@nocobase/plugin-verification 1.7.0-beta.8 → 1.8.0-beta.1

package/dist/server/{providers → otp-verification/sms/providers}/sms-aliyun.d.ts

@@ -7,9 +7,9 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 import DysmsApi from '@alicloud/dysmsapi20170525';
-import { Provider } from './Provider';
-export default class extends Provider {
+import { SMSProvider } from '.';
+export default class extends SMSProvider {
     client: DysmsApi;
-    constructor(plugin: any, options: any);
+    constructor(options: any);
     send(phoneNumbers: any, data?: {}): Promise<never>;
 }

package/dist/server/{providers → otp-verification/sms/providers}/sms-aliyun.js

@@ -42,11 +42,11 @@ module.exports = __toCommonJS(sms_aliyun_exports);
 var import_dysmsapi20170525 = __toESM(require("@alicloud/dysmsapi20170525"));
 var OpenApi = __toESM(require("@alicloud/openapi-client"));
 var import_tea_util = require("@alicloud/tea-util");
-var import_Provider = require("./Provider");
-class sms_aliyun_default extends import_Provider.Provider {
+var import__ = require(".");
+class sms_aliyun_default extends import__.SMSProvider {
   client;
-  constructor(plugin, options) {
-    super(plugin, options);
+  constructor(options) {
+    super(options);
     const { accessKeyId, accessKeySecret, endpoint } = this.options;
     const config = new OpenApi.Config({
       // 您的 AccessKey ID

package/dist/server/{providers → otp-verification/sms/providers}/sms-tencent.d.ts

@@ -6,11 +6,11 @@
  * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
-import { Provider } from './Provider';
+import { SMSProvider } from '.';
 declare const smsClient: typeof import("tencentcloud-sdk-nodejs/tencentcloud/services/sms/v20210111/sms_client").Client;
-export default class extends Provider {
+export default class extends SMSProvider {
     client: InstanceType<typeof smsClient>;
-    constructor(plugin: any, options: any);
+    constructor(options: any);
     send(phoneNumbers: any, data: {
         code: string;
     }): Promise<string>;

package/dist/server/{providers → otp-verification/sms/providers}/sms-tencent.js

@@ -40,12 +40,12 @@ __export(sms_tencent_exports, {
 });
 module.exports = __toCommonJS(sms_tencent_exports);
 var tencentcloud = __toESM(require("tencentcloud-sdk-nodejs"));
-var import_Provider = require("./Provider");
+var import__ = require(".");
 const smsClient = tencentcloud.sms.v20210111.Client;
-class sms_tencent_default extends import_Provider.Provider {
+class sms_tencent_default extends import__.SMSProvider {
   client;
-  constructor(plugin, options) {
-    super(plugin, options);
+  constructor(options) {
+    super(options);
     const { secretId, secretKey, region, endpoint } = this.options;
     this.client = new smsClient({
       credential: {

package/dist/server/otp-verification/sms/resource/sms-otp-providers.d.ts

@@ -0,0 +1,16 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context, Next } from '@nocobase/actions';
+declare const _default: {
+    name: string;
+    actions: {
+        list: (ctx: Context, next: Next) => Promise<void>;
+    };
+};
+export default _default;

package/dist/server/otp-verification/sms/resource/sms-otp-providers.js

@@ -0,0 +1,41 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sms_otp_providers_exports = {};
+__export(sms_otp_providers_exports, {
+  default: () => sms_otp_providers_default
+});
+module.exports = __toCommonJS(sms_otp_providers_exports);
+var sms_otp_providers_default = {
+  name: "smsOTPProviders",
+  actions: {
+    list: async (ctx, next) => {
+      const plugin = ctx.app.pm.get("verification");
+      ctx.body = plugin.smsOTPProviderManager.listProviders();
+      await next();
+    }
+  }
+};

package/dist/server/otp-verification/sms/resource/sms-otp.d.ts

@@ -0,0 +1,18 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context, Next } from '@nocobase/actions';
+declare function create(ctx: Context, next: Next): Promise<any>;
+declare const _default: {
+    name: string;
+    actions: {
+        create: typeof create;
+        publicCreate: typeof create;
+    };
+};
+export default _default;

package/dist/server/otp-verification/sms/resource/sms-otp.js

@@ -0,0 +1,141 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sms_otp_exports = {};
+__export(sms_otp_exports, {
+  default: () => sms_otp_default
+});
+module.exports = __toCommonJS(sms_otp_exports);
+var import_dayjs = __toESM(require("dayjs"));
+var import_crypto = require("crypto");
+var import_util = require("util");
+var import_constants = require("../../../constants");
+var import__2 = require("../../..");
+const asyncRandomInt = (0, import_util.promisify)(import_crypto.randomInt);
+async function create(ctx, next) {
+  var _a;
+  const { action: actionName, verifier: verifierName } = ((_a = ctx.action.params) == null ? void 0 : _a.values) || {};
+  const plugin = ctx.app.getPlugin("verification");
+  const verificationManager = plugin.verificationManager;
+  const action = verificationManager.actions.get(actionName);
+  if (!action) {
+    return ctx.throw(400, "Invalid action type");
+  }
+  if (!verifierName) {
+    return ctx.throw(400, "Invalid verifier");
+  }
+  const verifier = await ctx.db.getRepository("verifiers").findOne({
+    filter: {
+      name: verifierName
+    }
+  });
+  if (!verifier) {
+    return ctx.throw(400, "Invalid verifier");
+  }
+  const Verification = verificationManager.getVerification(verifier.verificationType);
+  const verification = new Verification({
+    ctx,
+    verifier,
+    options: verifier.options
+  });
+  const provider = await verification.getProvider();
+  if (!provider) {
+    ctx.log.error(`[verification] no provider for action (${actionName}) provided`);
+    return ctx.throw(500, "Invalid provider");
+  }
+  const { boundInfo } = await verificationManager.getAndValidateBoundInfo(ctx, action, verification);
+  const { uuid: receiver } = boundInfo;
+  const record = await ctx.db.getRepository("otpRecords").findOne({
+    filter: {
+      action: actionName,
+      receiver,
+      status: import_constants.CODE_STATUS_UNUSED,
+      expiresAt: {
+        $dateAfter: /* @__PURE__ */ new Date()
+      }
+    }
+  });
+  if (record) {
+    const seconds = (0, import_dayjs.default)(record.get("expiresAt")).diff((0, import_dayjs.default)(), "seconds");
+    return ctx.throw(429, {
+      code: "RateLimit",
+      message: ctx.t("Please don't retry in {{time}} seconds", { time: seconds, ns: import__2.namespace })
+    });
+  }
+  const code = (await asyncRandomInt(999999)).toString(10).padStart(6, "0");
+  try {
+    await provider.send(receiver, { code });
+  } catch (error) {
+    switch (error.name) {
+      case "InvalidReceiver":
+        return ctx.throw(400, {
+          code: "InvalidReceiver",
+          message: ctx.t("Not a valid cellphone number, please re-enter", { ns: import__2.namespace })
+        });
+      case "RateLimit":
+        return ctx.throw(429, ctx.t("You are trying so frequently, please slow down", { ns: import__2.namespace }));
+      default:
+        ctx.log.error(error);
+        return ctx.throw(
+          500,
+          ctx.t("Verification send failed, please try later or contact to administrator", { ns: import__2.namespace })
+        );
+    }
+  }
+  const result = await ctx.db.getRepository("otpRecords").create({
+    values: {
+      id: (0, import_crypto.randomUUID)(),
+      action: actionName,
+      receiver,
+      code,
+      expiresAt: Date.now() + (verification.expiresIn ?? 60) * 1e3,
+      status: import_constants.CODE_STATUS_UNUSED,
+      verifierName
+    }
+  });
+  ctx.body = {
+    id: result.id,
+    expiresAt: result.expiresAt
+  };
+  return next();
+}
+var sms_otp_default = {
+  name: "smsOTP",
+  actions: {
+    create,
+    publicCreate: create
+  }
+};

package/dist/server/verification-manager.d.ts

@@ -0,0 +1,68 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Registry } from '@nocobase/utils';
+import { Verification, VerificationExtend } from './verification';
+import { Context, Next } from '@nocobase/actions';
+import { Database } from '@nocobase/database';
+export type VerificationTypeOptions = {
+    title: string;
+    description?: string;
+    bindingRequired?: boolean;
+    verification: VerificationExtend<Verification>;
+};
+type SceneRule = (scene: string, verificationType: string) => boolean;
+export interface ActionOptions {
+    manual?: boolean;
+    getUserIdFromCtx?(ctx: Context): number | Promise<number>;
+    getBoundInfoFromCtx?(ctx: Context): any | Promise<any>;
+    getVerifyParams?(ctx: Context): any | Promise<any>;
+    onVerifySuccess?(ctx: Context, userId: number, verifyResult: any): any | Promise<any>;
+    onVerifyFail?(ctx: Context, err: Error, userId: number): any | Promise<any>;
+}
+export interface SceneOptions {
+    actions: {
+        [key: string]: ActionOptions;
+    };
+    getVerifiers?(ctx: Context): Promise<string[]>;
+}
+export declare class VerificationManager {
+    db: Database;
+    verificationTypes: Registry<VerificationTypeOptions>;
+    scenes: Registry<SceneOptions>;
+    sceneRules: SceneRule[];
+    actions: Registry<ActionOptions & {
+        scene?: string;
+    }>;
+    constructor({ db }: {
+        db: any;
+    });
+    registerVerificationType(type: string, options: VerificationTypeOptions): void;
+    listTypes(): {
+        name: string;
+        title: string;
+    }[];
+    addSceneRule(rule: SceneRule): void;
+    registerAction(action: string, options: ActionOptions): void;
+    registerScene(scene: string, options: SceneOptions): void;
+    getVerificationTypesByScene(scene: string): any[];
+    getVerification(type: string): VerificationExtend<Verification>;
+    getVerifier(verifierName: string): Promise<any>;
+    getVerifiers(verifierNames: string[]): Promise<any>;
+    getBoundRecord(userId: number, verifier: string): Promise<any>;
+    getAndValidateBoundInfo(ctx: Context, action: ActionOptions, verification: Verification): Promise<{
+        boundInfo: {
+            uuid: string;
+        };
+        userId: number;
+    }>;
+    private validateAndGetVerifier;
+    verify(ctx: Context, next: Next): Promise<void>;
+    middleware(): (ctx: Context, next: Next) => Promise<any>;
+}
+export {};

package/dist/server/verification-manager.js

@@ -0,0 +1,223 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var verification_manager_exports = {};
+__export(verification_manager_exports, {
+  VerificationManager: () => VerificationManager
+});
+module.exports = __toCommonJS(verification_manager_exports);
+var import_utils = require("@nocobase/utils");
+class VerificationManager {
+  db;
+  verificationTypes = new import_utils.Registry();
+  scenes = new import_utils.Registry();
+  sceneRules = new Array();
+  actions = new import_utils.Registry();
+  constructor({ db }) {
+    this.db = db;
+  }
+  registerVerificationType(type, options) {
+    this.verificationTypes.register(type, options);
+  }
+  listTypes() {
+    return Array.from(this.verificationTypes.getEntities()).map(([verificationType, options]) => ({
+      name: verificationType,
+      title: options.title
+    }));
+  }
+  addSceneRule(rule) {
+    this.sceneRules.push(rule);
+  }
+  registerAction(action, options) {
+    this.actions.register(action, options);
+  }
+  registerScene(scene, options) {
+    this.scenes.register(scene, options);
+    const { actions } = options;
+    for (const [action, actionOptions] of Object.entries(actions)) {
+      this.actions.register(action, {
+        ...actionOptions,
+        scene
+      });
+    }
+  }
+  getVerificationTypesByScene(scene) {
+    const verificationTypes = [];
+    for (const [type, options] of this.verificationTypes.getEntities()) {
+      const item = { type, title: options.title };
+      if (this.sceneRules.some((rule) => rule(scene, type))) {
+        verificationTypes.push(item);
+      }
+    }
+    return verificationTypes;
+  }
+  getVerification(type) {
+    const verificationType = this.verificationTypes.get(type);
+    if (!verificationType) {
+      throw new Error(`Invalid verification type: ${type}`);
+    }
+    return verificationType.verification;
+  }
+  async getVerifier(verifierName) {
+    return await this.db.getRepository("verifiers").findOne({
+      filter: {
+        name: verifierName
+      }
+    });
+  }
+  async getVerifiers(verifierNames) {
+    return await this.db.getRepository("verifiers").find({
+      filter: {
+        name: verifierNames
+      }
+    });
+  }
+  async getBoundRecord(userId, verifier) {
+    return await this.db.getRepository("usersVerifiers").findOne({
+      filter: {
+        userId,
+        verifier
+      }
+    });
+  }
+  async getAndValidateBoundInfo(ctx, action, verification) {
+    var _a, _b;
+    let userId;
+    let boundInfo;
+    if (action.getBoundInfoFromCtx) {
+      boundInfo = await action.getBoundInfoFromCtx(ctx);
+    } else {
+      if (action.getUserIdFromCtx) {
+        userId = await action.getUserIdFromCtx(ctx);
+      } else {
+        userId = (_b = (_a = ctx.auth) == null ? void 0 : _a.user) == null ? void 0 : _b.id;
+      }
+      if (!userId) {
+        ctx.throw(400, "Invalid user id");
+      }
+      boundInfo = await verification.getBoundInfo(userId);
+    }
+    await verification.validateBoundInfo(boundInfo);
+    return { boundInfo, userId };
+  }
+  async validateAndGetVerifier(ctx, scene, verifierName) {
+    let verifier;
+    if (!verifierName) {
+      return null;
+    }
+    if (scene) {
+      const sceneOptions = this.scenes.get(scene);
+      if (sceneOptions.getVerifiers) {
+        const verifiers = await sceneOptions.getVerifiers(ctx);
+        if (!verifiers.includes(verifierName)) {
+          return null;
+        }
+        verifier = await this.getVerifier(verifierName);
+        if (!verifier) {
+          return null;
+        }
+      } else {
+        const verificationTypes = this.getVerificationTypesByScene(scene);
+        const verifiers = await this.db.getRepository("verifiers").find({
+          filter: {
+            verificationType: verificationTypes.map((item) => item.type)
+          }
+        });
+        verifier = verifiers.find((item) => item.name === verifierName);
+        if (!verifier) {
+          return null;
+        }
+      }
+    } else {
+      verifier = await this.getVerifier(verifierName);
+      if (!verifier) {
+        return null;
+      }
+    }
+    return verifier;
+  }
+  // verify manually
+  async verify(ctx, next) {
+    var _a, _b;
+    const { resourceName, actionName } = ctx.action;
+    const key = `${resourceName}:${actionName}`;
+    const action = this.actions.get(key);
+    if (!action) {
+      ctx.throw(400, "Invalid action");
+    }
+    const { verifier: verifierName } = ctx.action.params.values || {};
+    const verifier = await this.validateAndGetVerifier(ctx, action.scene, verifierName);
+    if (!verifier) {
+      ctx.throw(400, "Invalid verifier");
+    }
+    const verifyParams = action.getVerifyParams ? await action.getVerifyParams(ctx) : ctx.action.params.values;
+    if (!verifyParams) {
+      ctx.throw(400, "Invalid verify params");
+    }
+    const plugin = ctx.app.pm.get("verification");
+    const verificationManager = plugin.verificationManager;
+    const Verification2 = verificationManager.getVerification(verifier.verificationType);
+    const verification = new Verification2({ ctx, verifier, options: verifier.options });
+    const { boundInfo, userId } = await this.getAndValidateBoundInfo(ctx, action, verification);
+    try {
+      const verifyResult = await verification.verify({
+        resource: resourceName,
+        action: actionName,
+        userId,
+        boundInfo,
+        verifyParams
+      });
+      try {
+        await ((_a = action.onVerifySuccess) == null ? void 0 : _a.call(action, ctx, userId, verifyResult));
+        await next();
+      } catch (err) {
+        ctx.log.error(err, { module: "verification", method: "verify" });
+        throw err;
+      } finally {
+        await verification.onActionComplete({ userId, verifyResult });
+      }
+    } catch (err) {
+      await ((_b = action.onVerifyFail) == null ? void 0 : _b.call(action, ctx, err, userId));
+      throw err;
+    }
+  }
+  middleware() {
+    const self = this;
+    return async function verificationMiddleware(ctx, next) {
+      const { resourceName, actionName } = ctx.action;
+      const key = `${resourceName}:${actionName}`;
+      const action = self.actions.get(key);
+      if (!action || action.manual) {
+        return next();
+      }
+      return self.verify(ctx, next);
+    };
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  VerificationManager
+});

package/dist/server/verification.d.ts

@@ -0,0 +1,70 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context } from '@nocobase/actions';
+import { Model } from '@nocobase/database';
+export interface IVerification {
+    verify(options: {
+        resource: string;
+        action: string;
+        userId: number;
+        boundInfo: any;
+        verifyParams?: any;
+    }): Promise<any>;
+    onActionComplete?(options: {
+        userId: number;
+        verifyResult: any;
+    }): Promise<any>;
+    getBoundInfo?(userId: number): Promise<any>;
+    getPublicBoundInfo?(userId: number): Promise<{
+        bound: boolean;
+        publicInfo?: any;
+    }>;
+    validateBoundInfo?(boundInfo: string): Promise<boolean>;
+    bind?(userId: number, resource?: string, action?: string): Promise<{
+        uuid: string;
+        meta?: any;
+    }>;
+}
+export declare abstract class Verification implements IVerification {
+    verifier: Model;
+    protected ctx: Context;
+    protected options: Record<string, any>;
+    constructor({ ctx, verifier, options }: {
+        ctx: any;
+        verifier: any;
+        options: any;
+    });
+    get throughRepo(): import("@nocobase/database").Repository<any, any>;
+    abstract verify({ resource, action, userId, boundInfo, verifyParams }: {
+        resource: any;
+        action: any;
+        userId: any;
+        boundInfo: any;
+        verifyParams: any;
+    }): Promise<any>;
+    onActionComplete(options: {
+        userId: number;
+        verifyResult: any;
+    }): Promise<any>;
+    bind(userId: number, resource?: string, action?: string): Promise<{
+        uuid: string;
+        meta?: any;
+    }>;
+    getBoundInfo(userId: number): Promise<any>;
+    getPublicBoundInfo(userId: number): Promise<{
+        bound: boolean;
+        publicInfo?: any;
+    }>;
+    validateBoundInfo(boundInfo: any): Promise<boolean>;
+}
+export type VerificationExtend<T extends Verification> = new ({ ctx, verifier, options }: {
+    ctx: any;
+    verifier: any;
+    options: any;
+}) => T;