@nocobase/plugin-verification 1.7.0-beta.8 → 1.7.0-beta.9

package/dist/server/otp-verification/sms/resource/sms-otp-providers.js

@@ -0,0 +1,41 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sms_otp_providers_exports = {};
+__export(sms_otp_providers_exports, {
+  default: () => sms_otp_providers_default
+});
+module.exports = __toCommonJS(sms_otp_providers_exports);
+var sms_otp_providers_default = {
+  name: "smsOTPProviders",
+  actions: {
+    list: async (ctx, next) => {
+      const plugin = ctx.app.pm.get("verification");
+      ctx.body = plugin.smsOTPProviderManager.listProviders();
+      await next();
+    }
+  }
+};

package/dist/server/otp-verification/sms/resource/sms-otp.d.ts

@@ -0,0 +1,18 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context, Next } from '@nocobase/actions';
+declare function create(ctx: Context, next: Next): Promise<any>;
+declare const _default: {
+    name: string;
+    actions: {
+        create: typeof create;
+        publicCreate: typeof create;
+    };
+};
+export default _default;

package/dist/server/otp-verification/sms/resource/sms-otp.js

@@ -0,0 +1,141 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sms_otp_exports = {};
+__export(sms_otp_exports, {
+  default: () => sms_otp_default
+});
+module.exports = __toCommonJS(sms_otp_exports);
+var import_dayjs = __toESM(require("dayjs"));
+var import_crypto = require("crypto");
+var import_util = require("util");
+var import_constants = require("../../../constants");
+var import__2 = require("../../..");
+const asyncRandomInt = (0, import_util.promisify)(import_crypto.randomInt);
+async function create(ctx, next) {
+  var _a;
+  const { action: actionName, verificator: verificatorName } = ((_a = ctx.action.params) == null ? void 0 : _a.values) || {};
+  const plugin = ctx.app.getPlugin("verification");
+  const verificationManager = plugin.verificationManager;
+  const action = verificationManager.actions.get(actionName);
+  if (!action) {
+    return ctx.throw(400, "Invalid action type");
+  }
+  if (!verificatorName) {
+    return ctx.throw(400, "Invalid verificator");
+  }
+  const verificator = await ctx.db.getRepository("verificators").findOne({
+    filter: {
+      name: verificatorName
+    }
+  });
+  if (!verificator) {
+    return ctx.throw(400, "Invalid verificator");
+  }
+  const Verification = verificationManager.getVerification(verificator.verificationType);
+  const verification = new Verification({
+    ctx,
+    verificator,
+    options: verificator.options
+  });
+  const provider = await verification.getProvider();
+  if (!provider) {
+    ctx.log.error(`[verification] no provider for action (${actionName}) provided`);
+    return ctx.throw(500, "Invalid provider");
+  }
+  const { boundInfo } = await verificationManager.getAndValidateBoundInfo(ctx, action, verification);
+  const { uuid: receiver } = boundInfo;
+  const record = await ctx.db.getRepository("otpRecords").findOne({
+    filter: {
+      action: actionName,
+      receiver,
+      status: import_constants.CODE_STATUS_UNUSED,
+      expiresAt: {
+        $dateAfter: /* @__PURE__ */ new Date()
+      }
+    }
+  });
+  if (record) {
+    const seconds = (0, import_dayjs.default)(record.get("expiresAt")).diff((0, import_dayjs.default)(), "seconds");
+    return ctx.throw(429, {
+      code: "RateLimit",
+      message: ctx.t("Please don't retry in {{time}} seconds", { time: seconds, ns: import__2.namespace })
+    });
+  }
+  const code = (await asyncRandomInt(999999)).toString(10).padStart(6, "0");
+  try {
+    await provider.send(receiver, { code });
+  } catch (error) {
+    switch (error.name) {
+      case "InvalidReceiver":
+        return ctx.throw(400, {
+          code: "InvalidReceiver",
+          message: ctx.t("Not a valid cellphone number, please re-enter", { ns: import__2.namespace })
+        });
+      case "RateLimit":
+        return ctx.throw(429, ctx.t("You are trying so frequently, please slow down", { ns: import__2.namespace }));
+      default:
+        ctx.log.error(error);
+        return ctx.throw(
+          500,
+          ctx.t("Verification send failed, please try later or contact to administrator", { ns: import__2.namespace })
+        );
+    }
+  }
+  const result = await ctx.db.getRepository("otpRecords").create({
+    values: {
+      id: (0, import_crypto.randomUUID)(),
+      action: actionName,
+      receiver,
+      code,
+      expiresAt: Date.now() + (verification.expiresIn ?? 60) * 1e3,
+      status: import_constants.CODE_STATUS_UNUSED,
+      verificatorName
+    }
+  });
+  ctx.body = {
+    id: result.id,
+    expiresAt: result.expiresAt
+  };
+  return next();
+}
+var sms_otp_default = {
+  name: "smsOTP",
+  actions: {
+    create,
+    publicCreate: create
+  }
+};

package/dist/server/verification-manager.d.ts

@@ -0,0 +1,68 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Registry } from '@nocobase/utils';
+import { Verification, VerificationExtend } from './verification';
+import { Context, Next } from '@nocobase/actions';
+import { Database } from '@nocobase/database';
+export type VerificationTypeOptions = {
+    title: string;
+    description?: string;
+    bindingRequired?: boolean;
+    verification: VerificationExtend<Verification>;
+};
+type SceneRule = (scene: string, verificationType: string) => boolean;
+export interface ActionOptions {
+    manual?: boolean;
+    getUserIdFromCtx?(ctx: Context): number | Promise<number>;
+    getBoundInfoFromCtx?(ctx: Context): any | Promise<any>;
+    getVerifyParams?(ctx: Context): any | Promise<any>;
+    onVerifySuccess?(ctx: Context, userId: number, verifyResult: any): any | Promise<any>;
+    onVerifyFail?(ctx: Context, err: Error, userId: number): any | Promise<any>;
+}
+export interface SceneOptions {
+    actions: {
+        [key: string]: ActionOptions;
+    };
+    getVerificators?(ctx: Context): Promise<string[]>;
+}
+export declare class VerificationManager {
+    db: Database;
+    verificationTypes: Registry<VerificationTypeOptions>;
+    scenes: Registry<SceneOptions>;
+    sceneRules: SceneRule[];
+    actions: Registry<ActionOptions & {
+        scene?: string;
+    }>;
+    constructor({ db }: {
+        db: any;
+    });
+    registerVerificationType(type: string, options: VerificationTypeOptions): void;
+    listTypes(): {
+        name: string;
+        title: string;
+    }[];
+    addSceneRule(rule: SceneRule): void;
+    registerAction(action: string, options: ActionOptions): void;
+    registerScene(scene: string, options: SceneOptions): void;
+    getVerificationTypesByScene(scene: string): any[];
+    getVerification(type: string): VerificationExtend<Verification>;
+    getVerificator(verificatorName: string): Promise<any>;
+    getVerificators(verificatorNames: string[]): Promise<any>;
+    getBoundRecord(userId: number, verificator: string): Promise<any>;
+    getAndValidateBoundInfo(ctx: Context, action: ActionOptions, verification: Verification): Promise<{
+        boundInfo: {
+            uuid: string;
+        };
+        userId: number;
+    }>;
+    private validateAndGetVerificator;
+    verify(ctx: Context, next: Next): Promise<void>;
+    middleware(): (ctx: Context, next: Next) => Promise<any>;
+}
+export {};

package/dist/server/verification-manager.js

@@ -0,0 +1,223 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var verification_manager_exports = {};
+__export(verification_manager_exports, {
+  VerificationManager: () => VerificationManager
+});
+module.exports = __toCommonJS(verification_manager_exports);
+var import_utils = require("@nocobase/utils");
+class VerificationManager {
+  db;
+  verificationTypes = new import_utils.Registry();
+  scenes = new import_utils.Registry();
+  sceneRules = new Array();
+  actions = new import_utils.Registry();
+  constructor({ db }) {
+    this.db = db;
+  }
+  registerVerificationType(type, options) {
+    this.verificationTypes.register(type, options);
+  }
+  listTypes() {
+    return Array.from(this.verificationTypes.getEntities()).map(([verificationType, options]) => ({
+      name: verificationType,
+      title: options.title
+    }));
+  }
+  addSceneRule(rule) {
+    this.sceneRules.push(rule);
+  }
+  registerAction(action, options) {
+    this.actions.register(action, options);
+  }
+  registerScene(scene, options) {
+    this.scenes.register(scene, options);
+    const { actions } = options;
+    for (const [action, actionOptions] of Object.entries(actions)) {
+      this.actions.register(action, {
+        ...actionOptions,
+        scene
+      });
+    }
+  }
+  getVerificationTypesByScene(scene) {
+    const verificationTypes = [];
+    for (const [type, options] of this.verificationTypes.getEntities()) {
+      const item = { type, title: options.title };
+      if (this.sceneRules.some((rule) => rule(scene, type))) {
+        verificationTypes.push(item);
+      }
+    }
+    return verificationTypes;
+  }
+  getVerification(type) {
+    const verificationType = this.verificationTypes.get(type);
+    if (!verificationType) {
+      throw new Error(`Invalid verification type: ${type}`);
+    }
+    return verificationType.verification;
+  }
+  async getVerificator(verificatorName) {
+    return await this.db.getRepository("verificators").findOne({
+      filter: {
+        name: verificatorName
+      }
+    });
+  }
+  async getVerificators(verificatorNames) {
+    return await this.db.getRepository("verificators").find({
+      filter: {
+        name: verificatorNames
+      }
+    });
+  }
+  async getBoundRecord(userId, verificator) {
+    return await this.db.getRepository("usersVerificators").findOne({
+      filter: {
+        userId,
+        verificator
+      }
+    });
+  }
+  async getAndValidateBoundInfo(ctx, action, verification) {
+    var _a, _b;
+    let userId;
+    let boundInfo;
+    if (action.getBoundInfoFromCtx) {
+      boundInfo = await action.getBoundInfoFromCtx(ctx);
+    } else {
+      if (action.getUserIdFromCtx) {
+        userId = await action.getUserIdFromCtx(ctx);
+      } else {
+        userId = (_b = (_a = ctx.auth) == null ? void 0 : _a.user) == null ? void 0 : _b.id;
+      }
+      if (!userId) {
+        ctx.throw(400, "Invalid user id");
+      }
+      boundInfo = await verification.getBoundInfo(userId);
+    }
+    await verification.validateBoundInfo(boundInfo);
+    return { boundInfo, userId };
+  }
+  async validateAndGetVerificator(ctx, scene, verificatorName) {
+    let verificator;
+    if (!verificatorName) {
+      return null;
+    }
+    if (scene) {
+      const sceneOptions = this.scenes.get(scene);
+      if (sceneOptions.getVerificators) {
+        const verificators = await sceneOptions.getVerificators(ctx);
+        if (!verificators.includes(verificatorName)) {
+          return null;
+        }
+        verificator = await this.getVerificator(verificatorName);
+        if (!verificator) {
+          return null;
+        }
+      } else {
+        const verificationTypes = this.getVerificationTypesByScene(scene);
+        const verificators = await this.db.getRepository("verificators").find({
+          filter: {
+            verificationType: verificationTypes.map((item) => item.type)
+          }
+        });
+        verificator = verificators.find((item) => item.name === verificatorName);
+        if (!verificator) {
+          return null;
+        }
+      }
+    } else {
+      verificator = await this.getVerificator(verificatorName);
+      if (!verificator) {
+        return null;
+      }
+    }
+    return verificator;
+  }
+  // verify manually
+  async verify(ctx, next) {
+    var _a, _b;
+    const { resourceName, actionName } = ctx.action;
+    const key = `${resourceName}:${actionName}`;
+    const action = this.actions.get(key);
+    if (!action) {
+      ctx.throw(400, "Invalid action");
+    }
+    const { verificator: verificatorName } = ctx.action.params.values || {};
+    const verificator = await this.validateAndGetVerificator(ctx, action.scene, verificatorName);
+    if (!verificator) {
+      ctx.throw(400, "Invalid verificator");
+    }
+    const verifyParams = action.getVerifyParams ? await action.getVerifyParams(ctx) : ctx.action.params.values;
+    if (!verifyParams) {
+      ctx.throw(400, "Invalid verify params");
+    }
+    const plugin = ctx.app.pm.get("verification");
+    const verificationManager = plugin.verificationManager;
+    const Verification2 = verificationManager.getVerification(verificator.verificationType);
+    const verification = new Verification2({ ctx, verificator, options: verificator.options });
+    const { boundInfo, userId } = await this.getAndValidateBoundInfo(ctx, action, verification);
+    try {
+      const verifyResult = await verification.verify({
+        resource: resourceName,
+        action: actionName,
+        userId,
+        boundInfo,
+        verifyParams
+      });
+      try {
+        await ((_a = action.onVerifySuccess) == null ? void 0 : _a.call(action, ctx, userId, verifyResult));
+        await next();
+      } catch (err) {
+        ctx.log.error(err, { module: "verification", method: "verify" });
+        throw err;
+      } finally {
+        await verification.onActionComplete({ userId, verifyResult });
+      }
+    } catch (err) {
+      await ((_b = action.onVerifyFail) == null ? void 0 : _b.call(action, ctx, err, userId));
+      throw err;
+    }
+  }
+  middleware() {
+    const self = this;
+    return async function verificationMiddleware(ctx, next) {
+      const { resourceName, actionName } = ctx.action;
+      const key = `${resourceName}:${actionName}`;
+      const action = self.actions.get(key);
+      if (!action || action.manual) {
+        return next();
+      }
+      return self.verify(ctx, next);
+    };
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  VerificationManager
+});

package/dist/server/verification.d.ts

@@ -0,0 +1,70 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context } from '@nocobase/actions';
+import { Model } from '@nocobase/database';
+export interface IVerification {
+    verify(options: {
+        resource: string;
+        action: string;
+        userId: number;
+        boundInfo: any;
+        verifyParams?: any;
+    }): Promise<any>;
+    onActionComplete?(options: {
+        userId: number;
+        verifyResult: any;
+    }): Promise<any>;
+    getBoundInfo?(userId: number): Promise<any>;
+    getPublicBoundInfo?(userId: number): Promise<{
+        bound: boolean;
+        publicInfo?: any;
+    }>;
+    validateBoundInfo?(boundInfo: string): Promise<boolean>;
+    bind?(userId: number, resource?: string, action?: string): Promise<{
+        uuid: string;
+        meta?: any;
+    }>;
+}
+export declare abstract class Verification implements IVerification {
+    verificator: Model;
+    protected ctx: Context;
+    protected options: Record<string, any>;
+    constructor({ ctx, verificator, options }: {
+        ctx: any;
+        verificator: any;
+        options: any;
+    });
+    get throughRepo(): import("@nocobase/database").Repository<any, any>;
+    abstract verify({ resource, action, userId, boundInfo, verifyParams }: {
+        resource: any;
+        action: any;
+        userId: any;
+        boundInfo: any;
+        verifyParams: any;
+    }): Promise<any>;
+    onActionComplete(options: {
+        userId: number;
+        verifyResult: any;
+    }): Promise<any>;
+    bind(userId: number, resource?: string, action?: string): Promise<{
+        uuid: string;
+        meta?: any;
+    }>;
+    getBoundInfo(userId: number): Promise<any>;
+    getPublicBoundInfo(userId: number): Promise<{
+        bound: boolean;
+        publicInfo?: any;
+    }>;
+    validateBoundInfo(boundInfo: any): Promise<boolean>;
+}
+export type VerificationExtend<T extends Verification> = new ({ ctx, verificator, options }: {
+    ctx: any;
+    verificator: any;
+    options: any;
+}) => T;

package/dist/server/verification.js

@@ -0,0 +1,70 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var verification_exports = {};
+__export(verification_exports, {
+  Verification: () => Verification
+});
+module.exports = __toCommonJS(verification_exports);
+class Verification {
+  verificator;
+  ctx;
+  options;
+  constructor({ ctx, verificator, options }) {
+    this.ctx = ctx;
+    this.verificator = verificator;
+    this.options = options;
+  }
+  get throughRepo() {
+    return this.ctx.db.getRepository("usersVerificators");
+  }
+  async onActionComplete(options) {
+  }
+  async bind(userId, resource, action) {
+    throw new Error("Not implemented");
+  }
+  async getBoundInfo(userId) {
+    return this.throughRepo.findOne({
+      filter: {
+        verificator: this.verificator.name,
+        userId
+      }
+    });
+  }
+  async getPublicBoundInfo(userId) {
+    const boundInfo = await this.getBoundInfo(userId);
+    return {
+      bound: boundInfo ? true : false
+    };
+  }
+  async validateBoundInfo(boundInfo) {
+    return true;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Verification
+});

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@nocobase/plugin-verification",
   "displayName": "Verification",
-  "displayName.zh-CN": "验证码",
-  "description": "verification setting.",
-  "description.zh-CN": "验证码配置。",
-  "version": "1.7.0-beta.8",
+  "displayName.zh-CN": "验证",
+  "description": "User identity verification management, including SMS, TOTP authenticator, with extensibility.",
+  "description.zh-CN": "用户身份验证管理，包含短信、TOTP 认证器等，可扩展。",
+  "version": "1.7.0-beta.9",
   "license": "AGPL-3.0",
   "main": "./dist/server/index.js",
   "homepage": "https://docs.nocobase.com/handbook/verification",
@@ -31,8 +31,10 @@
     "@nocobase/test": "1.x",
     "@nocobase/utils": "1.x"
   },
-  "gitHead": "9ad35ee90db98d95dfa660645d155f4f4e81b47c",
+  "gitHead": "7013a5080f3695d7750ab21005c90d2172c16480",
   "keywords": [
-    "Authentication"
+    "Authentication",
+    "Verification",
+    "Security"
   ]
 }