@nocobase/auth 0.10.0-alpha.4 → 0.10.1-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -2,12 +2,15 @@ import { Context, Next } from '@nocobase/actions';
2
2
  import { Model } from '@nocobase/database';
3
3
  import { Registry } from '@nocobase/utils';
4
4
  import { Auth, AuthExtend } from './auth';
5
+ import { JwtOptions, JwtService } from './base/jwt-service';
6
+ import { ITokenBlacklistService } from './base/token-blacklist-service';
5
7
  declare type Storer = {
6
8
  get: (name: string) => Promise<Model>;
7
9
  };
8
10
  declare type AuthManagerOptions = {
9
11
  authKey: string;
10
12
  default?: string;
13
+ jwt?: JwtOptions;
11
14
  };
12
15
  declare type AuthConfig = {
13
16
  auth: AuthExtend<Auth>;
@@ -16,8 +19,10 @@ export declare class AuthManager {
16
19
  protected options: AuthManagerOptions;
17
20
  protected authTypes: Registry<AuthConfig>;
18
21
  protected storer: Storer;
22
+ jwt: JwtService;
19
23
  constructor(options: AuthManagerOptions);
20
24
  setStorer(storer: Storer): void;
25
+ setTokenBlacklistService(service: ITokenBlacklistService): void;
21
26
  /**
22
27
  * registerTypes
23
28
  * @description Add a new authenticate type and the corresponding authenticator.
@@ -11,6 +11,7 @@ function _utils() {
11
11
  };
12
12
  return data;
13
13
  }
14
+ var _jwtService = require("./base/jwt-service");
14
15
  function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
15
16
  function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
16
17
  class AuthManager {
@@ -19,11 +20,16 @@ class AuthManager {
19
20
  this.authTypes = new (_utils().Registry)();
20
21
  // authenticators collection manager.
21
22
  this.storer = void 0;
23
+ this.jwt = void 0;
22
24
  this.options = options;
25
+ this.jwt = new _jwtService.JwtService(options.jwt);
23
26
  }
24
27
  setStorer(storer) {
25
28
  this.storer = storer;
26
29
  }
30
+ setTokenBlacklistService(service) {
31
+ this.jwt.blacklist = service;
32
+ }
27
33
  /**
28
34
  * registerTypes
29
35
  * @description Add a new authenticate type and the corresponding authenticator.
@@ -77,6 +83,10 @@ class AuthManager {
77
83
  var _this2 = this;
78
84
  return /*#__PURE__*/function () {
79
85
  var _ref = _asyncToGenerator(function* (ctx, next) {
86
+ const token = ctx.getBearerToken();
87
+ if (token && (yield ctx.app.authManager.jwt.blacklist.has(token))) {
88
+ return ctx.throw(401, ctx.t('token is not available'));
89
+ }
80
90
  const name = ctx.get(_this2.options.authKey) || _this2.options.default;
81
91
  let authenticator;
82
92
  try {
@@ -1,16 +1,17 @@
1
+ import { Collection, Model } from '@nocobase/database';
1
2
  import { Auth, AuthConfig } from '../auth';
2
3
  import { JwtService } from './jwt-service';
3
- import { Collection, Model } from '@nocobase/database';
4
4
  /**
5
5
  * BaseAuth
6
6
  * @description A base class with jwt provide some common methods.
7
7
  */
8
8
  export declare class BaseAuth extends Auth {
9
- protected jwt: JwtService;
10
9
  protected userCollection: Collection;
11
10
  constructor(config: AuthConfig & {
12
11
  userCollection: Collection;
13
12
  });
13
+ get userRepository(): import("@nocobase/database").Repository<any, any>;
14
+ get jwt(): JwtService;
14
15
  set user(user: Model);
15
16
  get user(): Model;
16
17
  check(): Promise<any>;
@@ -19,4 +20,5 @@ export declare class BaseAuth extends Auth {
19
20
  user: Model<any, any>;
20
21
  token: string;
21
22
  }>;
23
+ signOut(): Promise<any>;
22
24
  }
package/lib/base/auth.js CHANGED
@@ -5,7 +5,6 @@ Object.defineProperty(exports, "__esModule", {
5
5
  });
6
6
  exports.BaseAuth = void 0;
7
7
  var _auth = require("../auth");
8
- var _jwtService = require("./jwt-service");
9
8
  function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
10
9
  function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
11
10
  /**
@@ -14,13 +13,16 @@ function _asyncToGenerator(fn) { return function () { var self = this, args = ar
14
13
  */
15
14
  class BaseAuth extends _auth.Auth {
16
15
  constructor(config) {
17
- const options = config.options,
18
- userCollection = config.userCollection;
16
+ const userCollection = config.userCollection;
19
17
  super(config);
20
- this.jwt = void 0;
21
18
  this.userCollection = void 0;
22
19
  this.userCollection = userCollection;
23
- this.jwt = new _jwtService.JwtService(options.jwt);
20
+ }
21
+ get userRepository() {
22
+ return this.userCollection.repository;
23
+ }
24
+ get jwt() {
25
+ return this.ctx.app.authManager.jwt;
24
26
  }
25
27
  set user(user) {
26
28
  this.ctx.state.currentUser = user;
@@ -37,13 +39,16 @@ class BaseAuth extends _auth.Auth {
37
39
  }
38
40
  try {
39
41
  const _yield$_this$jwt$deco = yield _this.jwt.decode(token),
40
- userId = _yield$_this$jwt$deco.userId;
41
- const user = yield _this.userCollection.repository.findOne({
42
+ userId = _yield$_this$jwt$deco.userId,
43
+ roleName = _yield$_this$jwt$deco.roleName;
44
+ if (roleName) {
45
+ _this.ctx.headers['x-role'] = roleName;
46
+ }
47
+ return yield _this.userRepository.findOne({
42
48
  filter: {
43
49
  id: userId
44
50
  }
45
51
  });
46
- return user;
47
52
  } catch (err) {
48
53
  _this.ctx.logger.error(err);
49
54
  return null;
@@ -77,5 +82,15 @@ class BaseAuth extends _auth.Auth {
77
82
  };
78
83
  })();
79
84
  }
85
+ signOut() {
86
+ var _this3 = this;
87
+ return _asyncToGenerator(function* () {
88
+ const token = _this3.ctx.getBearerToken();
89
+ if (!token) {
90
+ return;
91
+ }
92
+ return yield _this3.jwt.block(token);
93
+ })();
94
+ }
80
95
  }
81
96
  exports.BaseAuth = BaseAuth;
@@ -1,12 +1,20 @@
1
+ import jwt, { SignOptions } from 'jsonwebtoken';
2
+ import { ITokenBlacklistService } from './token-blacklist-service';
1
3
  export interface JwtOptions {
2
4
  secret: string;
3
5
  expiresIn?: string;
4
6
  }
7
+ export declare type SignPayload = Parameters<typeof jwt.sign>[0];
5
8
  export declare class JwtService {
6
9
  protected options: JwtOptions;
7
- constructor(options: JwtOptions);
10
+ constructor(options?: JwtOptions);
11
+ blacklist: ITokenBlacklistService;
8
12
  private expiresIn;
9
13
  private secret;
10
- sign(payload: any): string;
14
+ sign(payload: SignPayload, options?: SignOptions): string;
11
15
  decode(token: string): Promise<any>;
16
+ /**
17
+ * @description Block a token so that this token can no longer be used
18
+ */
19
+ block(token: string): Promise<any>;
12
20
  }
@@ -12,15 +12,24 @@ function _jsonwebtoken() {
12
12
  return data;
13
13
  }
14
14
  function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
15
+ function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
16
+ function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
17
+ function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
18
+ function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { _defineProperty(target, key, source[key]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } return target; }
19
+ function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
20
+ function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
21
+ function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); }
15
22
  class JwtService {
16
- constructor(options) {
23
+ constructor(options = {
24
+ secret: process.env.APP_KEY
25
+ }) {
17
26
  this.options = void 0;
27
+ this.blacklist = void 0;
18
28
  this.options = options;
19
- const _ref = options || {},
20
- secret = _ref.secret,
21
- expiresIn = _ref.expiresIn;
29
+ const secret = options.secret,
30
+ expiresIn = options.expiresIn;
22
31
  this.options = {
23
- secret: secret || process.env.APP_KEY,
32
+ secret: secret,
24
33
  expiresIn: expiresIn || process.env.JWT_EXPIRES_IN || '7d'
25
34
  };
26
35
  }
@@ -30,10 +39,14 @@ class JwtService {
30
39
  secret() {
31
40
  return this.options.secret;
32
41
  }
33
- sign(payload) {
34
- return _jsonwebtoken().default.sign(payload, this.secret(), {
42
+ sign(payload, options) {
43
+ const opt = _objectSpread({
35
44
  expiresIn: this.expiresIn()
36
- });
45
+ }, options);
46
+ if (opt.expiresIn === 'never') {
47
+ opt.expiresIn = '1000y';
48
+ }
49
+ return _jsonwebtoken().default.sign(payload, this.secret(), opt);
37
50
  }
38
51
  decode(token) {
39
52
  return new Promise((resolve, reject) => {
@@ -45,5 +58,26 @@ class JwtService {
45
58
  });
46
59
  });
47
60
  }
61
+ /**
62
+ * @description Block a token so that this token can no longer be used
63
+ */
64
+ block(token) {
65
+ var _this = this;
66
+ return _asyncToGenerator(function* () {
67
+ if (!_this.blacklist) {
68
+ return null;
69
+ }
70
+ try {
71
+ const _yield$_this$decode = yield _this.decode(token),
72
+ exp = _yield$_this$decode.exp;
73
+ return _this.blacklist.add({
74
+ token,
75
+ expiration: new Date(exp * 1000).toString()
76
+ });
77
+ } catch (_unused) {
78
+ return null;
79
+ }
80
+ })();
81
+ }
48
82
  }
49
83
  exports.JwtService = JwtService;
@@ -0,0 +1,7 @@
1
+ export interface ITokenBlacklistService {
2
+ has(token: string): Promise<boolean>;
3
+ add(values: {
4
+ token: string;
5
+ expiration: string | Date;
6
+ }): Promise<any>;
7
+ }
@@ -0,0 +1,5 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
package/lib/index.d.ts CHANGED
@@ -1,4 +1,5 @@
1
- export * from './auth-manager';
1
+ export * from './actions';
2
2
  export * from './auth';
3
+ export * from './auth-manager';
3
4
  export * from './base/auth';
4
- export * from './actions';
5
+ export * from './base/token-blacklist-service';
package/lib/index.js CHANGED
@@ -3,14 +3,14 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- var _authManager = require("./auth-manager");
7
- Object.keys(_authManager).forEach(function (key) {
6
+ var _actions = require("./actions");
7
+ Object.keys(_actions).forEach(function (key) {
8
8
  if (key === "default" || key === "__esModule") return;
9
- if (key in exports && exports[key] === _authManager[key]) return;
9
+ if (key in exports && exports[key] === _actions[key]) return;
10
10
  Object.defineProperty(exports, key, {
11
11
  enumerable: true,
12
12
  get: function get() {
13
- return _authManager[key];
13
+ return _actions[key];
14
14
  }
15
15
  });
16
16
  });
@@ -25,6 +25,17 @@ Object.keys(_auth).forEach(function (key) {
25
25
  }
26
26
  });
27
27
  });
28
+ var _authManager = require("./auth-manager");
29
+ Object.keys(_authManager).forEach(function (key) {
30
+ if (key === "default" || key === "__esModule") return;
31
+ if (key in exports && exports[key] === _authManager[key]) return;
32
+ Object.defineProperty(exports, key, {
33
+ enumerable: true,
34
+ get: function get() {
35
+ return _authManager[key];
36
+ }
37
+ });
38
+ });
28
39
  var _auth2 = require("./base/auth");
29
40
  Object.keys(_auth2).forEach(function (key) {
30
41
  if (key === "default" || key === "__esModule") return;
@@ -36,14 +47,14 @@ Object.keys(_auth2).forEach(function (key) {
36
47
  }
37
48
  });
38
49
  });
39
- var _actions = require("./actions");
40
- Object.keys(_actions).forEach(function (key) {
50
+ var _tokenBlacklistService = require("./base/token-blacklist-service");
51
+ Object.keys(_tokenBlacklistService).forEach(function (key) {
41
52
  if (key === "default" || key === "__esModule") return;
42
- if (key in exports && exports[key] === _actions[key]) return;
53
+ if (key in exports && exports[key] === _tokenBlacklistService[key]) return;
43
54
  Object.defineProperty(exports, key, {
44
55
  enumerable: true,
45
56
  get: function get() {
46
- return _actions[key];
57
+ return _tokenBlacklistService[key];
47
58
  }
48
59
  });
49
60
  });
package/package.json CHANGED
@@ -1,20 +1,20 @@
1
1
  {
2
2
  "name": "@nocobase/auth",
3
- "version": "0.10.0-alpha.4",
3
+ "version": "0.10.1-alpha.1",
4
4
  "description": "",
5
5
  "license": "Apache-2.0",
6
6
  "main": "./lib/index.js",
7
7
  "types": "./lib/index.d.ts",
8
8
  "dependencies": {
9
- "@nocobase/actions": "0.10.0-alpha.4",
10
- "@nocobase/database": "0.10.0-alpha.4",
11
- "@nocobase/resourcer": "0.10.0-alpha.4",
12
- "@nocobase/utils": "0.10.0-alpha.4"
9
+ "@nocobase/actions": "0.10.1-alpha.1",
10
+ "@nocobase/database": "0.10.1-alpha.1",
11
+ "@nocobase/resourcer": "0.10.1-alpha.1",
12
+ "@nocobase/utils": "0.10.1-alpha.1"
13
13
  },
14
14
  "repository": {
15
15
  "type": "git",
16
16
  "url": "git+https://github.com/nocobase/nocobase.git",
17
17
  "directory": "packages/auth"
18
18
  },
19
- "gitHead": "62dacadb2a83d30cb36dda9074f2f3a072a37484"
19
+ "gitHead": "8f415f5e0ee2e72d681f9ab16af5911b52c374a9"
20
20
  }