@node-c/domain-iam 1.0.0-alpha3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -0
- package/README.md +4 -0
- package/dist/common/definitions/common.constants.d.ts +3 -0
- package/dist/common/definitions/common.constants.js +8 -0
- package/dist/common/definitions/common.constants.js.map +1 -0
- package/dist/common/definitions/index.d.ts +1 -0
- package/dist/common/definitions/index.js +18 -0
- package/dist/common/definitions/index.js.map +1 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.js +20 -0
- package/dist/index.js.map +1 -0
- package/dist/module/iam.definitions.d.ts +13 -0
- package/dist/module/iam.definitions.js +3 -0
- package/dist/module/iam.definitions.js.map +1 -0
- package/dist/module/iam.module.d.ts +5 -0
- package/dist/module/iam.module.js +28 -0
- package/dist/module/iam.module.js.map +1 -0
- package/dist/module/index.d.ts +2 -0
- package/dist/module/index.js +19 -0
- package/dist/module/index.js.map +1 -0
- package/dist/services/authentication/iam.authentication.definitions.d.ts +20 -0
- package/dist/services/authentication/iam.authentication.definitions.js +12 -0
- package/dist/services/authentication/iam.authentication.definitions.js.map +1 -0
- package/dist/services/authentication/iam.authentication.service.d.ts +8 -0
- package/dist/services/authentication/iam.authentication.service.js +26 -0
- package/dist/services/authentication/iam.authentication.service.js.map +1 -0
- package/dist/services/authentication/index.d.ts +2 -0
- package/dist/services/authentication/index.js +19 -0
- package/dist/services/authentication/index.js.map +1 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.d.ts +11 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.js +3 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.js.map +1 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.d.ts +10 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.js +60 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.js.map +1 -0
- package/dist/services/authenticationLocal/index.d.ts +2 -0
- package/dist/services/authenticationLocal/index.js +19 -0
- package/dist/services/authenticationLocal/index.js.map +1 -0
- package/dist/services/authorization/iam.authorization.definitions.d.ts +37 -0
- package/dist/services/authorization/iam.authorization.definitions.js +3 -0
- package/dist/services/authorization/iam.authorization.definitions.js.map +1 -0
- package/dist/services/authorization/iam.authorization.service.d.ts +16 -0
- package/dist/services/authorization/iam.authorization.service.js +222 -0
- package/dist/services/authorization/iam.authorization.service.js.map +1 -0
- package/dist/services/authorization/index.d.ts +2 -0
- package/dist/services/authorization/index.js +19 -0
- package/dist/services/authorization/index.js.map +1 -0
- package/dist/services/index.d.ts +5 -0
- package/dist/services/index.js +22 -0
- package/dist/services/index.js.map +1 -0
- package/dist/services/tokenManager/iam.tokenManager.definitions.d.ts +34 -0
- package/dist/services/tokenManager/iam.tokenManager.definitions.js +9 -0
- package/dist/services/tokenManager/iam.tokenManager.definitions.js.map +1 -0
- package/dist/services/tokenManager/iam.tokenManager.service.d.ts +14 -0
- package/dist/services/tokenManager/iam.tokenManager.service.js +202 -0
- package/dist/services/tokenManager/iam.tokenManager.service.js.map +1 -0
- package/dist/services/tokenManager/index.d.ts +2 -0
- package/dist/services/tokenManager/index.js +19 -0
- package/dist/services/tokenManager/index.js.map +1 -0
- package/dist/services/users/iam.users.definitions.d.ts +36 -0
- package/dist/services/users/iam.users.definitions.js +8 -0
- package/dist/services/users/iam.users.definitions.js.map +1 -0
- package/dist/services/users/iam.users.service.d.ts +14 -0
- package/dist/services/users/iam.users.service.js +77 -0
- package/dist/services/users/iam.users.service.js.map +1 -0
- package/dist/services/users/index.d.ts +2 -0
- package/dist/services/users/index.js +19 -0
- package/dist/services/users/index.js.map +1 -0
- package/package.json +25 -0
- package/tsconfig.build.json +9 -0
- package/tsconfig.json +9 -0
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.IAMAuthorizationService = void 0;
|
|
16
|
+
const core_1 = require("@node-c/core");
|
|
17
|
+
const general_tools_1 = require("@ramster/general-tools");
|
|
18
|
+
const immutable_1 = __importDefault(require("immutable"));
|
|
19
|
+
const ramda_1 = require("ramda");
|
|
20
|
+
class IAMAuthorizationService {
|
|
21
|
+
constructor(persistanceAuthorizationPointsService) {
|
|
22
|
+
this.persistanceAuthorizationPointsService = persistanceAuthorizationPointsService;
|
|
23
|
+
}
|
|
24
|
+
static checkAccess(accessPoints, inputData, user) {
|
|
25
|
+
const userPermissionsData = user.currentAuthorizationPoints;
|
|
26
|
+
let hasAccess = false;
|
|
27
|
+
const inputDataToBeMutated = {};
|
|
28
|
+
const mutatedInputData = immutable_1.default.fromJS(inputData).toJS();
|
|
29
|
+
for (const acpId in accessPoints) {
|
|
30
|
+
const acpData = userPermissionsData[acpId];
|
|
31
|
+
if (!acpData) {
|
|
32
|
+
continue;
|
|
33
|
+
}
|
|
34
|
+
const { allowedInputData, forbiddenInputData, inputDataFieldName, requiredStaticData, userFieldName } = acpData;
|
|
35
|
+
const hasStaticData = requiredStaticData && Object.keys(requiredStaticData).length;
|
|
36
|
+
const innerMutatedInputData = immutable_1.default.fromJS(mutatedInputData).toJS();
|
|
37
|
+
const innerInputDataToBeMutated = {};
|
|
38
|
+
if (allowedInputData && Object.keys(allowedInputData).length) {
|
|
39
|
+
const values = IAMAuthorizationService.matchInputValues(innerMutatedInputData, allowedInputData);
|
|
40
|
+
for (const key in values) {
|
|
41
|
+
innerInputDataToBeMutated[key] = values[key];
|
|
42
|
+
(0, general_tools_1.setNested)(innerMutatedInputData, key, values[key], { removeNestedFieldEscapeSign: true });
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
if (forbiddenInputData && Object.keys(forbiddenInputData).length) {
|
|
46
|
+
const values = IAMAuthorizationService.matchInputValues(innerMutatedInputData, forbiddenInputData);
|
|
47
|
+
for (const key in values) {
|
|
48
|
+
innerInputDataToBeMutated[key] = undefined;
|
|
49
|
+
(0, general_tools_1.setNested)(innerMutatedInputData, key, undefined, { removeNestedFieldEscapeSign: true });
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
if (hasStaticData) {
|
|
53
|
+
for (const fieldName in requiredStaticData) {
|
|
54
|
+
if (!IAMAuthorizationService.testValue((0, general_tools_1.getNested)({ inputData: innerMutatedInputData, user }, fieldName, { removeNestedFieldEscapeSign: true }), requiredStaticData[fieldName])) {
|
|
55
|
+
hasAccess = false;
|
|
56
|
+
break;
|
|
57
|
+
}
|
|
58
|
+
if (!hasAccess) {
|
|
59
|
+
hasAccess = true;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
if (hasAccess) {
|
|
63
|
+
hasAccess = false;
|
|
64
|
+
}
|
|
65
|
+
else {
|
|
66
|
+
continue;
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
if (userFieldName) {
|
|
70
|
+
if (!inputDataFieldName) {
|
|
71
|
+
continue;
|
|
72
|
+
}
|
|
73
|
+
const userFieldValue = (0, general_tools_1.getNested)(user, userFieldName, { removeNestedFieldEscapeSign: true }), inputFieldValue = (0, general_tools_1.getNested)(innerMutatedInputData, inputDataFieldName, { removeNestedFieldEscapeSign: true });
|
|
74
|
+
if (typeof userFieldValue === 'undefined' || typeof inputFieldValue === 'undefined') {
|
|
75
|
+
continue;
|
|
76
|
+
}
|
|
77
|
+
const inputValueIsArray = inputFieldValue instanceof Array, valuesToTest = inputValueIsArray ? inputFieldValue : [inputFieldValue], valuesToTestAgainst = userFieldValue instanceof Array ? userFieldValue : [userFieldValue];
|
|
78
|
+
const allowedValues = [];
|
|
79
|
+
valuesToTest.forEach((valueToTest) => {
|
|
80
|
+
const valueToTestVariants = IAMAuthorizationService.getValuesForTesting(valueToTest);
|
|
81
|
+
for (const j in valuesToTestAgainst) {
|
|
82
|
+
const valueToTestAgainst = valuesToTestAgainst[j];
|
|
83
|
+
let matchFound = false;
|
|
84
|
+
for (const k in valueToTestVariants) {
|
|
85
|
+
const variant = valueToTestVariants[k];
|
|
86
|
+
if (valueToTestAgainst === variant) {
|
|
87
|
+
allowedValues.push(variant);
|
|
88
|
+
matchFound = true;
|
|
89
|
+
break;
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
if (matchFound) {
|
|
93
|
+
break;
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
});
|
|
97
|
+
if (!allowedValues.length) {
|
|
98
|
+
continue;
|
|
99
|
+
}
|
|
100
|
+
if (inputValueIsArray) {
|
|
101
|
+
innerInputDataToBeMutated[inputDataFieldName] = allowedValues;
|
|
102
|
+
(0, general_tools_1.setNested)(mutatedInputData, inputDataFieldName, allowedValues, { removeNestedFieldEscapeSign: true });
|
|
103
|
+
}
|
|
104
|
+
hasAccess = true;
|
|
105
|
+
(0, ramda_1.mergeDeepRight)(innerInputDataToBeMutated, innerInputDataToBeMutated);
|
|
106
|
+
break;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
return { hasAccess, inputDataToBeMutated };
|
|
110
|
+
}
|
|
111
|
+
static getValuesForTesting(valueToTest) {
|
|
112
|
+
const values = [
|
|
113
|
+
valueToTest,
|
|
114
|
+
parseInt(valueToTest, 10),
|
|
115
|
+
parseFloat(valueToTest)
|
|
116
|
+
];
|
|
117
|
+
if (valueToTest === 'true') {
|
|
118
|
+
values.push(true);
|
|
119
|
+
}
|
|
120
|
+
else if (valueToTest === 'false') {
|
|
121
|
+
values.push(false);
|
|
122
|
+
}
|
|
123
|
+
return values;
|
|
124
|
+
}
|
|
125
|
+
mapAuthorizationPoints(moduleName) {
|
|
126
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
127
|
+
const { items: acpList } = yield this.persistanceAuthorizationPointsService.find({
|
|
128
|
+
filters: { moduleNames: { [core_1.PersistanceSelectOperator.Contains]: moduleName } },
|
|
129
|
+
findAll: true
|
|
130
|
+
});
|
|
131
|
+
const authorizationData = { __all: { __all: {} } };
|
|
132
|
+
const moduleGlobalData = authorizationData.__all.__all;
|
|
133
|
+
acpList.forEach(item => {
|
|
134
|
+
if (!item.controllerNames) {
|
|
135
|
+
moduleGlobalData[item.id] = item;
|
|
136
|
+
return;
|
|
137
|
+
}
|
|
138
|
+
item.controllerNames.forEach(ctlName => {
|
|
139
|
+
let ctlData = authorizationData[ctlName];
|
|
140
|
+
if (!ctlData) {
|
|
141
|
+
ctlData = { __all: {} };
|
|
142
|
+
authorizationData[ctlName] = ctlData;
|
|
143
|
+
}
|
|
144
|
+
if (!item.handlerNames) {
|
|
145
|
+
ctlData.__all[item.id] = item;
|
|
146
|
+
return;
|
|
147
|
+
}
|
|
148
|
+
item.handlerNames.forEach(hName => {
|
|
149
|
+
let hData = ctlData[hName];
|
|
150
|
+
if (!hData) {
|
|
151
|
+
hData = {};
|
|
152
|
+
ctlData[hName] = hData;
|
|
153
|
+
}
|
|
154
|
+
hData[item.id] = item;
|
|
155
|
+
});
|
|
156
|
+
});
|
|
157
|
+
});
|
|
158
|
+
return authorizationData;
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
static matchInputValues(input, values) {
|
|
162
|
+
const mutatedInput = immutable_1.default.fromJS(input).toJS();
|
|
163
|
+
for (const fieldName in values) {
|
|
164
|
+
const value = (0, general_tools_1.getNested)(input, fieldName, { removeNestedFieldEscapeSign: true });
|
|
165
|
+
const allowedValue = values[fieldName];
|
|
166
|
+
const allowedValues = allowedValue instanceof Array ? allowedValue : [allowedValue];
|
|
167
|
+
let valueIsArray = false;
|
|
168
|
+
let valuesToCheck = [];
|
|
169
|
+
const valuesToSet = [];
|
|
170
|
+
if (value instanceof Array) {
|
|
171
|
+
valuesToCheck = value;
|
|
172
|
+
valueIsArray = true;
|
|
173
|
+
}
|
|
174
|
+
else {
|
|
175
|
+
valuesToCheck.push(value);
|
|
176
|
+
}
|
|
177
|
+
valuesToCheck.forEach(valueToCheck => {
|
|
178
|
+
const valueToCheckVariants = IAMAuthorizationService.getValuesForTesting(valueToCheck);
|
|
179
|
+
for (const i in valueToCheckVariants) {
|
|
180
|
+
const actualValueToCheck = valueToCheckVariants[i];
|
|
181
|
+
let checkPassed = false;
|
|
182
|
+
for (const j in allowedValues) {
|
|
183
|
+
if (IAMAuthorizationService.testValue(actualValueToCheck, allowedValues[j])) {
|
|
184
|
+
valuesToSet.push(valueToCheck);
|
|
185
|
+
checkPassed = true;
|
|
186
|
+
break;
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
if (checkPassed) {
|
|
190
|
+
break;
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
});
|
|
194
|
+
if (!valuesToSet.length) {
|
|
195
|
+
(0, general_tools_1.setNested)(mutatedInput, fieldName, undefined, { removeNestedFieldEscapeSign: true });
|
|
196
|
+
continue;
|
|
197
|
+
}
|
|
198
|
+
(0, general_tools_1.setNested)(mutatedInput, fieldName, valueIsArray ? valuesToSet : valuesToSet[0], {
|
|
199
|
+
removeNestedFieldEscapeSign: true
|
|
200
|
+
});
|
|
201
|
+
}
|
|
202
|
+
return mutatedInput;
|
|
203
|
+
}
|
|
204
|
+
static testValue(valueToTest, valueToTestAgainst) {
|
|
205
|
+
if (typeof valueToTest === 'string' &&
|
|
206
|
+
typeof valueToTestAgainst === 'string' &&
|
|
207
|
+
valueToTest.charAt(0) === '/' &&
|
|
208
|
+
valueToTest.charAt(valueToTest.length - 1) === '/') {
|
|
209
|
+
const regex = new RegExp(valueToTest);
|
|
210
|
+
return regex.test(valueToTestAgainst);
|
|
211
|
+
}
|
|
212
|
+
const possibleValidValues = IAMAuthorizationService.getValuesForTesting(valueToTest);
|
|
213
|
+
for (const i in possibleValidValues) {
|
|
214
|
+
if (possibleValidValues[i] === valueToTestAgainst) {
|
|
215
|
+
return true;
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
return false;
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
exports.IAMAuthorizationService = IAMAuthorizationService;
|
|
222
|
+
//# sourceMappingURL=iam.authorization.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iam.authorization.service.js","sourceRoot":"","sources":["../../../src/services/authorization/iam.authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uCAAkG;AAElG,0DAA8D;AAE9D,0DAAkC;AAClC,iCAAgD;AAQhD,MAAa,uBAAuB;IAClC,YAEY,qCAAmF;QAAnF,0CAAqC,GAArC,qCAAqC,CAA8C;IAC5F,CAAC;IAEJ,MAAM,CAAC,WAAW,CAChB,YAA+D,EAC/D,SAAwB,EACxB,IAAgC;QAKhC,MAAM,mBAAmB,GAAG,IAAI,CAAC,0BAA2B,CAAC;QAC7D,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,oBAAoB,GAAkB,EAAE,CAAC;QAC/C,MAAM,gBAAgB,GAAG,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5D,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;YACD,MAAM,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;YAChH,MAAM,aAAa,GAAG,kBAAkB,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC;YACnF,MAAM,qBAAqB,GAAG,mBAAS,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC;YACxE,MAAM,yBAAyB,GAAkB,EAAE,CAAC;YACpD,IAAI,gBAAgB,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC7D,MAAM,MAAM,GAAG,uBAAuB,CAAC,gBAAgB,CAAC,qBAAqB,EAAE,gBAAgB,CAAC,CAAC;gBACjG,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;oBACzB,yBAAyB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;oBAC7C,IAAA,yBAAS,EAAC,qBAAqB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5F,CAAC;YACH,CAAC;YACD,IAAI,kBAAkB,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,EAAE,CAAC;gBACjE,MAAM,MAAM,GAAG,uBAAuB,CAAC,gBAAgB,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;gBACnG,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;oBACzB,yBAAyB,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;oBAC3C,IAAA,yBAAS,EAAC,qBAAqB,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC1F,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;oBAC3C,IACE,CAAC,uBAAuB,CAAC,SAAS,CAChC,IAAA,yBAAS,EAAC,EAAE,SAAS,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,EACvG,kBAAkB,CAAC,SAAS,CAAC,CAC9B,EACD,CAAC;wBACD,SAAS,GAAG,KAAK,CAAC;wBAClB,MAAM;oBACR,CAAC;oBACD,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,SAAS,GAAG,IAAI,CAAC;oBACnB,CAAC;gBACH,CAAC;gBACD,IAAI,SAAS,EAAE,CAAC;oBACd,SAAS,GAAG,KAAK,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBACD,MAAM,cAAc,GAAG,IAAA,yBAAS,EAAC,IAAI,EAAE,aAAa,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,EAC1F,eAAe,GAAG,IAAA,yBAAS,EAAC,qBAAqB,EAAE,kBAAkB,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChH,IAAI,OAAO,cAAc,KAAK,WAAW,IAAI,OAAO,eAAe,KAAK,WAAW,EAAE,CAAC;oBACpF,SAAS;gBACX,CAAC;gBACD,MAAM,iBAAiB,GAAG,eAAe,YAAY,KAAK,EACxD,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,EACtE,mBAAmB,GAAG,cAAc,YAAY,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;gBAC5F,MAAM,aAAa,GAAc,EAAE,CAAC;gBACpC,YAAY,CAAC,OAAO,CAAC,CAAC,WAAoB,EAAE,EAAE;oBAC5C,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;oBACrF,KAAK,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC;wBACpC,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;wBAClD,IAAI,UAAU,GAAG,KAAK,CAAC;wBACvB,KAAK,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC;4BACpC,MAAM,OAAO,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;4BACvC,IAAI,kBAAkB,KAAK,OAAO,EAAE,CAAC;gCACnC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gCAC5B,UAAU,GAAG,IAAI,CAAC;gCAClB,MAAM;4BACR,CAAC;wBACH,CAAC;wBACD,IAAI,UAAU,EAAE,CAAC;4BACf,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;oBAC1B,SAAS;gBACX,CAAC;gBACD,IAAI,iBAAiB,EAAE,CAAC;oBACtB,yBAAyB,CAAC,kBAAkB,CAAC,GAAG,aAAa,CAAC;oBAC9D,IAAA,yBAAS,EAAC,gBAAgB,EAAE,kBAAkB,EAAE,aAAa,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;gBACxG,CAAC;gBACD,SAAS,GAAG,IAAI,CAAC;gBACjB,IAAA,sBAAK,EAAC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC;gBAC5D,MAAM;YACR,CAAC;QACH,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,CAAC,mBAAmB,CAAC,WAAoB;QAC7C,MAAM,MAAM,GAAG;YACb,WAAW;YACX,QAAQ,CAAC,WAAqB,EAAE,EAAE,CAAC;YACnC,UAAU,CAAC,WAAqB,CAAC;SAClC,CAAC;QAEF,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;aAAM,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEK,sBAAsB,CAAC,UAAkB;;YAC7C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,qCAAqC,CAAC,IAAI,CAAC;gBAC/E,OAAO,EAAE,EAAE,WAAW,EAAE,EAAE,CAAC,gCAAyB,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE;gBAC9E,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,MAAM,iBAAiB,GAA+B,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC;YAC/E,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC;YACvD,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBACrB,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;oBAC1B,gBAAgB,CAAC,IAAI,CAAC,EAAY,CAAC,GAAG,IAAI,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;oBACrC,IAAI,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;oBACzC,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;wBACxB,iBAAiB,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;oBACvC,CAAC;oBACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;wBACvB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAY,CAAC,GAAG,IAAI,CAAC;wBACxC,OAAO;oBACT,CAAC;oBACD,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;wBAChC,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;wBAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;4BACX,KAAK,GAAG,EAAE,CAAC;4BACX,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;wBACzB,CAAC;wBACD,KAAK,CAAC,IAAI,CAAC,EAAY,CAAC,GAAG,IAAI,CAAC;oBAClC,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,OAAO,iBAAiB,CAAC;QAC3B,CAAC;KAAA;IAED,MAAM,CAAC,gBAAgB,CAAC,KAAoB,EAAE,MAAqB;QACjE,MAAM,YAAY,GAAG,mBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,KAAK,MAAM,SAAS,IAAI,MAAM,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE,SAAS,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;YACjF,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,aAAa,GAAG,YAAY,YAAY,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YACpF,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,aAAa,GAAc,EAAE,CAAC;YAClC,MAAM,WAAW,GAAc,EAAE,CAAC;YAClC,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,aAAa,GAAG,KAAK,CAAC;gBACtB,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;YACD,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;gBACnC,MAAM,oBAAoB,GAAG,uBAAuB,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;gBACvF,KAAK,MAAM,CAAC,IAAI,oBAAoB,EAAE,CAAC;oBACrC,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAC;oBACnD,IAAI,WAAW,GAAG,KAAK,CAAC;oBACxB,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;wBAC9B,IAAI,uBAAuB,CAAC,SAAS,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BAC5E,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;4BAC/B,WAAW,GAAG,IAAI,CAAC;4BACnB,MAAM;wBACR,CAAC;oBACH,CAAC;oBACD,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBACxB,IAAA,yBAAS,EAAC,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;gBACrF,SAAS;YACX,CAAC;YACD,IAAA,yBAAS,EAAC,YAAY,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;gBAC9E,2BAA2B,EAAE,IAAI;aAClC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,WAAoB,EAAE,kBAA2B;QAChE,IACE,OAAO,WAAW,KAAK,QAAQ;YAC/B,OAAO,kBAAkB,KAAK,QAAQ;YACtC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG;YAC7B,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,EAClD,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACrF,KAAK,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC;YACpC,IAAI,mBAAmB,CAAC,CAAC,CAAC,KAAK,kBAAkB,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA3ND,0DA2NC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./iam.authorization.definitions"), exports);
|
|
18
|
+
__exportStar(require("./iam.authorization.service"), exports);
|
|
19
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/authorization/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kEAAgD;AAChD,8DAA4C"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./authentication"), exports);
|
|
18
|
+
__exportStar(require("./authenticationLocal"), exports);
|
|
19
|
+
__exportStar(require("./authorization"), exports);
|
|
20
|
+
__exportStar(require("./tokenManager"), exports);
|
|
21
|
+
__exportStar(require("./users"), exports);
|
|
22
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,wDAAsC;AACtC,kDAAgC;AAChC,iDAA+B;AAC/B,0CAAwB"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { DomainCreateOptions } from '@node-c/core';
|
|
2
|
+
export type DecodedTokenContent<TokenEntityFields> = {
|
|
3
|
+
exp?: number;
|
|
4
|
+
iat: number;
|
|
5
|
+
data?: TokenEntityFields;
|
|
6
|
+
};
|
|
7
|
+
export type TokenEntity<TokenEntityFields extends object> = {
|
|
8
|
+
token: string;
|
|
9
|
+
type: TokenType;
|
|
10
|
+
} & TokenEntityFields;
|
|
11
|
+
export type TokenManagerCreateData<TokenEntityFields extends object> = Partial<Omit<TokenEntity<TokenEntityFields>, 'token'>>;
|
|
12
|
+
export type TokenManagerCreateOptions = {
|
|
13
|
+
expiresInMinutes?: number;
|
|
14
|
+
identifierDataField?: string;
|
|
15
|
+
persist?: boolean;
|
|
16
|
+
purgeOldFromPersistance?: boolean;
|
|
17
|
+
} & DomainCreateOptions;
|
|
18
|
+
export declare enum TokenType {
|
|
19
|
+
Access = "access",
|
|
20
|
+
Refresh = "refresh"
|
|
21
|
+
}
|
|
22
|
+
export interface VerifyAccessTokenOptions {
|
|
23
|
+
deleteFromStoreIfExpired?: boolean;
|
|
24
|
+
identifierDataField?: string;
|
|
25
|
+
newTokenExpiresInMinutes?: number;
|
|
26
|
+
persistNewToken?: boolean;
|
|
27
|
+
purgeStoreOnRenew?: boolean;
|
|
28
|
+
refreshToken?: string;
|
|
29
|
+
refreshTokenAccessTokenIdentifierDataField?: string;
|
|
30
|
+
}
|
|
31
|
+
export interface VerifyAccessTokenReturnData<TokenEntityFields> {
|
|
32
|
+
content?: DecodedTokenContent<TokenEntityFields>;
|
|
33
|
+
newToken?: string;
|
|
34
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.TokenType = void 0;
|
|
4
|
+
var TokenType;
|
|
5
|
+
(function (TokenType) {
|
|
6
|
+
TokenType["Access"] = "access";
|
|
7
|
+
TokenType["Refresh"] = "refresh";
|
|
8
|
+
})(TokenType || (exports.TokenType = TokenType = {}));
|
|
9
|
+
//# sourceMappingURL=iam.tokenManager.definitions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iam.tokenManager.definitions.js","sourceRoot":"","sources":["../../../src/services/tokenManager/iam.tokenManager.definitions.ts"],"names":[],"mappings":";;;AAwBA,IAAY,SAKX;AALD,WAAY,SAAS;IAEnB,8BAAiB,CAAA;IAEjB,gCAAmB,CAAA;AACrB,CAAC,EALW,SAAS,yBAAT,SAAS,QAKpB"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { ConfigProviderService, DomainCreateResult, DomainEntityService, PersistanceEntityService } from '@node-c/core';
|
|
2
|
+
import { DecodedTokenContent, TokenEntity, TokenManagerCreateData, TokenManagerCreateOptions, VerifyAccessTokenOptions, VerifyAccessTokenReturnData } from './iam.tokenManager.definitions';
|
|
3
|
+
export declare class IAMTokenManagerService<TokenEntityFields extends object> extends DomainEntityService<TokenEntity<TokenEntityFields>, PersistanceEntityService<TokenEntity<TokenEntityFields>>> {
|
|
4
|
+
protected configProvider: ConfigProviderService;
|
|
5
|
+
protected moduleName: string;
|
|
6
|
+
protected persistanceEntityService: PersistanceEntityService<TokenEntity<TokenEntityFields>>;
|
|
7
|
+
constructor(configProvider: ConfigProviderService, moduleName: string, persistanceEntityService: PersistanceEntityService<TokenEntity<TokenEntityFields>>);
|
|
8
|
+
create(data: TokenManagerCreateData<TokenEntityFields>, options: TokenManagerCreateOptions): Promise<DomainCreateResult<TokenEntity<TokenEntityFields>>>;
|
|
9
|
+
verifyAccessToken(token: string, options?: VerifyAccessTokenOptions): Promise<VerifyAccessTokenReturnData<TokenEntityFields>>;
|
|
10
|
+
protected verify(token: string, secret: string): Promise<{
|
|
11
|
+
content?: DecodedTokenContent<TokenEntityFields>;
|
|
12
|
+
error?: unknown;
|
|
13
|
+
}>;
|
|
14
|
+
}
|
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
36
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
37
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
38
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
39
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
40
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
41
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
42
|
+
});
|
|
43
|
+
};
|
|
44
|
+
var __rest = (this && this.__rest) || function (s, e) {
|
|
45
|
+
var t = {};
|
|
46
|
+
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
|
|
47
|
+
t[p] = s[p];
|
|
48
|
+
if (s != null && typeof Object.getOwnPropertySymbols === "function")
|
|
49
|
+
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
|
|
50
|
+
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
|
|
51
|
+
t[p[i]] = s[p[i]];
|
|
52
|
+
}
|
|
53
|
+
return t;
|
|
54
|
+
};
|
|
55
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
56
|
+
exports.IAMTokenManagerService = void 0;
|
|
57
|
+
const core_1 = require("@node-c/core");
|
|
58
|
+
const general_tools_1 = require("@ramster/general-tools");
|
|
59
|
+
const jwt = __importStar(require("jsonwebtoken"));
|
|
60
|
+
const iam_tokenManager_definitions_1 = require("./iam.tokenManager.definitions");
|
|
61
|
+
class IAMTokenManagerService extends core_1.DomainEntityService {
|
|
62
|
+
constructor(configProvider, moduleName, persistanceEntityService) {
|
|
63
|
+
super(persistanceEntityService, undefined, []);
|
|
64
|
+
this.configProvider = configProvider;
|
|
65
|
+
this.moduleName = moduleName;
|
|
66
|
+
this.persistanceEntityService = persistanceEntityService;
|
|
67
|
+
}
|
|
68
|
+
create(data, options) {
|
|
69
|
+
const _super = Object.create(null, {
|
|
70
|
+
create: { get: () => super.create }
|
|
71
|
+
});
|
|
72
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
73
|
+
const { configProvider, moduleName, persistanceEntityService } = this;
|
|
74
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
75
|
+
const { type } = data, tokenData = __rest(data, ["type"]);
|
|
76
|
+
const { expiresInMinutes, identifierDataField, persist, purgeOldFromPersistance } = options;
|
|
77
|
+
const signOptions = {};
|
|
78
|
+
let secret;
|
|
79
|
+
if (type === iam_tokenManager_definitions_1.TokenType.Access) {
|
|
80
|
+
secret = moduleConfig.jwtAccessSecret;
|
|
81
|
+
if (expiresInMinutes) {
|
|
82
|
+
signOptions.expiresIn = expiresInMinutes * 60;
|
|
83
|
+
}
|
|
84
|
+
else if (moduleConfig.accessTokenExpiryTimeInMinutes) {
|
|
85
|
+
signOptions.expiresIn = moduleConfig.accessTokenExpiryTimeInMinutes * 60;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
else if (type === iam_tokenManager_definitions_1.TokenType.Refresh) {
|
|
89
|
+
if (expiresInMinutes) {
|
|
90
|
+
signOptions.expiresIn = expiresInMinutes * 60;
|
|
91
|
+
}
|
|
92
|
+
else if (moduleConfig.refreshTokenExpiryTimeInMinutes) {
|
|
93
|
+
signOptions.expiresIn = moduleConfig.refreshTokenExpiryTimeInMinutes * 60;
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
else {
|
|
97
|
+
throw new core_1.ApplicationError(`[TokenManager.create]: Invalid token type - "${type}".`);
|
|
98
|
+
}
|
|
99
|
+
const token = yield new Promise((resolve, reject) => {
|
|
100
|
+
jwt.sign({ data }, secret, signOptions, (err, token) => {
|
|
101
|
+
if (err) {
|
|
102
|
+
console.error(err);
|
|
103
|
+
reject(new core_1.ApplicationError('Failed to sign token.'));
|
|
104
|
+
return;
|
|
105
|
+
}
|
|
106
|
+
resolve(token);
|
|
107
|
+
});
|
|
108
|
+
});
|
|
109
|
+
const objectToSave = Object.assign(Object.assign({}, tokenData), { token, type });
|
|
110
|
+
if (persist && persistanceEntityService) {
|
|
111
|
+
if (purgeOldFromPersistance && identifierDataField) {
|
|
112
|
+
const identifierValue = (0, general_tools_1.getNested)(data, identifierDataField);
|
|
113
|
+
if (typeof identifierValue !== 'undefined' && typeof identifierValue !== 'object') {
|
|
114
|
+
yield persistanceEntityService.delete({
|
|
115
|
+
filters: { [identifierDataField]: identifierValue }
|
|
116
|
+
});
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
yield _super.create.call(this, objectToSave);
|
|
120
|
+
}
|
|
121
|
+
return { result: objectToSave };
|
|
122
|
+
});
|
|
123
|
+
}
|
|
124
|
+
verifyAccessToken(token, options) {
|
|
125
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
126
|
+
const { configProvider, moduleName, persistanceEntityService } = this;
|
|
127
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
128
|
+
const { deleteFromStoreIfExpired, identifierDataField, newTokenExpiresInMinutes, persistNewToken, purgeStoreOnRenew, refreshToken, refreshTokenAccessTokenIdentifierDataField } = options || {};
|
|
129
|
+
const { content, error } = yield this.verify(token, moduleConfig.jwtAccessSecret);
|
|
130
|
+
let forceRenew = true;
|
|
131
|
+
let newToken;
|
|
132
|
+
if (error) {
|
|
133
|
+
let errorToThrow;
|
|
134
|
+
let throwError = true;
|
|
135
|
+
if (error === 'Token expired' && identifierDataField && (content === null || content === void 0 ? void 0 : content.data) && persistanceEntityService) {
|
|
136
|
+
if (refreshToken && refreshTokenAccessTokenIdentifierDataField) {
|
|
137
|
+
const { content: refreshTokenContent, error: refreshTokenError } = yield this.verify(refreshToken, moduleConfig.jwtRefreshSecret);
|
|
138
|
+
if (refreshTokenError) {
|
|
139
|
+
errorToThrow = refreshTokenError;
|
|
140
|
+
}
|
|
141
|
+
if (!refreshTokenContent) {
|
|
142
|
+
errorToThrow = new core_1.ApplicationError('Empty refresh token.');
|
|
143
|
+
}
|
|
144
|
+
else {
|
|
145
|
+
const refreshTokenCheckValue = (0, general_tools_1.getNested)(content.data, refreshTokenAccessTokenIdentifierDataField);
|
|
146
|
+
if (refreshTokenCheckValue !== refreshToken) {
|
|
147
|
+
errorToThrow = new core_1.ApplicationError('Mismatched refresh token.');
|
|
148
|
+
}
|
|
149
|
+
else {
|
|
150
|
+
forceRenew = false;
|
|
151
|
+
throwError = false;
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
else {
|
|
156
|
+
if (deleteFromStoreIfExpired) {
|
|
157
|
+
const identifierValue = (0, general_tools_1.getNested)(content.data, identifierDataField);
|
|
158
|
+
if (typeof identifierValue !== 'undefined' && typeof identifierValue !== 'object') {
|
|
159
|
+
yield persistanceEntityService.delete({
|
|
160
|
+
filters: { [identifierDataField]: identifierValue }
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
errorToThrow = new core_1.ApplicationError('Expired access token.');
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
if (throwError) {
|
|
168
|
+
throw errorToThrow || error;
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
if ((content === null || content === void 0 ? void 0 : content.data) && forceRenew) {
|
|
172
|
+
const tokenData = Object.assign(Object.assign({}, content.data), { type: iam_tokenManager_definitions_1.TokenType.Access });
|
|
173
|
+
if (refreshToken && refreshTokenAccessTokenIdentifierDataField) {
|
|
174
|
+
tokenData[refreshTokenAccessTokenIdentifierDataField] = refreshToken;
|
|
175
|
+
}
|
|
176
|
+
const { result } = yield this.create(tokenData, {
|
|
177
|
+
expiresInMinutes: newTokenExpiresInMinutes,
|
|
178
|
+
identifierDataField,
|
|
179
|
+
persist: persistNewToken,
|
|
180
|
+
purgeOldFromPersistance: purgeStoreOnRenew
|
|
181
|
+
});
|
|
182
|
+
newToken = result.token;
|
|
183
|
+
}
|
|
184
|
+
return { content, newToken };
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
verify(token, secret) {
|
|
188
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
189
|
+
const data = yield new Promise(resolve => {
|
|
190
|
+
jwt.verify(token, secret, (err, decoded) => {
|
|
191
|
+
if (err) {
|
|
192
|
+
resolve({ content: decoded, error: err });
|
|
193
|
+
}
|
|
194
|
+
resolve({ content: decoded });
|
|
195
|
+
});
|
|
196
|
+
});
|
|
197
|
+
return data;
|
|
198
|
+
});
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
exports.IAMTokenManagerService = IAMTokenManagerService;
|
|
202
|
+
//# sourceMappingURL=iam.tokenManager.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iam.tokenManager.service.js","sourceRoot":"","sources":["../../../src/services/tokenManager/iam.tokenManager.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAQsB;AAEtB,0DAAmD;AACnD,kDAAoC;AAEpC,iFAQwC;AAGxC,MAAa,sBAAyD,SAAQ,0BAG7E;IACC,YAEY,cAAqC,EAErC,UAAkB,EAElB,wBAAkF;QAE5F,KAAK,CAAC,wBAAyB,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QANtC,mBAAc,GAAd,cAAc,CAAuB;QAErC,eAAU,GAAV,UAAU,CAAQ;QAElB,6BAAwB,GAAxB,wBAAwB,CAA0D;IAG9F,CAAC;IAEK,MAAM,CACV,IAA+C,EAC/C,OAAkC;;;;;YAElC,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,wBAAwB,EAAE,GAAG,IAAI,CAAC;YACtE,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,IAAI,KAAmB,IAAI,EAAlB,SAAS,UAAK,IAAI,EAA7B,QAAsB,CAAO,CAAC;YACpC,MAAM,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,OAAO,EAAE,uBAAuB,EAAE,GAAG,OAAO,CAAC;YAC5F,MAAM,WAAW,GAAG,EAAqB,CAAC;YAC1C,IAAI,MAAc,CAAC;YAEnB,IAAI,IAAI,KAAK,wCAAS,CAAC,MAAM,EAAE,CAAC;gBAC9B,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC;gBACtC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,WAAW,CAAC,SAAS,GAAG,gBAAgB,GAAG,EAAE,CAAC;gBAChD,CAAC;qBAAM,IAAI,YAAY,CAAC,8BAA8B,EAAE,CAAC;oBACvD,WAAW,CAAC,SAAS,GAAG,YAAY,CAAC,8BAA8B,GAAG,EAAE,CAAC;gBAC3E,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,KAAK,wCAAS,CAAC,OAAO,EAAE,CAAC;gBACtC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,WAAW,CAAC,SAAS,GAAG,gBAAgB,GAAG,EAAE,CAAC;gBAChD,CAAC;qBAAM,IAAI,YAAY,CAAC,+BAA+B,EAAE,CAAC;oBACxD,WAAW,CAAC,SAAS,GAAG,YAAY,CAAC,+BAA+B,GAAG,EAAE,CAAC;gBAC5E,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,uBAAgB,CAAC,gDAAgD,IAAI,IAAI,CAAC,CAAC;YACvF,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;oBACrD,IAAI,GAAG,EAAE,CAAC;wBACR,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBACnB,MAAM,CAAC,IAAI,uBAAgB,CAAC,uBAAuB,CAAC,CAAC,CAAC;wBACtD,OAAO;oBACT,CAAC;oBACD,OAAO,CAAC,KAAe,CAAC,CAAC;gBAC3B,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,gCAAK,SAAS,KAAE,KAAK,EAAE,IAAI,GAAoC,CAAC;YAGrF,IAAI,OAAO,IAAI,wBAAwB,EAAE,CAAC;gBACxC,IAAI,uBAAuB,IAAI,mBAAmB,EAAE,CAAC;oBACnD,MAAM,eAAe,GAAG,IAAA,yBAAS,EAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;oBAC7D,IAAI,OAAO,eAAe,KAAK,WAAW,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;wBAClF,MAAM,wBAAwB,CAAC,MAAM,CAAC;4BACpC,OAAO,EAAE,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE;yBACpD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBACD,MAAM,OAAM,MAAM,YAAC,YAAY,CAAC,CAAC;YACnC,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;QAClC,CAAC;KAAA;IAEK,iBAAiB,CACrB,KAAa,EACb,OAAkC;;YAElC,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,wBAAwB,EAAE,GAAG,IAAI,CAAC;YACtE,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EACJ,wBAAwB,EACxB,mBAAmB,EACnB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,0CAA0C,EAC3C,GAAG,OAAO,IAAI,EAAE,CAAC;YAElB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,eAAe,CAAC,CAAC;YAClF,IAAI,UAAU,GAAG,IAAI,CAAC;YACtB,IAAI,QAA4B,CAAC;YAEjC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,YAA+B,CAAC;gBACpC,IAAI,UAAU,GAAG,IAAI,CAAC;gBACtB,IAAI,KAAK,KAAK,eAAe,IAAI,mBAAmB,KAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAA,IAAI,wBAAwB,EAAE,CAAC;oBAClG,IAAI,YAAY,IAAI,0CAA0C,EAAE,CAAC;wBAC/D,MAAM,EAAE,OAAO,EAAE,mBAAmB,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAClF,YAAY,EACZ,YAAY,CAAC,gBAAgB,CAC9B,CAAC;wBACF,IAAI,iBAAiB,EAAE,CAAC;4BACtB,YAAY,GAAG,iBAA0B,CAAC;wBAC5C,CAAC;wBACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;4BACzB,YAAY,GAAG,IAAI,uBAAgB,CAAC,sBAAsB,CAAC,CAAC;wBAC9D,CAAC;6BAAM,CAAC;4BACN,MAAM,sBAAsB,GAAG,IAAA,yBAAS,EAAC,OAAO,CAAC,IAAI,EAAE,0CAA0C,CAAC,CAAC;4BACnG,IAAI,sBAAsB,KAAK,YAAY,EAAE,CAAC;gCAC5C,YAAY,GAAG,IAAI,uBAAgB,CAAC,2BAA2B,CAAC,CAAC;4BACnE,CAAC;iCAAM,CAAC;gCACN,UAAU,GAAG,KAAK,CAAC;gCACnB,UAAU,GAAG,KAAK,CAAC;4BACrB,CAAC;wBACH,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,IAAI,wBAAwB,EAAE,CAAC;4BAC7B,MAAM,eAAe,GAAG,IAAA,yBAAS,EAAC,OAAO,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;4BACrE,IAAI,OAAO,eAAe,KAAK,WAAW,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;gCAClF,MAAM,wBAAwB,CAAC,MAAM,CAAC;oCACpC,OAAO,EAAE,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE;iCACpD,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;wBACD,YAAY,GAAG,IAAI,uBAAgB,CAAC,uBAAuB,CAAC,CAAC;oBAC/D,CAAC;gBACH,CAAC;gBACD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,YAAY,IAAI,KAAK,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,UAAU,EAAE,CAAC;gBAChC,MAAM,SAAS,mCAAwD,OAAO,CAAC,IAAI,KAAE,IAAI,EAAE,wCAAS,CAAC,MAAM,GAAE,CAAC;gBAC9G,IAAI,YAAY,IAAI,0CAA0C,EAAE,CAAC;oBAC/D,SAAS,CAAC,0CAA0C,CAAC,GAAG,YAAY,CAAC;gBACvE,CAAC;gBACD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAsD,EAAE;oBAC3F,gBAAgB,EAAE,wBAAwB;oBAC1C,mBAAmB;oBACnB,OAAO,EAAE,eAAe;oBACxB,uBAAuB,EAAE,iBAAiB;iBAC3C,CAAC,CAAC;gBACH,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;YAC1B,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QAC/B,CAAC;KAAA;IAEe,MAAM,CACpB,KAAa,EACb,MAAc;;YAEd,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAwE,OAAO,CAAC,EAAE;gBAC9G,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBACzC,IAAI,GAAG,EAAE,CAAC;wBACR,OAAO,CAAC,EAAE,OAAO,EAAE,OAAiD,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,OAAO,CAAC,EAAE,OAAO,EAAE,OAAiD,EAAE,CAAC,CAAC;gBAC1E,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KAAA;CACF;AA/JD,wDA+JC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./iam.tokenManager.definitions"), exports);
|
|
18
|
+
__exportStar(require("./iam.tokenManager.service"), exports);
|
|
19
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/tokenManager/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iEAA+C;AAC/C,6DAA2C"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { GenericObject } from '@node-c/core';
|
|
2
|
+
import { UserAuthType, UserMFAType } from '../authentication';
|
|
3
|
+
import { AuthorizationPoint } from '../authorization';
|
|
4
|
+
export interface CreateAccessTokenLocalAuthData {
|
|
5
|
+
mfaCode?: string;
|
|
6
|
+
password: string;
|
|
7
|
+
}
|
|
8
|
+
export interface CreateAccessTokenOptions<AuthData = unknown> {
|
|
9
|
+
auth: {
|
|
10
|
+
type: UserAuthType;
|
|
11
|
+
mfaType?: UserMFAType;
|
|
12
|
+
} & AuthData;
|
|
13
|
+
email: string;
|
|
14
|
+
filters?: GenericObject;
|
|
15
|
+
rememberMe?: boolean;
|
|
16
|
+
}
|
|
17
|
+
export interface CreateAccessTokenReturnData<UserData> {
|
|
18
|
+
accessToken: string;
|
|
19
|
+
refreshToken: string;
|
|
20
|
+
user: UserData;
|
|
21
|
+
}
|
|
22
|
+
export interface GetUserWithPermissionsDataOptions {
|
|
23
|
+
keepPassword?: boolean;
|
|
24
|
+
}
|
|
25
|
+
export type User<UserIdentifierData, AuthorizationPointId> = {
|
|
26
|
+
currentAuthorizationPoints: GenericObject<AuthorizationPoint<AuthorizationPointId>>;
|
|
27
|
+
mfaCode?: string;
|
|
28
|
+
password?: string;
|
|
29
|
+
} & UserIdentifierData;
|
|
30
|
+
export interface UserTokenEnityFields<UserId = unknown> {
|
|
31
|
+
refreshToken?: string;
|
|
32
|
+
userId: UserId;
|
|
33
|
+
}
|
|
34
|
+
export declare enum UserTokenUserIdentifier {
|
|
35
|
+
FieldName = "userId"
|
|
36
|
+
}
|