@opengis/fastify-table 2.0.57 → 2.0.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/server/migrations/0.sql +3 -3
  2. package/dist/server/plugins/auth/funcs/authorizeUser.d.ts.map +1 -1
  3. package/dist/server/plugins/auth/funcs/authorizeUser.js +34 -3
  4. package/dist/server/plugins/auth/funcs/loginUser.d.ts.map +1 -1
  5. package/dist/server/plugins/auth/funcs/loginUser.js +7 -7
  6. package/dist/server/plugins/crud/funcs/dataUpdate.js +1 -1
  7. package/dist/server/routes/auth/controllers/2factor/qrcode.d.ts +4 -0
  8. package/dist/server/routes/auth/controllers/2factor/qrcode.d.ts.map +1 -0
  9. package/dist/server/routes/auth/controllers/2factor/qrcode.js +48 -0
  10. package/dist/server/routes/auth/index.d.ts.map +1 -1
  11. package/dist/server/routes/auth/index.js +4 -0
  12. package/package.json +1 -1
package/dist/server/migrations/0.sql CHANGED
@@ -59,8 +59,8 @@ if (_returnType != 'text') then
59
59
  end loop;
60
60
 
61
61
  raise notice 'reassign default finish: %', _tables;
62
-
63
- else
62
+
63
+ else
64
64
  raise notice 'skip default reassign';
65
65
 
66
66
  /* CREATE EXTENSION if not exists "uuid-ossp";
@@ -81,7 +81,7 @@ else
81
81
  COST 100;
82
82
  end if;
83
83
 
84
- end $$
84
+ end $$;
85
85
 
86
86
  CREATE OR REPLACE FUNCTION array_intersect(
87
87
  anyarray,
package/dist/server/plugins/auth/funcs/authorizeUser.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizeUser.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/authorizeUser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AA2BtD,wBAA8B,aAAa,CACzC,IAAI,EAAE,YAAY,EAClB,GAAG,EAAE,GAAG,EACR,QAAQ,SAAe,EACvB,MAAM,CAAC,EAAE,MAAM,gBAkFhB"}
1
+ {"version":3,"file":"authorizeUser.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/authorizeUser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AA4BtD,wBAA8B,aAAa,CACzC,IAAI,EAAE,YAAY,EAClB,GAAG,EAAE,GAAG,EACR,QAAQ,SAAe,EACvB,MAAM,CAAC,EAAE,MAAM,gBA+HhB"}
package/dist/server/plugins/auth/funcs/authorizeUser.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import config from "../../../../config.js";
2
2
  import logger from "../../logger/getLogger.js";
3
+ import pgClients from "../../pg/pgClients.js";
3
4
  import applyHook from "../../hook/applyHook.js";
4
5
  import logAuth from "./logAuth.js";
5
6
  /*
@@ -18,6 +19,7 @@ const getIp = (req) => (req.headers?.["x-real-ip"] ||
18
19
  export default async function authorizeUser(user, req, authType = "creds-user", expire) {
19
20
  if (!user?.uid)
20
21
  return "/logout";
22
+ const { pg = pgClients.client } = req;
21
23
  Object.assign(user, { auth_type: authType });
22
24
  // fastify/passport
23
25
  await req.login(user);
@@ -54,10 +56,39 @@ export default async function authorizeUser(user, req, authType = "creds-user",
54
56
  })) ||
55
57
  {};
56
58
  await req.session?.save?.();
57
- if (req.method === "POST") {
58
- return { message: "ok", status: "200" };
59
- }
60
59
  const redirectUrl = req.headers?.referer?.match?.(/[?&]redirect=([^&]+)/)?.[1] || "/";
60
+ const twofaEnabled = config.auth?.["2factor"] && user?.twofa && user.uid && pg;
61
+ const registered = false; // ? check by created/updated date?
62
+ if (req.method === "POST" &&
63
+ (!twofaEnabled || req.session?.secondFactorPassed)) {
64
+ return {
65
+ redirectUrl: href ||
66
+ config.auth?.redirectAfter ||
67
+ (redirectUrl.startsWith("/") ? redirectUrl : "/"),
68
+ authType,
69
+ registered,
70
+ user: { ...user, password: undefined, salt: undefined },
71
+ };
72
+ }
73
+ if (req.method === "POST" &&
74
+ twofaEnabled &&
75
+ !req.session?.secondFactorPassed) {
76
+ const verified = await pg
77
+ .query(`select
78
+ enabled and social_auth_url is not null as verified
79
+ from admin.users_social_auth
80
+ where uid = $1
81
+ and social_auth_type = $2`, [user.uid, "TOTP"])
82
+ .then((el) => el.rows?.[0]?.verified || false);
83
+ const redirect2fa = `${config.auth?.link?.["2fa"]?.login || "/2factor"}?redirect=${redirectUrl.startsWith("/") ? redirectUrl : "/"}`;
84
+ return {
85
+ redirectUrl: redirect2fa,
86
+ authType,
87
+ registered,
88
+ "2factor": { verified, enabled: !!user?.twofa },
89
+ user: { ...user, password: undefined, salt: undefined },
90
+ };
91
+ }
61
92
  // by default, disable 2factor for id.gov.ua auth
62
93
  const check = authType === "govid" ? config.auth?.["2factor"]?.govid : true;
63
94
  if (config.auth?.["2factor"] && user?.twofa && check) {
package/dist/server/plugins/auth/funcs/loginUser.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"loginUser.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/loginUser.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,YAAY,EAAkB,MAAM,SAAS,CAAC;AAEvD,wBAA8B,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBA+CpE"}
1
+ {"version":3,"file":"loginUser.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/loginUser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAUvC,wBAA8B,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBA+CpE"}
package/dist/server/plugins/auth/funcs/loginUser.js CHANGED
@@ -9,14 +9,14 @@ export default async function loginUser(req, reply) {
9
9
  if (!config.pg) {
10
10
  return req.method === "GET"
11
11
  ? reply.status(302).redirect("/login?confirm=wrong_pass&message=empty pg")
12
- : reply.status(400).send({ message: "empty pg" });
12
+ : reply.status(400).send({ error: "empty pg", code: 400 });
13
13
  }
14
14
  if (!config.redis) {
15
15
  return req.method === "GET"
16
16
  ? reply
17
17
  .status(302)
18
18
  .redirect("/login?confirm=wrong_pass&message=empty redis")
19
- : reply.status(400).send({ message: "empty redis" });
19
+ : reply.status(400).send({ error: "empty redis", code: 400 });
20
20
  }
21
21
  const { user, message = "invalid user" } = (await verifyPassword({
22
22
  pg,
@@ -28,19 +28,19 @@ export default async function loginUser(req, reply) {
28
28
  ? reply
29
29
  .status(302)
30
30
  .redirect(`/login?confirm=wrong_pass&message=${message}`)
31
- : reply.status(400).send({ message });
31
+ : reply.status(400).send({ error: message, code: 400 });
32
32
  }
33
33
  if (!user && (req.query?.username || req.body?.username)) {
34
34
  return req.method === "GET"
35
35
  ? reply
36
36
  .status(302)
37
37
  .redirect(`/login?confirm=wrong_pass&message=${message}`)
38
- : reply.status(400).send({ message });
38
+ : reply.status(400).send({ error: message, code: 400 });
39
39
  }
40
40
  logger.metrics("user.login");
41
41
  const authType = "creds-" + (user.user_type === "admin" ? "admin" : "user");
42
- const href = await authorizeUser(user, req, authType); // creds-admin / creds-admin
42
+ const result = await authorizeUser(user, req, authType); // creds-admin / creds-admin
43
43
  return req.method === "GET"
44
- ? reply.status(302).redirect(href)
45
- : reply.status(200).send(href);
44
+ ? reply.status(302).redirect(result)
45
+ : reply.status(200).send(result);
46
46
  }
package/dist/server/plugins/crud/funcs/dataUpdate.js CHANGED
@@ -60,7 +60,7 @@ export default async function dataUpdate({ table, tokenData, referer, id, data,
60
60
  ["string", "number"].includes(typeof data[el])) {
61
61
  Object.assign(data, { [el]: data[el].split(",") });
62
62
  }
63
- return [el, data[el]];
63
+ return [el, data[el] === "" ? null : data[el]]; // ensure '' on number does not throw
64
64
  })
65
65
  .map((el) => typeof el[1] === "object" && types[el[0]]?.includes?.("json") && el[1]
66
66
  ? JSON.stringify(el[1])
package/dist/server/routes/auth/controllers/2factor/qrcode.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ import { FastifyReply } from "fastify";
2
+ import { ExtendedRequest } from "../../../../types/core.js";
3
+ export default function qrCode(req: ExtendedRequest, reply: FastifyReply): Promise<never>;
4
+ //# sourceMappingURL=qrcode.d.ts.map
package/dist/server/routes/auth/controllers/2factor/qrcode.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"qrcode.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/2factor/qrcode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAa5D,wBAA8B,MAAM,CAClC,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,kBAsDpB"}
package/dist/server/routes/auth/controllers/2factor/qrcode.js ADDED
@@ -0,0 +1,48 @@
1
+ import qr from "qrcode";
2
+ import config from "../../../../../config.js";
3
+ import pgClients from "../../../../plugins/pg/pgClients.js";
4
+ import { getSecret, generate } from "./providers/totp.js";
5
+ const headers = {
6
+ "Content-Type": "image/png",
7
+ };
8
+ export default async function qrCode(req, reply) {
9
+ const { pg = pgClients.client } = req;
10
+ const { uid } = req.session?.passport?.user || {};
11
+ if (!uid) {
12
+ return reply.status(401).send({ error: "unauthorized", code: 401 });
13
+ }
14
+ if (!pg || !pg?.pk?.["admin.users"] || !pg?.pk?.["admin.users_social_auth"]) {
15
+ return reply.status(400).send({
16
+ error: "db connection / users/users_social_auth tables are required",
17
+ code: 400,
18
+ });
19
+ }
20
+ const userExists = await pg
21
+ .query(`select uid from admin.users where uid=$1`, [uid])
22
+ .then((el) => el.rows?.[0]?.uid);
23
+ if (!userExists && config.pg) {
24
+ return reply.status(404).send({ error: "invalid user", code: 404 });
25
+ }
26
+ const { enabled, secret } = pg
27
+ ? await getSecret({ pg, TYPE: "TOTP", uid })
28
+ : {};
29
+ const otp = secret
30
+ ? await pg
31
+ .query(`select social_auth_url
32
+ from admin.users_social_auth where uid=$1 and social_auth_type=$2`, [uid, "TOTP"])
33
+ ?.then((el) => el.rows?.[0]?.social_auth_url)
34
+ : await generate({ uid, pg });
35
+ const base64 = otp ? await qr.toDataURL(otp) : undefined;
36
+ if (enabled && !config.local && !config.debug) {
37
+ return reply
38
+ .status(400)
39
+ .send({ error: "2factor already enabled", code: 400 });
40
+ }
41
+ if (!otp || !base64) {
42
+ return reply.status(500).send({ error: "generation error", code: 500 });
43
+ }
44
+ // substring to exclude data:image/png;base64,
45
+ return reply
46
+ .headers(headers)
47
+ .send(Buffer.from(base64.substring(22), "base64"));
48
+ }
package/dist/server/routes/auth/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAiC1C,iBAAe,MAAM,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,GAAE,GAAQ,iBA4ExD;AAED,eAAe,MAAM,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAkC1C,iBAAe,MAAM,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,GAAE,GAAQ,iBA8ExD;AAED,eAAe,MAAM,CAAC"}
package/dist/server/routes/auth/index.js CHANGED
@@ -18,6 +18,7 @@ import login2faTemplate from "./controllers/page/login2faTemplate.js";
18
18
  // jwt
19
19
  import oauthAuthorize from "./controllers/jwt/authorize.js";
20
20
  import oauthToken from "./controllers/jwt/token.js";
21
+ import qrCode from "./controllers/2factor/qrcode.js";
21
22
  const params = { config: { policy: "L0" } };
22
23
  async function plugin(app, opt = {}) {
23
24
  if (opt.routes === false || config.auth?.customRoutes) {
@@ -70,6 +71,9 @@ async function plugin(app, opt = {}) {
70
71
  !config.auth?.customGovId) {
71
72
  app.get("/auth/by_data", params, authByData);
72
73
  }
74
+ if (!app.hasRoute({ method: "GET", url: "/2factor/qr" })) {
75
+ app.get("/2factor/qr", params, qrCode);
76
+ }
73
77
  // pages
74
78
  if (!app.hasRoute({ method: "GET", url: "/2factor" }) &&
75
79
  !config.auth?.disable &&
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@opengis/fastify-table",
3
- "version": "2.0.57",
3
+ "version": "2.0.59",
4
4
  "type": "module",
5
5
  "description": "core-plugins",
6
6
  "keywords": [