@ -0,0 +1,127 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthGuard = exports.System = exports.Cron = exports.Task = exports.AllowAnonymous = exports.Roles = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const logging_1 = require("../logging");
+const context_1 = require("../datastore/context");
+const configuration_1 = require("../configuration");
+const util_1 = require("../util");
+const logger = (0, logging_1.createLogger)('auth-guard');
+const Roles = (...roles) => (0, common_1.SetMetadata)('roles', roles);
+exports.Roles = Roles;
+const AllowAnonymous = () => (0, common_1.SetMetadata)('allowAnonymous', true);
+exports.AllowAnonymous = AllowAnonymous;
+const Task = () => (0, common_1.SetMetadata)('secure-header', 'x-appengine-taskname');
+exports.Task = Task;
+const Cron = () => (0, common_1.SetMetadata)('secure-header', 'x-appengine-cron');
+exports.Cron = Cron;
+const System = () => (0, common_1.SetMetadata)('system', true);
+exports.System = System;
+const reflectValue = (reflector, key, context, defaultValue) => {
+    const methodValue = reflector.get(key, context.getHandler());
+    if (methodValue !== undefined) {
+        return methodValue;
+    }
+    const classValue = reflector.get(key, context.getClass());
+    if (classValue !== undefined) {
+        return classValue;
+    }
+    return defaultValue;
+};
+function isAllowAnonymous(reflector, context) {
+    return reflectValue(reflector, 'allowAnonymous', context, false);
+}
+function isUserAllowedAccess(reflector, context, user) {
+    if (!user) {
+        return false;
+    }
+    const roles = reflectValue(reflector, 'roles', context, []);
+    if (!roles.length) {
+        return true;
+    }
+    const { roles: userRoles = [] } = user;
+    const allowed = roles.some(role => userRoles.includes(role));
+    if (!allowed) {
+        logger.warn('User does not have the required role');
+    }
+    return allowed;
+}
+function isSystemCall(reflector, context) {
+    return reflectValue(reflector, 'system', context, false);
+}
+async function isAuthorizedSystemCall(reflector, context, secret) {
+    const { verify } = await Promise.resolve().then(() => require('jsonwebtoken'));
+    const { headers } = (0, util_1.getRequestFromExecutionContext)(context);
+    if (!headers.authorization) {
+        return false;
+    }
+    const token = headers.authorization.substr(4);
+    return new Promise(resolve => verify(token, secret, {
+        maxAge: '5 min',
+        algorithms: ['HS256'],
+    }, err => {
+        if (err) {
+            logger.error('Error decoding system token', err);
+            resolve(false);
+        }
+        else {
+            resolve(true);
+        }
+    }));
+}
+function getRequiredSecureHeader(reflector, context) {
+    return reflectValue(reflector, 'secure-header', context, undefined);
+}
+function hasSecureHeader(secureHeader, context) {
+    const { headers } = (0, util_1.getRequestFromExecutionContext)(context);
+    if (!headers) {
+        return false;
+    }
+    return !!headers[secureHeader];
+}
+function getUser(context) {
+    const request = (0, util_1.getRequestFromExecutionContext)(context);
+    if (request.context && request.context.user) {
+        return request.context.user;
+    }
+    else {
+        const args = context.getArgs();
+        if (args.length > 2) {
+            const ctxt = args[2];
+            if ((0, context_1.isContext)(ctxt)) {
+                return ctxt.user;
+            }
+        }
+    }
+    return undefined;
+}
+let AuthGuard = class AuthGuard {
+    constructor(reflector, configurationProvider) {
+        this.reflector = reflector;
+        this.configurationProvider = configurationProvider;
+        this.logger = (0, logging_1.createLogger)('auth-guard');
+    }
+    canActivate(context) {
+        if (isAllowAnonymous(this.reflector, context)) {
+            return true;
+        }
+        if (isSystemCall(this.reflector, context)) {
+            return isAuthorizedSystemCall(this.reflector, context, this.configurationProvider.systemSecret);
+        }
+        const requiredSecureHeader = getRequiredSecureHeader(this.reflector, context);
+        if (requiredSecureHeader) {
+            return hasSecureHeader(requiredSecureHeader, context);
+        }
+        const user = getUser(context);
+        return isUserAllowedAccess(this.reflector, context, user);
+    }
+};
+exports.AuthGuard = AuthGuard;
+exports.AuthGuard = AuthGuard = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(1, (0, common_1.Inject)(configuration_1.CONFIGURATION)),
+    tslib_1.__metadata("design:paramtypes", [core_1.Reflector, Object])
+], AuthGuard);
+//# sourceMappingURL=auth.guard.js.map

package/dist/auth/auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../src/auth/auth.guard.ts"],"names":[],"mappings":";;;;AAAA,2CAAgG;AAChG,uCAAyC;AAEzC,wCAAkD;AAClD,kDAAwD;AACxD,oDAAgE;AAChE,kCAAyD;AAEzD,MAAM,MAAM,GAAG,IAAA,sBAAY,EAAC,YAAY,CAAC,CAAC;AAEnC,MAAM,KAAK,GAAG,CAAC,GAAG,KAAe,EAAE,EAAE,CAAC,IAAA,oBAAW,EAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AAA5D,QAAA,KAAK,SAAuD;AAClE,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;AAA3D,QAAA,cAAc,kBAA6C;AACjE,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;AAAlE,QAAA,IAAI,QAA8D;AACxE,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;AAA9D,QAAA,IAAI,QAA0D;AACpE,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AAA3C,QAAA,MAAM,UAAqC;AAExD,MAAM,YAAY,GAAG,CAAI,SAAoB,EAAE,GAAW,EAAE,OAAyB,EAAE,YAAe,EAAE,EAAE;IACxG,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAI,GAAG,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEhE,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAI,GAAG,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE7D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC,CAAC;AAEF,SAAS,gBAAgB,CAAC,SAAoB,EAAE,OAAyB;IACvE,OAAO,YAAY,CAAC,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,mBAAmB,CAAC,SAAoB,EAAE,OAAyB,EAAE,IAAY;IACxF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IAC5D,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,SAAS,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IACvC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,SAAoB,EAAE,OAAyB;IACnE,OAAO,YAAY,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,SAAoB,EAAE,OAAyB,EAAE,MAAc;IACnG,MAAM,EAAE,MAAM,EAAE,GAAG,2CAAa,cAAc,EAAC,CAAC;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,qCAA8B,EAAC,OAAO,CAAC,CAAC;IAE5D,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAE9C,OAAO,IAAI,OAAO,CAAU,OAAO,CAAC,EAAE,CACpC,MAAM,CACJ,KAAK,EACL,MAAM,EACN;QACE,MAAM,EAAE,OAAO;QACf,UAAU,EAAE,CAAC,OAAO,CAAC;KACtB,EACD,GAAG,CAAC,EAAE;QACJ,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;YACjD,OAAO,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC;IACH,CAAC,CACF,CACF,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,SAAoB,EAAE,OAAyB;IAC9E,OAAO,YAAY,CAAqB,SAAS,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAC1F,CAAC;AAED,SAAS,eAAe,CAAC,YAAoB,EAAE,OAAyB;IACtE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,qCAA8B,EAAC,OAAO,CAAC,CAAC;IAE5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,OAAO,CAAC,OAAyB;IACxC,MAAM,OAAO,GAAG,IAAA,qCAA8B,EAAC,OAAO,CAAC,CAAC;IAExD,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QAE/B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAErB,IAAI,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAGM,IAAM,SAAS,GAAf,MAAM,SAAS;IAGpB,YACmB,SAAoB,EACG,qBAAoC;QAD3D,cAAS,GAAT,SAAS,CAAW;QACG,0BAAqB,GAArB,qBAAqB,CAAe;QAE5E,IAAI,CAAC,MAAM,GAAG,IAAA,sBAAY,EAAC,YAAY,CAAC,CAAC;IAC3C,CAAC;IAED,WAAW,CAAC,OAAyB;QACnC,IAAI,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC;YAC1C,OAAO,sBAAsB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,oBAAoB,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9E,IAAI,oBAAoB,EAAE,CAAC;YACzB,OAAO,eAAe,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,mBAAmB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAC5D,CAAC;CACF,CAAA;AA3BY,8BAAS;oBAAT,SAAS;IADrB,IAAA,mBAAU,GAAE;IAMR,mBAAA,IAAA,eAAM,EAAC,6BAAa,CAAC,CAAA;6CADM,gBAAS;GAJ5B,SAAS,CA2BrB"}

package/dist/auth/auth.listener.d.ts

@@ -0,0 +1,5 @@
+import { Request } from 'express';
+export declare const AUTH_LISTENER = "AuthListener";
+export interface AuthListener {
+    onLogin(req: Request): void;
+}

package/dist/auth/auth.listener.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTH_LISTENER = void 0;
+exports.AUTH_LISTENER = 'AuthListener';
+//# sourceMappingURL=auth.listener.js.map

package/dist/auth/auth.listener.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.listener.js","sourceRoot":"","sources":["../../src/auth/auth.listener.ts"],"names":[],"mappings":";;;AAEa,QAAA,aAAa,GAAG,cAAc,CAAC"}

package/dist/auth/auth.repository.d.ts

@@ -0,0 +1,52 @@
+import * as t from 'io-ts';
+import { DatastoreProvider } from '../datastore/datastore.provider';
+import { Repository } from '../datastore/repository';
+import { OneOrMany } from '../util/types';
+import { Context } from '../datastore/context';
+declare const passwordReset: t.TypeC<{
+    id: t.StringC;
+    accountId: t.StringC;
+    createdAt: t.Type<Date, Date, unknown>;
+}>;
+export type PasswordReset = t.TypeOf<typeof passwordReset>;
+export declare class PasswordResetRepository extends Repository<PasswordReset> {
+    constructor(datastoreProvider: DatastoreProvider);
+}
+declare const userInvite: t.TypeC<{
+    id: t.StringC;
+    email: t.StringC;
+    createdAt: t.Type<Date, Date, unknown>;
+    userId: t.StringC;
+    roles: t.ArrayC<t.StringC>;
+}>;
+export type UserInvite = t.TypeOf<typeof userInvite>;
+export declare class UserInviteRepository extends Repository<UserInvite> {
+    constructor(datastoreProvider: DatastoreProvider);
+}
+declare const externalAuthTypeEnum: t.UnionC<[t.LiteralC<"google">, t.LiteralC<"saml">, t.LiteralC<"auth0">, t.LiteralC<"oidc">]>;
+declare const loginCredentials: t.Type<{
+    id: string;
+    userId: string;
+    password: string;
+    type: "password";
+} | {
+    id: string;
+    userId: string;
+    type: "google" | "saml" | "auth0" | "oidc";
+}, {
+    id: string;
+    userId: string;
+    password: string;
+    type: "password";
+} | {
+    id: string;
+    userId: string;
+    type: "google" | "saml" | "auth0" | "oidc";
+}, unknown>;
+export type LoginCredentials = t.TypeOf<typeof loginCredentials>;
+export type ExternalAuthType = t.TypeOf<typeof externalAuthTypeEnum>;
+export declare class CredentialRepository extends Repository<LoginCredentials> {
+    constructor(datastore: DatastoreProvider);
+    protected beforePersist(context: Context, entities: OneOrMany<LoginCredentials>): OneOrMany<LoginCredentials>;
+}
+export {};

package/dist/auth/auth.repository.js

@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialRepository = exports.UserInviteRepository = exports.PasswordResetRepository = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const t = require("io-ts");
+const datastore_provider_1 = require("../datastore/datastore.provider");
+const repository_1 = require("../datastore/repository");
+const types_1 = require("../util/types");
+const user_service_1 = require("./user.service");
+const passwordReset = t.interface({
+    id: t.string,
+    accountId: t.string,
+    createdAt: repository_1.dateType,
+});
+let PasswordResetRepository = class PasswordResetRepository extends repository_1.Repository {
+    constructor(datastoreProvider) {
+        super(datastoreProvider.datastore, 'PasswordReset', passwordReset, {});
+    }
+};
+exports.PasswordResetRepository = PasswordResetRepository;
+exports.PasswordResetRepository = PasswordResetRepository = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [datastore_provider_1.DatastoreProvider])
+], PasswordResetRepository);
+const userInvite = t.interface({
+    id: t.string,
+    email: t.string,
+    createdAt: repository_1.dateType,
+    userId: t.string,
+    roles: t.array(t.string),
+});
+let UserInviteRepository = class UserInviteRepository extends repository_1.Repository {
+    constructor(datastoreProvider) {
+        super(datastoreProvider.datastore, 'UserInvite', userInvite, {
+            index: {
+                userId: true,
+            },
+        });
+    }
+};
+exports.UserInviteRepository = UserInviteRepository;
+exports.UserInviteRepository = UserInviteRepository = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [datastore_provider_1.DatastoreProvider])
+], UserInviteRepository);
+const externalAuthTypeEnum = t.union([t.literal('google'), t.literal('saml'), t.literal('auth0'), t.literal('oidc')]);
+const loginCredentials = t.clean(t.union([
+    t.interface({
+        id: t.string,
+        userId: t.string,
+        password: t.string,
+        type: t.literal('password'),
+    }),
+    t.interface({
+        id: t.string,
+        userId: t.string,
+        type: externalAuthTypeEnum,
+    }),
+]));
+let CredentialRepository = class CredentialRepository extends repository_1.Repository {
+    constructor(datastore) {
+        super(datastore.datastore, 'LoginCredential', loginCredentials, {
+            defaultValues: { type: 'password' },
+            index: {
+                userId: true,
+            },
+        });
+    }
+    beforePersist(context, entities) {
+        return (0, types_1.asArray)(entities).map(entity => (Object.assign(Object.assign({}, entity), { id: (0, user_service_1.normaliseEmail)(entity.id) })));
+    }
+};
+exports.CredentialRepository = CredentialRepository;
+exports.CredentialRepository = CredentialRepository = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [datastore_provider_1.DatastoreProvider])
+], CredentialRepository);
+//# sourceMappingURL=auth.repository.js.map

package/dist/auth/auth.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.repository.js","sourceRoot":"","sources":["../../src/auth/auth.repository.ts"],"names":[],"mappings":";;;;AAAA,2CAA4C;AAC5C,2BAA2B;AAC3B,wEAAoE;AACpE,wDAA+D;AAC/D,yCAAmD;AAEnD,iDAAgD;AAEhD,MAAM,aAAa,GAAG,CAAC,CAAC,SAAS,CAAC;IAChC,EAAE,EAAE,CAAC,CAAC,MAAM;IACZ,SAAS,EAAE,CAAC,CAAC,MAAM;IACnB,SAAS,EAAE,qBAAQ;CACpB,CAAC,CAAC;AAKI,IAAM,uBAAuB,GAA7B,MAAM,uBAAwB,SAAQ,uBAAyB;IACpE,YAAY,iBAAoC;QAC9C,KAAK,CAAC,iBAAiB,CAAC,SAAS,EAAE,eAAe,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC;CACF,CAAA;AAJY,0DAAuB;kCAAvB,uBAAuB;IADnC,IAAA,mBAAU,GAAE;6CAEoB,sCAAiB;GADrC,uBAAuB,CAInC;AAED,MAAM,UAAU,GAAG,CAAC,CAAC,SAAS,CAAC;IAC7B,EAAE,EAAE,CAAC,CAAC,MAAM;IACZ,KAAK,EAAE,CAAC,CAAC,MAAM;IACf,SAAS,EAAE,qBAAQ;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM;IAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;CACzB,CAAC,CAAC;AAKI,IAAM,oBAAoB,GAA1B,MAAM,oBAAqB,SAAQ,uBAAsB;IAC9D,YAAY,iBAAoC;QAC9C,KAAK,CAAC,iBAAiB,CAAC,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE;YAC3D,KAAK,EAAE;gBACL,MAAM,EAAE,IAAI;aACb;SACF,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AARY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;6CAEoB,sCAAiB;GADrC,oBAAoB,CAQhC;AAED,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAEtH,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAC9B,CAAC,CAAC,KAAK,CAAC;IACN,CAAC,CAAC,SAAS,CAAC;QACV,EAAE,EAAE,CAAC,CAAC,MAAM;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,QAAQ,EAAE,CAAC,CAAC,MAAM;QAClB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;KAC5B,CAAC;IACF,CAAC,CAAC,SAAS,CAAC;QACV,EAAE,EAAE,CAAC,CAAC,MAAM;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B,CAAC;CACH,CAAC,CACH,CAAC;AAMK,IAAM,oBAAoB,GAA1B,MAAM,oBAAqB,SAAQ,uBAA4B;IACpE,YAAY,SAA4B;QACtC,KAAK,CAAC,SAAS,CAAC,SAAS,EAAE,iBAAiB,EAAE,gBAAgB,EAAE;YAC9D,aAAa,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;YACnC,KAAK,EAAE;gBACL,MAAM,EAAE,IAAI;aACb;SACF,CAAC,CAAC;IACL,CAAC;IAES,aAAa,CAAC,OAAgB,EAAE,QAAqC;QAC7E,OAAO,IAAA,eAAO,EAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,iCAClC,MAAM,KACT,EAAE,EAAE,IAAA,6BAAc,EAAC,MAAM,CAAC,EAAE,CAAC,IAC7B,CAAC,CAAC;IACN,CAAC;CACF,CAAA;AAhBY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;6CAEY,sCAAiB;GAD7B,oBAAoB,CAgBhC"}

package/dist/auth/auth.resolver.d.ts

@@ -0,0 +1,13 @@
+import { InviteUserService } from './invite-user.service';
+import { PasswordResetService } from './password-reset.service';
+import { Context } from '../datastore/context';
+export declare class AuthResolver {
+    private readonly passwordResetService;
+    private readonly inviteUserService;
+    constructor(passwordResetService: PasswordResetService, inviteUserService: InviteUserService);
+    resetPassword(_req: void, email: string, context: Context): Promise<void>;
+    confirmResetPassword(_req: void, newPassword: string, code: string, context: Context): Promise<void>;
+    inviteUser(_req: void, roles: string[], email: string, context: Context): Promise<string>;
+    checkActivationCode(_req: void, code: string, context: Context): Promise<string | null>;
+    activateAccount(_req: void, password: string, name: string, code: string, context: Context): Promise<void>;
+}