@nocobase/plugin-users 0.10.0-alpha.5 → 0.11.0-alpha.1

package/lib/client/index.d.ts

@@ -0,0 +1,5 @@
+import { Plugin } from '@nocobase/client';
+declare class UsersPlugin extends Plugin {
+    load(): Promise<void>;
+}
+export default UsersPlugin;

package/lib/client/index.js

@@ -0,0 +1,22 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+function _client() {
+  const data = require("@nocobase/client");
+  _client = function _client() {
+    return data;
+  };
+  return data;
+}
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
+class UsersPlugin extends _client().Plugin {
+  load() {
+    return _asyncToGenerator(function* () {})();
+  }
+}
+var _default = UsersPlugin;
+exports.default = _default;

package/lib/index.d.ts

@@ -1,2 +1 @@
 export { default } from './server';
-export declare const namespace: any;

package/lib/index.js

@@ -9,8 +9,5 @@ Object.defineProperty(exports, "default", {
     return _server.default;
   }
 });
-exports.namespace = void 0;
 var _server = _interopRequireDefault(require("./server"));
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-const namespace = require('../package.json').name;
-exports.namespace = namespace;
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

package/lib/server/index.d.ts

@@ -0,0 +1,2 @@
+export { default } from './server';
+export declare const namespace: any;

package/lib/server/index.js

@@ -0,0 +1,16 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "default", {
+  enumerable: true,
+  get: function get() {
+    return _server.default;
+  }
+});
+exports.namespace = void 0;
+var _server = _interopRequireDefault(require("./server"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const namespace = require('../../package.json').name;
+exports.namespace = namespace;

package/package.json

@@ -4,21 +4,34 @@
   "displayName.zh-CN": "用户管理",
   "description": "manage the uses of nocobase system",
   "description.zh-CN": "管理系统用户",
-  "version": "0.10.0-alpha.5",
+  "version": "0.11.0-alpha.1",
   "license": "AGPL-3.0",
-  "main": "./lib/index.js",
-  "types": "./lib/index.d.ts",
+  "main": "./lib/server/index.js",
+  "files": [
+    "lib",
+    "src",
+    "README.md",
+    "README.zh-CN.md",
+    "CHANGELOG.md",
+    "server.js",
+    "server.d.ts",
+    "client.js",
+    "client.d.ts"
+  ],
   "dependencies": {
-    "@nocobase/actions": "0.10.0-alpha.5",
-    "@nocobase/database": "0.10.0-alpha.5",
-    "@nocobase/resourcer": "0.10.0-alpha.5",
-    "@nocobase/server": "0.10.0-alpha.5",
-    "@nocobase/utils": "0.10.0-alpha.5",
+    "@types/jsonwebtoken": "^8.5.8",
     "jsonwebtoken": "^8.5.1"
   },
   "devDependencies": {
-    "@nocobase/test": "0.10.0-alpha.5",
-    "@types/jsonwebtoken": "^8.5.8"
+    "@nocobase/actions": "0.11.0-alpha.1",
+    "@nocobase/client": "0.11.0-alpha.1",
+    "@nocobase/database": "0.11.0-alpha.1",
+    "@nocobase/plugin-acl": "0.11.0-alpha.1",
+    "@nocobase/plugin-auth": "0.11.0-alpha.1",
+    "@nocobase/resourcer": "0.11.0-alpha.1",
+    "@nocobase/server": "0.11.0-alpha.1",
+    "@nocobase/test": "0.11.0-alpha.1",
+    "@nocobase/utils": "0.11.0-alpha.1"
   },
-  "gitHead": "1be8fcdad42688064460761cea22830cf392c7c0"
+  "gitHead": "7581b6d3a3a54f09f06a9effb7e3e65328281b2b"
 }

package/src/client/index.ts

@@ -0,0 +1,7 @@
+import { Plugin } from '@nocobase/client';
+
+class UsersPlugin extends Plugin {
+  async load() { }
+}
+
+export default UsersPlugin;

package/src/index.ts

@@ -0,0 +1 @@
+export { default } from './server';

package/src/server/__tests__/actions.test.ts

@@ -0,0 +1,79 @@
+import Database from '@nocobase/database';
+import AuthPlugin from '@nocobase/plugin-auth';
+import { mockServer, MockServer } from '@nocobase/test';
+import PluginUsers from '..';
+import { userPluginConfig } from './utils';
+
+describe('actions', () => {
+  let app: MockServer;
+  let db: Database;
+  let adminUser;
+  let agent;
+  let adminAgent;
+  let pluginUser;
+
+  beforeEach(async () => {
+    app = mockServer();
+    await app.cleanDb();
+    process.env.INIT_ROOT_EMAIL = 'test@nocobase.com';
+    process.env.INIT_ROOT_PASSWORD = '123456';
+    process.env.INIT_ROOT_NICKNAME = 'Test';
+    app.plugin(PluginUsers, userPluginConfig);
+    app.plugin(AuthPlugin);
+    await app.loadAndInstall();
+    db = app.db;
+
+    pluginUser = app.getPlugin('users');
+    adminUser = await db.getRepository('users').findOne({
+      filter: {
+        email: process.env.INIT_ROOT_EMAIL,
+      },
+    });
+
+    agent = app.agent();
+    adminAgent = app.agent().login(adminUser);
+  });
+
+  afterEach(async () => {
+    await db.close();
+  });
+
+  // it('should login user with password', async () => {
+  //   const { INIT_ROOT_EMAIL, INIT_ROOT_PASSWORD } = process.env;
+
+  //   let response = await agent.resource('users').check();
+  //   expect(response.body.data.id).toBeUndefined();
+
+  //   response = await agent.post('/users:signin').send({
+  //     email: INIT_ROOT_EMAIL,
+  //     password: INIT_ROOT_PASSWORD,
+  //   });
+
+  //   expect(response.statusCode).toEqual(200);
+
+  //   const data = response.body.data;
+  //   const token = data.token;
+  //   expect(token).toBeDefined();
+
+  //   response = await agent.get('/users:check').set({ Authorization: 'Bearer ' + token });
+  //   expect(response.body.data.id).toBeDefined();
+  // });
+
+  it('update profile', async () => {
+    const res1 = await agent.resource('users').updateProfile({
+      filterByTk: adminUser.id,
+      values: {
+        nickname: 'a',
+      },
+    });
+    expect(res1.status).toBe(401);
+
+    const res2 = await adminAgent.resource('users').updateProfile({
+      filterByTk: adminUser.id,
+      values: {
+        nickname: 'a',
+      },
+    });
+    expect(res2.status).toBe(200);
+  });
+});

package/src/server/__tests__/fields.test.ts

@@ -0,0 +1,90 @@
+import Database from '@nocobase/database';
+import PluginACL from '@nocobase/plugin-acl';
+import UsersPlugin from '@nocobase/plugin-users';
+import { mockServer, MockServer } from '@nocobase/test';
+import { userPluginConfig } from './utils';
+describe('createdBy/updatedBy', () => {
+  let api: MockServer;
+  let db: Database;
+
+  beforeEach(async () => {
+    api = mockServer();
+    api.plugin(UsersPlugin, userPluginConfig);
+    api.plugin(PluginACL, { name: 'acl' });
+    await api.loadAndInstall({ clean: true });
+    db = api.db;
+  });
+
+  afterEach(async () => {
+    await db.close();
+  });
+
+  describe('collection definition', () => {
+    it('case 1', async () => {
+      const Post = db.collection({
+        name: 'posts',
+        createdBy: true,
+        updatedBy: true,
+      });
+      expect(Post.hasField('createdBy')).toBeTruthy();
+      expect(Post.hasField('updatedBy')).toBeTruthy();
+    });
+
+    it('case 2', async () => {
+      const Post = db.collection({
+        name: 'posts',
+        createdBy: true,
+        updatedBy: true,
+      });
+      await db.sync();
+      const currentUser = await db.getCollection('users').model.create();
+      await Post.repository.create({
+        context: {
+          state: {
+            currentUser,
+          },
+        },
+      });
+      const p2 = await Post.repository.findOne({
+        appends: ['createdBy', 'updatedBy'],
+      });
+
+      const data = p2.toJSON();
+      expect(data.createdBy.id).toBe(currentUser.get('id'));
+      expect(data.updatedBy.id).toBe(currentUser.get('id'));
+    });
+
+    it('case 3', async () => {
+      const Post = db.collection({
+        name: 'posts',
+        createdBy: true,
+        updatedBy: true,
+      });
+      await db.sync();
+      const user1 = await db.getCollection('users').model.create();
+      const user2 = await db.getCollection('users').model.create();
+      const p1 = await Post.repository.create({
+        context: {
+          state: {
+            currentUser: user1,
+          },
+        },
+      });
+      await Post.repository.update({
+        values: {},
+        filterByTk: p1.id,
+        context: {
+          state: {
+            currentUser: user2,
+          },
+        },
+      });
+      const p2 = await Post.repository.findOne({
+        appends: ['createdBy', 'updatedBy'],
+      });
+      const data = p2.toJSON();
+      expect(data.createdBy.id).toBe(user1.get('id'));
+      expect(data.updatedBy.id).toBe(user2.get('id'));
+    });
+  });
+});

package/src/server/__tests__/utils.ts

@@ -0,0 +1,8 @@
+import { UserPluginConfig } from '..';
+
+export const userPluginConfig: UserPluginConfig = {
+  name: 'users',
+  jwt: {
+    secret: '09f26e402586e2faa8da4c98a35f1b20d6b033c60',
+  },
+};

package/src/server/actions/users.ts

@@ -0,0 +1,148 @@
+import { Context, Next } from '@nocobase/actions';
+import { PasswordField } from '@nocobase/database';
+import { branch } from '@nocobase/resourcer';
+import crypto from 'crypto';
+import { namespace } from '../';
+
+export async function check(ctx: Context, next: Next) {
+  if (ctx.state.currentUser) {
+    const user = ctx.state.currentUser.toJSON();
+    ctx.body = user;
+  } else {
+    ctx.body = {};
+  }
+  await next();
+}
+
+export async function signin(ctx: Context, next: Next) {
+  const { authenticators, jwtService } = ctx.app.getPlugin('users');
+  const branches = {};
+  for (const [name, authenticator] of authenticators.getEntities()) {
+    branches[name] = authenticator;
+  }
+
+  return branch(branches, (context) => context.action.params.authenticator ?? 'password')(ctx, () => {
+    const user = ctx.state.currentUser.toJSON();
+    const token = jwtService.sign({ userId: user.id });
+    ctx.body = {
+      user,
+      token,
+    };
+
+    return next();
+  });
+}
+
+export async function signout(ctx: Context, next: Next) {
+  ctx.body = ctx.state.currentUser;
+  await next();
+}
+
+export async function signup(ctx: Context, next: Next) {
+  const User = ctx.db.getRepository('users');
+  const { values } = ctx.action.params;
+  const user = await User.create({ values });
+  ctx.body = user;
+  await next();
+}
+
+export async function lostpassword(ctx: Context, next: Next) {
+  const {
+    values: { email },
+  } = ctx.action.params;
+  if (!email) {
+    ctx.throw(400, { code: 'InvalidUserData', message: ctx.t('Please fill in your email address', { ns: namespace }) });
+  }
+  const User = ctx.db.getCollection('users');
+  const user = await User.model.findOne<any>({
+    where: {
+      email,
+    },
+  });
+  if (!user) {
+    ctx.throw(404, {
+      code: 'InvalidUserData',
+      message: ctx.t('The email is incorrect, please re-enter', { ns: namespace }),
+    });
+  }
+  user.resetToken = crypto.randomBytes(20).toString('hex');
+  await user.save();
+  ctx.body = user;
+  await next();
+}
+
+export async function resetpassword(ctx: Context, next: Next) {
+  const {
+    values: { email, password, resetToken },
+  } = ctx.action.params;
+  const User = ctx.db.getCollection('users');
+  const user = await User.model.findOne<any>({
+    where: {
+      email,
+      resetToken,
+    },
+  });
+  if (!user) {
+    ctx.throw(404);
+  }
+  user.token = null;
+  user.resetToken = null;
+  user.password = password;
+  await user.save();
+  ctx.body = user;
+  await next();
+}
+
+export async function getUserByResetToken(ctx: Context, next: Next) {
+  const { token } = ctx.action.params;
+  const User = ctx.db.getCollection('users');
+  const user = await User.model.findOne({
+    where: {
+      resetToken: token,
+    },
+  });
+  if (!user) {
+    ctx.throw(401);
+  }
+  ctx.body = user;
+  await next();
+}
+
+export async function updateProfile(ctx: Context, next: Next) {
+  const { values } = ctx.action.params;
+  const { currentUser } = ctx.state;
+  if (!currentUser) {
+    ctx.throw(401);
+  }
+  const UserRepo = ctx.db.getRepository('users');
+  const result = await UserRepo.update({
+    filterByTk: currentUser.id,
+    values,
+  });
+  ctx.body = result;
+  await next();
+}
+
+export async function changePassword(ctx: Context, next: Next) {
+  const {
+    values: { oldPassword, newPassword },
+  } = ctx.action.params;
+  if (!ctx.state.currentUser) {
+    ctx.throw(401);
+  }
+  const User = ctx.db.getCollection('users');
+  const user = await User.model.findOne<any>({
+    where: {
+      email: ctx.state.currentUser.email,
+    },
+  });
+  const pwd = User.getField<PasswordField>('password');
+  const isValid = await pwd.verify(oldPassword, user.password);
+  if (!isValid) {
+    ctx.throw(401, ctx.t('The password is incorrect, please re-enter', { ns: namespace }));
+  }
+  user.password = newPassword;
+  user.save();
+  ctx.body = ctx.state.currentUser.toJSON();
+  await next();
+}

package/src/server/authenticators/index.ts

@@ -0,0 +1,26 @@
+import path from 'path';
+
+import { requireModule } from '@nocobase/utils';
+import { HandlerType } from '@nocobase/resourcer';
+
+import Plugin from '..';
+
+interface Authenticators {
+  [key: string]: HandlerType;
+}
+
+export default function (plugin: Plugin, more: Authenticators = {}) {
+  const { authenticators } = plugin;
+
+  const natives = ['password'].reduce(
+    (result, key) =>
+      Object.assign(result, {
+        [key]: requireModule(path.isAbsolute(key) ? key : path.join(__dirname, key)) as HandlerType,
+      }),
+    {},
+  );
+
+  for (const [name, authenticator] of Object.entries(<Authenticators>{ ...more, ...natives })) {
+    authenticators.register(name, authenticator);
+  }
+}

package/src/server/authenticators/password.ts

@@ -0,0 +1,34 @@
+import { PasswordField } from '@nocobase/database';
+import { Context, Next } from '@nocobase/actions';
+import { namespace } from '..';
+
+export default async function (ctx: Context, next: Next) {
+  const { uniqueField = 'email', values } = ctx.action.params;
+
+  if (!values[uniqueField]) {
+    return ctx.throw(400, {
+      code: 'InvalidUserData',
+      message: ctx.t('Please fill in your email address', { ns: namespace }),
+    });
+  }
+  const User = ctx.db.getCollection('users');
+  const user = await User.model.findOne<any>({
+    where: {
+      [uniqueField]: values[uniqueField],
+    },
+  });
+
+  if (!user) {
+    return ctx.throw(404, ctx.t('The email is incorrect, please re-enter', { ns: namespace }));
+  }
+
+  const field = User.getField<PasswordField>('password');
+  const valid = await field.verify(values.password, user.password);
+  if (!valid) {
+    return ctx.throw(404, ctx.t('The password is incorrect, please re-enter', { ns: namespace }));
+  }
+
+  ctx.state.currentUser = user;
+
+  return next();
+}

package/src/server/collections/users.ts

@@ -0,0 +1,89 @@
+import { CollectionOptions } from '@nocobase/database';
+
+export default {
+  namespace: 'users.users',
+  duplicator: {
+    dumpable: 'optional',
+    with: 'rolesUsers',
+  },
+  name: 'users',
+  title: '{{t("Users")}}',
+  sortable: 'sort',
+  model: 'UserModel',
+  createdBy: true,
+  updatedBy: true,
+  logging: true,
+  fields: [
+    {
+      name: 'id',
+      type: 'bigInt',
+      autoIncrement: true,
+      primaryKey: true,
+      allowNull: false,
+      uiSchema: { type: 'number', title: '{{t("ID")}}', 'x-component': 'InputNumber', 'x-read-pretty': true },
+      interface: 'id',
+    },
+    {
+      interface: 'input',
+      type: 'string',
+      name: 'nickname',
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Nickname")}}',
+        'x-component': 'Input',
+      },
+    },
+    {
+      interface: 'email',
+      type: 'string',
+      name: 'email',
+      unique: true,
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Email")}}',
+        'x-component': 'Input',
+        'x-validator': 'email',
+        required: true,
+      },
+    },
+    {
+      interface: 'phone',
+      type: 'string',
+      name: 'phone',
+      unique: true,
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Phone")}}',
+        'x-component': 'Input',
+        'x-validator': 'phone',
+        required: true,
+      },
+    },
+    {
+      interface: 'password',
+      type: 'password',
+      name: 'password',
+      hidden: true,
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Password")}}',
+        'x-component': 'Password',
+      },
+    },
+    {
+      type: 'string',
+      name: 'appLang',
+    },
+    {
+      type: 'string',
+      name: 'resetToken',
+      unique: true,
+      hidden: true,
+    },
+    {
+      type: 'json',
+      name: 'systemSettings',
+      defaultValue: {},
+    },
+  ],
+} as CollectionOptions;

package/src/server/index.ts

@@ -0,0 +1,3 @@
+export { default } from './server';
+
+export const namespace = require('../../package.json').name;

package/src/server/jwt-service.ts

@@ -0,0 +1,34 @@
+import jwt from 'jsonwebtoken';
+
+export interface JwtOptions {
+  secret: string;
+  expiresIn?: string;
+}
+
+export class JwtService {
+  constructor(protected options: JwtOptions) {}
+
+  private expiresIn() {
+    return this.options.expiresIn || process.env.JWT_EXPIRES_IN || '7d';
+  }
+
+  private secret() {
+    return this.options.secret || process.env.APP_KEY;
+  }
+
+  sign(payload: any) {
+    return jwt.sign(payload, this.secret(), { expiresIn: this.expiresIn() });
+  }
+
+  decode(token: string): Promise<any> {
+    return new Promise((resolve, reject) => {
+      jwt.verify(token, this.secret(), (err: any, decoded: any) => {
+        if (err) {
+          return reject(err);
+        }
+
+        resolve(decoded);
+      });
+    });
+  }
+}

package/src/server/locale/en-US.ts

@@ -0,0 +1,10 @@
+export default {
+  'The email is incorrect, please re-enter': 'The email is incorrect, please re-enter',
+  'Please fill in your email address': 'Please fill in your email address',
+  'The password is incorrect, please re-enter': 'The password is incorrect, please re-enter',
+  'Not a valid cellphone number, please re-enter': 'Not a valid cellphone number, please re-enter',
+  'The phone number has been registered, please login directly':
+    'The phone number has been registered, please login directly',
+  'The phone number is not registered, please register first':
+    'The phone number is not registered, please register first',
+};

package/src/server/locale/es-ES.ts

@@ -0,0 +1,8 @@
+export default {
+  "The email is incorrect, please re-enter": "El correo electrónico es incorrecto, por favor vuelva a introducirlo",
+  "Please fill in your email address": "Por favor, introduzca su dirección de correo electrónico",
+  "The password is incorrect, please re-enter": "La contraseña es incorrecta, por favor, vuelva a introducirla",
+  "Not a valid cellphone number, please re-enter": "No es un número de móvil válido, por favor, vuelva a introducirlo",
+  "The phone number has been registered, please login directly": "El número de teléfono ha sido registrado, por favor, inicie sesión directamente",
+  "The phone number is not registered, please register first": "El número de teléfono no está registrado, por favor regístrese primero"
+};

package/src/server/locale/index.ts

@@ -0,0 +1,3 @@
+export { default as enUS } from './en-US';
+export { default as zhCN } from './zh-CN';
+export { default as ptBR } from './pt-BR';

package/src/server/locale/ja-JP.ts

@@ -0,0 +1,4 @@
+export default {
+  'Please fill in your email address': 'メールアドレスを入力してください',
+  'The password is incorrect, please re-enter': 'パスワードが正しくありません。再度入力してください。',
+};

package/src/server/locale/pt-BR.ts

@@ -0,0 +1,10 @@
+export default {
+  'The email is incorrect, please re-enter': 'O e-mail está incorreto, por favor, digite novamente',
+  'Please fill in your email address': 'Por favor, preencha o seu endereço de e-mail',
+  'The password is incorrect, please re-enter': 'A senha está incorreta, por favor, digite novamente',
+  'Not a valid cellphone number, please re-enter': 'Número de celular inválido, por favor, digite novamente',
+  'The phone number has been registered, please login directly':
+    'O número de celular já está registrado, por favor, faça login diretamente',
+  'The phone number is not registered, please register first':
+    'O número de celular não está registrado, por favor, registre-se primeiro',
+};

package/src/server/locale/zh-CN.ts

@@ -0,0 +1,8 @@
+export default {
+  'The email is incorrect, please re-enter': '邮箱有误，请重新输入',
+  'Please fill in your email address': '请填写邮箱',
+  'The password is incorrect, please re-enter': '密码有误，请重新输入',
+  'Not a valid cellphone number, please re-enter': '不是有效的手机号，请重新输入',
+  'The phone number has been registered, please login directly': '手机号已注册，请直接登录',
+  'The phone number is not registered, please register first': '手机号未注册，请先注册',
+};

package/src/server/middlewares/check.ts

@@ -0,0 +1,11 @@
+// TODO(usage): 拦截用户的处理暂时作为一个中间件导出，应用需要的时候可以直接使用这个中间件
+export function check(options) {
+  return async function check(ctx, next) {
+    const { currentUser } = ctx.state;
+
+    if (!currentUser) {
+      return ctx.throw(401, 'Unauthorized');
+    }
+    return next();
+  };
+}

package/src/server/middlewares/index.ts

@@ -0,0 +1,2 @@
+export { check } from './check';
+export { parseToken } from './parseToken';

package/src/server/middlewares/parseToken.ts

@@ -0,0 +1,41 @@
+import { Context, Next } from '@nocobase/actions';
+
+export async function parseToken(ctx: Context, next: Next) {
+  const user = await findUserByToken(ctx);
+  if (user) {
+    ctx.state.currentUser = user;
+  }
+  return next();
+}
+
+async function findUserByToken(ctx: Context) {
+  const token = ctx.getBearerToken();
+  if (!token) {
+    return null;
+  }
+  const { jwtService } = ctx.app.getPlugin('users');
+  try {
+    const { userId } = await jwtService.decode(token);
+    const collection = ctx.db.getCollection('users');
+    ctx.state.currentUserAppends = ctx.state.currentUserAppends || [];
+    for (const [, field] of collection.fields) {
+      if (field.type === 'belongsTo') {
+        ctx.state.currentUserAppends.push(field.name);
+      }
+    }
+
+    const user = await ctx.db.getRepository('users').findOne({
+      appends: ctx.state.currentUserAppends,
+      filter: {
+        id: userId,
+      },
+    });
+
+    ctx.logger.info(`Current user id: ${userId}`);
+    return user;
+  } catch (error) {
+    console.log(error);
+    ctx.logger.error(error);
+    return null;
+  }
+}

package/src/server/migrations/20220818072639-add-users-phone.ts

@@ -0,0 +1,39 @@
+import { Migration } from '@nocobase/server';
+
+export default class AddUsersPhoneMigration extends Migration {
+  async up() {
+    const match = await this.app.version.satisfies('<=0.7.4-alpha.7');
+    if (!match) {
+      return;
+    }
+    const Field = this.context.db.getRepository('fields');
+    const existed = await Field.count({
+      filter: {
+        name: 'phone',
+        collectionName: 'users',
+      },
+    });
+    if (!existed) {
+      await Field.create({
+        values: {
+          name: 'phone',
+          collectionName: 'users',
+          type: 'string',
+          unique: true,
+          interface: 'phone',
+          uiSchema: {
+            type: 'string',
+            title: '{{t("Phone")}}',
+            'x-component': 'Input',
+            'x-validator': 'phone',
+            require: true,
+          },
+        },
+        // NOTE: to trigger hook
+        context: {},
+      });
+    }
+  }
+
+  async down() {}
+}

package/src/server/server.ts

@@ -0,0 +1,253 @@
+import { Collection, Op } from '@nocobase/database';
+import { HandlerType } from '@nocobase/resourcer';
+import { Plugin } from '@nocobase/server';
+import { Registry, parse } from '@nocobase/utils';
+import { resolve } from 'path';
+
+import { namespace } from './';
+import * as actions from './actions/users';
+import initAuthenticators from './authenticators';
+import { JwtOptions, JwtService } from './jwt-service';
+import { enUS, zhCN } from './locale';
+import { parseToken } from './middlewares';
+
+export interface UserPluginConfig {
+  name?: string;
+  jwt: JwtOptions;
+}
+
+export default class UsersPlugin extends Plugin<UserPluginConfig> {
+  public jwtService: JwtService;
+
+  public authenticators: Registry<HandlerType> = new Registry();
+
+  constructor(app, options) {
+    super(app, options);
+    this.jwtService = new JwtService(options?.jwt || {});
+  }
+
+  async beforeLoad() {
+    this.app.i18n.addResources('zh-CN', namespace, zhCN);
+    this.app.i18n.addResources('en-US', namespace, enUS);
+    const cmd = this.app.findCommand('install');
+    if (cmd) {
+      cmd.requiredOption('-e, --root-email <rootEmail>', '', process.env.INIT_ROOT_EMAIL);
+      cmd.requiredOption('-p, --root-password <rootPassword>', '', process.env.INIT_ROOT_PASSWORD);
+      cmd.option('-n, --root-nickname <rootNickname>');
+    }
+    this.db.registerOperators({
+      $isCurrentUser(_, ctx) {
+        return {
+          [Op.eq]: ctx?.app?.ctx?.state?.currentUser?.id || -1,
+        };
+      },
+      $isNotCurrentUser(_, ctx) {
+        return {
+          [Op.ne]: ctx?.app?.ctx?.state?.currentUser?.id || -1,
+        };
+      },
+      $isVar(val, ctx) {
+        const obj = parse({ val: `{{${val}}}` })(JSON.parse(JSON.stringify(ctx?.app?.ctx?.state)));
+        return {
+          [Op.eq]: obj.val,
+        };
+      },
+    });
+
+    this.db.on('afterDefineCollection', (collection: Collection) => {
+      const { createdBy, updatedBy } = collection.options;
+      if (createdBy === true) {
+        collection.setField('createdById', {
+          type: 'context',
+          dataType: 'bigInt',
+          dataIndex: 'state.currentUser.id',
+          createOnly: true,
+          visible: true,
+          index: true,
+        });
+        collection.setField('createdBy', {
+          type: 'belongsTo',
+          target: 'users',
+          foreignKey: 'createdById',
+          targetKey: 'id',
+        });
+      }
+      if (updatedBy === true) {
+        collection.setField('updatedById', {
+          type: 'context',
+          dataType: 'bigInt',
+          dataIndex: 'state.currentUser.id',
+          visible: true,
+          index: true,
+        });
+        collection.setField('updatedBy', {
+          type: 'belongsTo',
+          target: 'users',
+          foreignKey: 'updatedById',
+          targetKey: 'id',
+        });
+      }
+    });
+
+    for (const [key, action] of Object.entries(actions)) {
+      this.app.resourcer.registerActionHandler(`users:${key}`, action);
+    }
+
+    // this.app.resourcer.use(parseToken, { tag: 'parseToken' });
+
+    this.app.acl.addFixedParams('users', 'destroy', () => {
+      return {
+        filter: {
+          'id.$ne': 1,
+        },
+      };
+    });
+
+    this.app.acl.addFixedParams('collections', 'destroy', () => {
+      return {
+        filter: {
+          'name.$ne': 'users',
+        },
+      };
+    });
+
+    const publicActions = ['check', 'signin', 'signup', 'lostpassword', 'resetpassword', 'getUserByResetToken'];
+    const loggedInActions = ['signout', 'updateProfile', 'changePassword'];
+
+    publicActions.forEach((action) => this.app.acl.allow('users', action));
+    loggedInActions.forEach((action) => this.app.acl.allow('users', action, 'loggedIn'));
+
+    this.app.on('beforeStart', () => this.initVerification());
+  }
+
+  async load() {
+    await this.db.import({
+      directory: resolve(__dirname, 'collections'),
+    });
+
+    this.db.addMigrations({
+      namespace: 'users',
+      directory: resolve(__dirname, 'migrations'),
+      context: {
+        plugin: this,
+      },
+    });
+
+    initAuthenticators(this);
+  }
+
+  getInstallingData(options: any = {}) {
+    const { INIT_ROOT_NICKNAME, INIT_ROOT_PASSWORD, INIT_ROOT_EMAIL } = process.env;
+    const {
+      rootEmail = INIT_ROOT_EMAIL,
+      rootPassword = INIT_ROOT_PASSWORD,
+      rootNickname = INIT_ROOT_NICKNAME || 'Super Admin',
+    } = options.users || options?.cliArgs?.[0] || {};
+    return {
+      rootEmail,
+      rootPassword,
+      rootNickname,
+    };
+  }
+
+  async install(options) {
+    const { rootNickname, rootPassword, rootEmail } = this.getInstallingData(options);
+    const User = this.db.getCollection('users');
+    if (await User.repository.findOne({ filter: { email: rootEmail } })) {
+      return;
+    }
+
+    const user = await User.repository.create({
+      values: {
+        email: rootEmail,
+        password: rootPassword,
+        nickname: rootNickname,
+      },
+    });
+
+    const repo = this.db.getRepository<any>('collections');
+    if (repo) {
+      await repo.db2cm('users');
+    }
+  }
+
+  // TODO(module): should move to preset or dynamic configuration panel
+  async initVerification() {
+    const verificationPlugin = this.app.getPlugin('verification') as any;
+    if (!verificationPlugin) {
+      return;
+    }
+    const systemSettingsRepo = this.db.getRepository('systemSettings');
+    const settings = await systemSettingsRepo.findOne();
+    if (!settings.smsAuthEnabled) {
+      return;
+    }
+
+    verificationPlugin.interceptors.register('users:signin', {
+      manual: true,
+      getReceiver(ctx) {
+        return ctx.action.params.values.phone;
+      },
+      expiresIn: 120,
+      validate: async (ctx, phone) => {
+        if (!phone) {
+          throw new Error(ctx.t('Not a valid cellphone number, please re-enter'));
+        }
+        const User = this.db.getCollection('users');
+        const exists = await User.model.count({
+          where: {
+            phone,
+          },
+        });
+        if (!exists) {
+          throw new Error(ctx.t('The phone number is not registered, please register first', { ns: namespace }));
+        }
+
+        return true;
+      },
+    });
+
+    verificationPlugin.interceptors.register('users:signup', {
+      getReceiver(ctx) {
+        return ctx.action.params.values.phone;
+      },
+      expiresIn: 120,
+      validate: async (ctx, phone) => {
+        if (!phone) {
+          throw new Error(ctx.t('Not a valid cellphone number, please re-enter', { ns: namespace }));
+        }
+        const User = this.db.getCollection('users');
+        const exists = await User.model.count({
+          where: {
+            phone,
+          },
+        });
+        if (exists) {
+          throw new Error(ctx.t('The phone number has been registered, please login directly', { ns: namespace }));
+        }
+
+        return true;
+      },
+    });
+
+    this.authenticators.register('sms', (ctx, next) =>
+      verificationPlugin.intercept(ctx, async () => {
+        const { values } = ctx.action.params;
+
+        const User = ctx.db.getCollection('users');
+        const user = await User.model.findOne({
+          where: {
+            phone: values.phone,
+          },
+        });
+        if (!user) {
+          return ctx.throw(404, ctx.t('The phone number is incorrect, please re-enter', { ns: namespace }));
+        }
+
+        ctx.state.currentUser = user;
+
+        return next();
+      }),
+    );
+  }
+}