@nocobase/auth 2.1.0-beta.8 → 2.2.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/lib/actions.js +1 -0
  2. package/lib/auth-manager.d.ts +10 -0
  3. package/lib/auth-manager.js +32 -7
  4. package/lib/base/auth.js +5 -3
  5. package/lib/base/jwt-service.d.ts +1 -0
  6. package/lib/base/jwt-service.js +3 -0
  7. package/lib/base/token-control-service.d.ts +3 -1
  8. package/package.json +7 -7
package/lib/actions.js CHANGED
@@ -38,6 +38,7 @@ const actions = {
38
38
  }, "signIn"),
39
39
  signOut: /* @__PURE__ */ __name(async (ctx, next) => {
40
40
  await ctx.auth.signOut();
41
+ await ctx.app.emitAsync("auth:signOut", { ctx, auth: ctx.auth });
41
42
  await next();
42
43
  }, "signOut"),
43
44
  signUp: /* @__PURE__ */ __name(async (ctx, next) => {
package/lib/auth-manager.d.ts CHANGED
@@ -17,6 +17,10 @@ export interface Authenticator {
17
17
  options: Record<string, any>;
18
18
  [key: string]: any;
19
19
  }
20
+ export type BuiltInAuthenticator = Authenticator & {
21
+ name: string;
22
+ enabled?: boolean;
23
+ };
20
24
  export interface Storer {
21
25
  get: (name: string) => Promise<Authenticator>;
22
26
  }
@@ -28,6 +32,7 @@ export type AuthManagerOptions = {
28
32
  type AuthConfig = {
29
33
  auth: AuthExtend<Auth>;
30
34
  title?: string;
35
+ hidden?: boolean;
31
36
  getPublicOptions?: (options: Record<string, any>) => Record<string, any>;
32
37
  };
33
38
  export declare class AuthManager {
@@ -39,8 +44,13 @@ export declare class AuthManager {
39
44
  protected options: AuthManagerOptions;
40
45
  protected authTypes: Registry<AuthConfig>;
41
46
  protected storer: Storer;
47
+ protected builtInAuthenticators: Map<string, BuiltInAuthenticator>;
42
48
  constructor(options: AuthManagerOptions);
43
49
  setStorer(storer: Storer): void;
50
+ registerBuiltInAuthenticator(authenticator: BuiltInAuthenticator): void;
51
+ unregisterBuiltInAuthenticator(name: string): void;
52
+ getBuiltInAuthenticator(name: string): BuiltInAuthenticator;
53
+ private createAuth;
44
54
  setTokenBlacklistService(service: ITokenBlacklistService): void;
45
55
  setTokenControlService(service: ITokenControlService): void;
46
56
  /**
package/lib/auth-manager.js CHANGED
@@ -55,6 +55,7 @@ const _AuthManager = class _AuthManager {
55
55
  authTypes = new import_utils.Registry();
56
56
  // authenticators collection manager.
57
57
  storer;
58
+ builtInAuthenticators = /* @__PURE__ */ new Map();
58
59
  constructor(options) {
59
60
  this.options = options;
60
61
  const jwtOptions = options.jwt || {};
@@ -66,6 +67,30 @@ const _AuthManager = class _AuthManager {
66
67
  setStorer(storer) {
67
68
  this.storer = storer;
68
69
  }
70
+ registerBuiltInAuthenticator(authenticator) {
71
+ this.builtInAuthenticators.set(authenticator.name, {
72
+ enabled: true,
73
+ options: {},
74
+ ...authenticator
75
+ });
76
+ }
77
+ unregisterBuiltInAuthenticator(name) {
78
+ this.builtInAuthenticators.delete(name);
79
+ }
80
+ getBuiltInAuthenticator(name) {
81
+ const authenticator = this.builtInAuthenticators.get(name);
82
+ if (!(authenticator == null ? void 0 : authenticator.enabled)) {
83
+ return null;
84
+ }
85
+ return authenticator;
86
+ }
87
+ createAuth(authenticator, ctx) {
88
+ const { auth } = this.authTypes.get(authenticator.authType) || {};
89
+ if (!auth) {
90
+ throw new Error(`AuthType [${authenticator.authType}] is not found.`);
91
+ }
92
+ return new auth({ authenticator, options: authenticator.options, ctx });
93
+ }
69
94
  setTokenBlacklistService(service) {
70
95
  this.jwt.blacklist = service;
71
96
  }
@@ -84,7 +109,7 @@ const _AuthManager = class _AuthManager {
84
109
  this.authTypes.register(authType, authConfig);
85
110
  }
86
111
  listTypes() {
87
- return Array.from(this.authTypes.getEntities()).map(([authType, authConfig]) => ({
112
+ return Array.from(this.authTypes.getEntities()).filter(([, authConfig]) => !authConfig.hidden).map(([authType, authConfig]) => ({
88
113
  name: authType,
89
114
  title: authConfig.title
90
115
  }));
@@ -99,6 +124,10 @@ const _AuthManager = class _AuthManager {
99
124
  * @return authenticator instance.
100
125
  */
101
126
  async get(name, ctx) {
127
+ const builtInAuthenticator = this.getBuiltInAuthenticator(name);
128
+ if (builtInAuthenticator) {
129
+ return this.createAuth(builtInAuthenticator, ctx);
130
+ }
102
131
  if (!this.storer) {
103
132
  throw new Error("AuthManager.storer is not set.");
104
133
  }
@@ -106,11 +135,7 @@ const _AuthManager = class _AuthManager {
106
135
  if (!authenticator) {
107
136
  throw new Error(`Authenticator [${name}] is not found.`);
108
137
  }
109
- const { auth } = this.authTypes.get(authenticator.authType) || {};
110
- if (!auth) {
111
- throw new Error(`AuthType [${authenticator.authType}] is not found.`);
112
- }
113
- return new auth({ authenticator, options: authenticator.options, ctx });
138
+ return this.createAuth(authenticator, ctx);
114
139
  }
115
140
  /**
116
141
  * middleware
@@ -146,7 +171,7 @@ const _AuthManager = class _AuthManager {
146
171
  if (process.env.UNSAFE_USE_DEFAULT_JWT_SECRET === "true") {
147
172
  return process.env.APP_KEY;
148
173
  }
149
- const jwtSecretPath = import_path.default.resolve(process.cwd(), "storage", "apps", "main", "jwt_secret.dat");
174
+ const jwtSecretPath = (0, import_utils.storagePathJoin)("apps", "main", "jwt_secret.dat");
150
175
  const jwtSecretExists = import_fs.default.existsSync(jwtSecretPath);
151
176
  if (jwtSecretExists) {
152
177
  const key2 = import_fs.default.readFileSync(jwtSecretPath);
package/lib/base/auth.js CHANGED
@@ -87,7 +87,8 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
87
87
  if (!token) {
88
88
  this.ctx.throw(401, {
89
89
  message: this.ctx.t("Unauthenticated. Please sign in to continue.", { ns: localeNamespace }),
90
- code: import_auth.AuthErrorCode.EMPTY_TOKEN
90
+ code: import_auth.AuthErrorCode.EMPTY_TOKEN,
91
+ logLevel: "trace"
91
92
  });
92
93
  }
93
94
  let tokenStatus;
@@ -153,7 +154,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
153
154
  if (tokenStatus === "valid" && Date.now() - iat * 1e3 > tokenPolicy.tokenExpirationTime) {
154
155
  tokenStatus = "expired";
155
156
  }
156
- if (tokenStatus === "valid" && user.passwordChangeTz && iat * 1e3 < user.passwordChangeTz) {
157
+ if (user.passwordChangeTz && iat * 1e3 < user.passwordChangeTz) {
157
158
  this.ctx.throw(401, {
158
159
  message: this.ctx.t("User password changed, please signin again.", { ns: localeNamespace }),
159
160
  code: import_auth.AuthErrorCode.INVALID_TOKEN
@@ -241,7 +242,8 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
241
242
  return null;
242
243
  }
243
244
  async signNewToken(userId) {
244
- const tokenInfo = await this.tokenController.add({ userId });
245
+ var _a;
246
+ const tokenInfo = await this.tokenController.add({ userId, authenticator: (_a = this.authenticator) == null ? void 0 : _a.name });
245
247
  const expiresIn = Math.floor((await this.tokenController.getConfig()).tokenExpirationTime / 1e3);
246
248
  const token = this.jwt.sign(
247
249
  {
package/lib/base/jwt-service.d.ts CHANGED
@@ -20,6 +20,7 @@ export declare class JwtService {
20
20
  blacklist: ITokenBlacklistService;
21
21
  private expiresIn;
22
22
  private secret;
23
+ getSecret(): string | Buffer;
23
24
  sign(payload: SignPayload, options?: SignOptions): string;
24
25
  decode(token: string): Promise<JwtPayload>;
25
26
  /**
package/lib/base/jwt-service.js CHANGED
@@ -57,6 +57,9 @@ const _JwtService = class _JwtService {
57
57
  secret() {
58
58
  return this.options.secret;
59
59
  }
60
+ getSecret() {
61
+ return this.secret();
62
+ }
60
63
  /* istanbul ignore next -- @preserve */
61
64
  sign(payload, options) {
62
65
  const opt = { expiresIn: this.expiresIn(), ...options };
package/lib/base/token-control-service.d.ts CHANGED
@@ -18,6 +18,7 @@ export type NumericTokenPolicyConfig = {
18
18
  export type TokenInfo = {
19
19
  jti: string;
20
20
  userId: number;
21
+ authenticator?: string;
21
22
  issuedTime: EpochTimeStamp;
22
23
  signInTime: EpochTimeStamp;
23
24
  renewed: boolean;
@@ -30,8 +31,9 @@ export interface ITokenControlService {
30
31
  jti: string;
31
32
  issuedTime: EpochTimeStamp;
32
33
  }>;
33
- add({ userId }: {
34
+ add({ userId, authenticator }: {
34
35
  userId: number;
36
+ authenticator?: string;
35
37
  }): Promise<TokenInfo>;
36
38
  removeSessionExpiredTokens(userId: number): Promise<any>;
37
39
  }
package/package.json CHANGED
@@ -1,16 +1,16 @@
1
1
  {
2
2
  "name": "@nocobase/auth",
3
- "version": "2.1.0-beta.8",
3
+ "version": "2.2.0-alpha.1",
4
4
  "description": "",
5
5
  "license": "Apache-2.0",
6
6
  "main": "./lib/index.js",
7
7
  "types": "./lib/index.d.ts",
8
8
  "dependencies": {
9
- "@nocobase/actions": "2.1.0-beta.8",
10
- "@nocobase/cache": "2.1.0-beta.8",
11
- "@nocobase/database": "2.1.0-beta.8",
12
- "@nocobase/resourcer": "2.1.0-beta.8",
13
- "@nocobase/utils": "2.1.0-beta.8",
9
+ "@nocobase/actions": "2.2.0-alpha.1",
10
+ "@nocobase/cache": "2.2.0-alpha.1",
11
+ "@nocobase/database": "2.2.0-alpha.1",
12
+ "@nocobase/resourcer": "2.2.0-alpha.1",
13
+ "@nocobase/utils": "2.2.0-alpha.1",
14
14
  "@types/jsonwebtoken": "^9.0.9",
15
15
  "jsonwebtoken": "^9.0.2"
16
16
  },
@@ -19,5 +19,5 @@
19
19
  "url": "git+https://github.com/nocobase/nocobase.git",
20
20
  "directory": "packages/auth"
21
21
  },
22
- "gitHead": "5099d561c5467292414c1e77ad6bad3730d97344"
22
+ "gitHead": "303663aba6c6eefa27e6a6435b4c0352074ec40f"
23
23
  }