@paroicms/server 1.95.0 → 1.95.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin-backend/auth/auth.service.js +7 -0
- package/dist/admin-backend/auth/auth.service.js.map +1 -1
- package/dist/admin-backend/auth/auth.types.d.ts +1 -0
- package/dist/context.js +5 -4
- package/dist/context.js.map +1 -1
- package/dist/protected-site/protected-access-token.d.ts +3 -0
- package/dist/protected-site/protected-access-token.js +28 -10
- package/dist/protected-site/protected-access-token.js.map +1 -1
- package/dist/protected-site/protected-site.req-handler.js +10 -4
- package/dist/protected-site/protected-site.req-handler.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +10 -10
|
@@ -4,6 +4,7 @@ import { AccountPreferencesAT } from "../../common/data-format.js";
|
|
|
4
4
|
import { appConf } from "../../context.js";
|
|
5
5
|
import { comparePassword } from "../../helpers/passwordEncrypt-helper.js";
|
|
6
6
|
import { devAccountId, getDevAccount, getPlatformAdminAccount, isDevAccountId, parsePlatformAdminAccountId, } from "../../helpers/special-account.helpers.js";
|
|
7
|
+
import { generateAdminToken } from "../../protected-site/protected-access-token.js";
|
|
7
8
|
import { findAccountByEmail, findAccountByIdAndEmail } from "../account/account.queries.js";
|
|
8
9
|
import { generateAccessToken, verifyAccessToken, verifyPlatformToken, } from "./auth.helper.js";
|
|
9
10
|
const JwtPayloadAT = type({
|
|
@@ -32,6 +33,7 @@ export async function loginUser(siteContext, user) {
|
|
|
32
33
|
const parsedPreferences = account.preferences
|
|
33
34
|
? AccountPreferencesAT.assert(account.preferences)
|
|
34
35
|
: undefined;
|
|
36
|
+
const adminToken = await generateAdminToken();
|
|
35
37
|
return {
|
|
36
38
|
id: account.id,
|
|
37
39
|
email: account.email,
|
|
@@ -42,6 +44,7 @@ export async function loginUser(siteContext, user) {
|
|
|
42
44
|
id: account.id,
|
|
43
45
|
fqdn: siteContext.fqdn,
|
|
44
46
|
}),
|
|
47
|
+
adminToken,
|
|
45
48
|
};
|
|
46
49
|
}
|
|
47
50
|
export async function getVerifiedAccountFromToken(siteContext, token) {
|
|
@@ -67,12 +70,14 @@ export async function getVerifiedAccountFromToken(siteContext, token) {
|
|
|
67
70
|
const parsedPreferences = account.preferences
|
|
68
71
|
? AccountPreferencesAT.assert(account.preferences)
|
|
69
72
|
: undefined;
|
|
73
|
+
const adminToken = await generateAdminToken();
|
|
70
74
|
return {
|
|
71
75
|
email: account.email,
|
|
72
76
|
id: account.id,
|
|
73
77
|
language: parsedPreferences?.language ?? defaultLanguage,
|
|
74
78
|
name: account.name,
|
|
75
79
|
token,
|
|
80
|
+
adminToken,
|
|
76
81
|
};
|
|
77
82
|
}
|
|
78
83
|
catch {
|
|
@@ -104,6 +109,7 @@ export async function loginByPlatformToken(siteContext, token) {
|
|
|
104
109
|
const parsedPreferences = account.preferences
|
|
105
110
|
? AccountPreferencesAT.assert(JSON.parse(account.preferences))
|
|
106
111
|
: undefined;
|
|
112
|
+
const adminToken = await generateAdminToken();
|
|
107
113
|
return {
|
|
108
114
|
id: account.id,
|
|
109
115
|
email: payload.email,
|
|
@@ -114,6 +120,7 @@ export async function loginByPlatformToken(siteContext, token) {
|
|
|
114
120
|
id: account.id,
|
|
115
121
|
fqdn: siteContext.fqdn,
|
|
116
122
|
}),
|
|
123
|
+
adminToken,
|
|
117
124
|
};
|
|
118
125
|
}
|
|
119
126
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../../src/admin-backend/auth/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAC1E,OAAO,EACL,YAAY,EACZ,aAAa,EACb,uBAAuB,EACvB,cAAc,EACd,2BAA2B,GAC5B,MAAM,0CAA0C,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../../src/admin-backend/auth/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAC1E,OAAO,EACL,YAAY,EACZ,aAAa,EACb,uBAAuB,EACvB,cAAc,EACd,2BAA2B,GAC5B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAEpF,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAC5F,OAAO,EAEL,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAG1B,MAAM,YAAY,GAAG,IAAI,CAAC;IACxB,EAAE,EAAE,QAAQ;IACZ,KAAK,EAAE,QAAQ;IACf,GAAG,EAAE,QAAQ;CACd,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,WAAwB,EACxB,IAAgB;IAEhB,MAAM,eAAe,GAAG,WAAW,CAAC,UAAU,CAAC,eAAe,CAAC;IAE/D,IAAI,OAA+B,CAAC;IACpC,IAAI,OAAO,CAAC,UAAU,EAAE,KAAK,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;QAC7C,OAAO,GAAG,kBAAkB,CAAC;YAC3B,IAAI;YACJ,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,cAAc;YACvB,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW;QAC3C,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC;QAClD,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAE9C,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,IAAI,eAAe;QACxD,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,KAAK,EAAE,mBAAmB,CAAC;YACzB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,IAAI,EAAE,WAAW,CAAC,IAAI;SACvB,CAAC;QACF,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,WAAwB,EACxB,KAAa;IAEb,IAAI,OAAuC,CAAC;IAE5C,IAAI,CAAC;QACH,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,eAAe,GAAG,WAAW,CAAC,UAAU,CAAC,eAAe,CAAC;QAE/D,IAAI,OAAmB,CAAC;QACxB,MAAM,uBAAuB,GAAG,2BAA2B,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,uBAAuB,EAAE,CAAC;YACnC,OAAO,GAAG,uBAAuB,CAAC,uBAAuB,CAAC,CAAC;QAC7D,CAAC;aAAM,CAAC;YACN,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/C,OAAO,GAAG,MAAM,uBAAuB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW;YAC3C,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC;YAClD,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE9C,OAAO;YACL,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,IAAI,eAAe;YACxD,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK;YACL,UAAU;SACX,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,OAAO,EAAE,CAAC;YACZ,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,cAAc;SACxB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAwB,EACxB,KAAa;IAEb,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAEjD,MAAM,eAAe,GAAG,WAAW,CAAC,UAAU,CAAC,eAAe,CAAC;QAE/D,IAAI,OAAmB,CAAC;QACxB,MAAM,mBAAmB,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC,SAAS,CACzE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,CAC7C,CAAC;QACF,IAAI,mBAAmB,KAAK,CAAC,CAAC,EAAE,CAAC;YAC/B,OAAO,GAAG,uBAAuB,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAC1E,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,QAAQ,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,GAAG,YAAY,CAAC;QACzB,CAAC;QAED,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW;YAC3C,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE9C,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,IAAI,eAAe;YACxD,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,mBAAmB,CAAC;gBACzB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,IAAI,EAAE,WAAW,CAAC,IAAI;aACvB,CAAC;YACF,UAAU;SACX,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,WAAwB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAc;IACnF,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IAE1D,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,IAAI,EAAE,YAAY,EAAE,CAAC;QACvB,YAAY,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,EAAE,YAAY,IAAI,YAAY,CAAC;IACnD,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,EAC1B,IAAI,EACJ,UAAU,GAIX;IACC,IAAI,IAAI,CAAC,KAAK,KAAK,UAAU,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;QAAE,OAAO;IACrF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,GAAG,UAAU,CAAC;IAC3C,OAAO;QACL,GAAG,MAAM;QACT,EAAE,EAAE,YAAY;KACjB,CAAC;AACJ,CAAC"}
|
package/dist/context.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { join } from "node:path";
|
|
3
|
-
import { readAppConfSync, supportedLanguages } from "@paroicms/connector";
|
|
1
|
+
import { readAppConfSync } from "@paroicms/connector";
|
|
4
2
|
import { createPlatformLog, makeUrl, readOrCreateJwtSecretSync, } from "@paroicms/internal-server-lib";
|
|
3
|
+
import { coreLanguages } from "@paroicms/public-anywhere-lib";
|
|
5
4
|
import { loadSimpleTranslatorFromDirectory, resolveModuleDirectory, } from "@paroicms/public-server-lib";
|
|
5
|
+
import { existsSync, readFileSync, renameSync, unlinkSync } from "node:fs";
|
|
6
|
+
import { join } from "node:path";
|
|
6
7
|
export const dbAnyLanguage = ".";
|
|
7
8
|
export const adminUiOwnerHandle = "adminUi";
|
|
8
9
|
export const packageDir = resolveModuleDirectory(import.meta.url, { parent: true });
|
|
@@ -55,7 +56,7 @@ export async function initializeContext(registeredSitesVal) {
|
|
|
55
56
|
registeredSites = registeredSitesVal;
|
|
56
57
|
simpleI18n = await loadSimpleTranslatorFromDirectory({
|
|
57
58
|
l10nDir: join(packageDir, "locales"),
|
|
58
|
-
languages:
|
|
59
|
+
languages: coreLanguages,
|
|
59
60
|
logger: platformLogger,
|
|
60
61
|
});
|
|
61
62
|
for (const regSite of registeredSites.values()) {
|
package/dist/context.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4B,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAChF,OAAO,EACL,iBAAiB,EACjB,OAAO,EACP,yBAAyB,GAC1B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,OAAO,EACL,iCAAiC,EAEjC,sBAAsB,GAEvB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,CAAC;AACjC,MAAM,CAAC,MAAM,kBAAkB,GAAG,SAAS,CAAC;AAE5C,MAAM,CAAC,MAAM,UAAU,GAAG,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AACpF,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAC9D,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CACxD,CAAC;AAEF,MAAM,CAAC,IAAI,UAA8B,CAAC;AAC1C,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,UAAU,GAAG,OAAO,CAAC;AACvB,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;AACzC,MAAM,CAAC,MAAM,cAAc,GAAG,iBAAiB,CAAC;IAC9C,KAAK,EAAE,OAAO,CAAC,QAAQ;IACvB,IAAI,EAAE,OAAO,CAAC,OAAO;IACrB,aAAa,EAAE,IAAI;CACpB,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,eAA4C,CAAC;AAExD,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CACrC,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CACtE,CAAC;AAEF,IAAI,eAAgD,CAAC;AAErD,MAAM,UAAU,mBAAmB,CAAC,GAAwB;IAC1D,eAAe,GAAG,GAAG,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAC1B,OAAO,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;AAEvF,MAAM,CAAC,MAAM,SAAS,GAAG,yBAAyB,CAAC,IAAI,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAC5F,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC;AAGnC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,yBAAyB,CAAC,CAAC;AACjE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACxB,IAAI,OAAO,CAAC,UAAU;QAAE,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC,CAAC;;QACnF,UAAU,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAGD,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC,UAAU;IACjD,CAAC,CAAC,yBAAyB,CAAC,IAAI,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;IACvE,CAAC,CAAC,SAAS,CAAC;AAEd,MAAM,CAAC,MAAM,eAAe,GAC1B,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ;IAChD,CAAC,CAAC,OAAO,CAAC;QACN,QAAQ,EAAE,OAAO,CAAC,cAAc;QAChC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;QAC7B,IAAI,EAAE,OAAO,CAAC,UAAU;QACxB,IAAI,EAAE,OAAO;KACd,CAAC;IACJ,CAAC,CAAC,SAAS,CAAC;AAEhB,MAAM,CAAC,IAAI,UAA4B,CAAC;AAExC,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,kBAA+C;IACrF,eAAe,GAAG,kBAAkB,CAAC;IACrC,UAAU,GAAG,MAAM,iCAAiC,CAAC;QACnD,OAAO,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC;QACpC,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,cAAc;KACvB,CAAC,CAAC;IACH,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QAC/C,IAAI,CAAC,OAAO,CAAC,WAAW;YAAE,SAAS;QACnC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,WAAW;YAAE,SAAS;QAE7E,MAAM,QAAQ,GACZ,MAAM,CAAC,MAAM,KAAK,CAAC;YACjB,CAAC,CAAC,OAAO,OAAO,CAAC,IAAI,EAAE;YACvB,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBACtD,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC3B,CAAC,CAAC,SAAS,CAAC;QAClB,IAAI,CAAC,QAAQ,IAAI,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,SAAS;QAE1D,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE;YAC7B,QAAQ;YACR,EAAE,EAAE,OAAO,CAAC;gBACV,QAAQ,EAAE,OAAO,CAAC,cAAc;gBAChC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,UAAU;aACzB,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAED,IAAI,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC9B,cAAc,CAAC,IAAI,CACjB,+BAA+B,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;aACjE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;aACpD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,MAAM,KAAK,CAAC,EAAE,EAAE,CAAC;aACjD,IAAI,CAAC,QAAQ,CAAC,EAAE,CACpB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAuB;IACvD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,IAAI,mBAAmB,CAAC,CAAC;IACxF,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,GAAG,CAAC,CAAC;AAC/E,CAAC"}
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
export declare const PROTECTED_TOKEN_COOKIE = "paProtectedToken";
|
|
2
|
+
export declare const ADMIN_TOKEN_COOKIE = "paAdminToken";
|
|
2
3
|
export declare const accessTokenTtlInMs: number;
|
|
3
4
|
export declare function generateProtectedToken(password: string): Promise<string>;
|
|
4
5
|
export declare function validateProtectedToken(token: string, password: string): Promise<boolean>;
|
|
6
|
+
export declare function generateAdminToken(): Promise<string>;
|
|
7
|
+
export declare function validateAdminToken(token: string): Promise<boolean>;
|
|
@@ -1,25 +1,43 @@
|
|
|
1
|
-
import { join } from "node:path";
|
|
2
1
|
import { readOrCreateJwtSecret } from "@paroicms/internal-server-lib";
|
|
2
|
+
import { join } from "node:path";
|
|
3
3
|
import { platformDataDir } from "../context.js";
|
|
4
4
|
const { sign, verify } = (await import("jsonwebtoken")).default;
|
|
5
5
|
export const PROTECTED_TOKEN_COOKIE = "paProtectedToken";
|
|
6
|
+
export const ADMIN_TOKEN_COOKIE = "paAdminToken";
|
|
6
7
|
export const accessTokenTtlInMs = 30 * 24 * 60 * 60 * 1000;
|
|
7
|
-
const
|
|
8
|
-
let
|
|
9
|
-
async function
|
|
10
|
-
if (!
|
|
11
|
-
|
|
8
|
+
const protectedAccessExpiresIn = "30d";
|
|
9
|
+
let _protectedAccessJwtSecret;
|
|
10
|
+
async function protectedAccessJwtSecret() {
|
|
11
|
+
if (!_protectedAccessJwtSecret) {
|
|
12
|
+
_protectedAccessJwtSecret = await readOrCreateJwtSecret(join(platformDataDir, "jwt-protected-access-secret.txt"));
|
|
12
13
|
}
|
|
13
|
-
return
|
|
14
|
+
return _protectedAccessJwtSecret;
|
|
14
15
|
}
|
|
15
16
|
export async function generateProtectedToken(password) {
|
|
16
|
-
const
|
|
17
|
+
const jwtSecret = await protectedAccessJwtSecret();
|
|
18
|
+
const secret = `${jwtSecret}-${password}`;
|
|
17
19
|
const payload = { access: "protected", createdAt: Date.now() };
|
|
18
|
-
return sign(payload, secret, { expiresIn:
|
|
20
|
+
return sign(payload, secret, { expiresIn: protectedAccessExpiresIn });
|
|
19
21
|
}
|
|
20
22
|
export async function validateProtectedToken(token, password) {
|
|
21
23
|
try {
|
|
22
|
-
const
|
|
24
|
+
const jwtSecret = await protectedAccessJwtSecret();
|
|
25
|
+
const secret = `${jwtSecret}-${password}`;
|
|
26
|
+
verify(token, secret);
|
|
27
|
+
return true;
|
|
28
|
+
}
|
|
29
|
+
catch {
|
|
30
|
+
return false;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
export async function generateAdminToken() {
|
|
34
|
+
const secret = await protectedAccessJwtSecret();
|
|
35
|
+
const payload = { access: "admin", createdAt: Date.now() };
|
|
36
|
+
return sign(payload, secret, { expiresIn: "7d" });
|
|
37
|
+
}
|
|
38
|
+
export async function validateAdminToken(token) {
|
|
39
|
+
try {
|
|
40
|
+
const secret = await protectedAccessJwtSecret();
|
|
23
41
|
verify(token, secret);
|
|
24
42
|
return true;
|
|
25
43
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protected-access-token.js","sourceRoot":"","sources":["../../src/protected-site/protected-access-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"protected-access-token.js","sourceRoot":"","sources":["../../src/protected-site/protected-access-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC;AAEhE,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CAAC;AACzD,MAAM,CAAC,MAAM,kBAAkB,GAAG,cAAc,CAAC;AACjD,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC3D,MAAM,wBAAwB,GAAG,KAAK,CAAC;AAEvC,IAAI,yBAA6C,CAAC;AAElD,KAAK,UAAU,wBAAwB;IACrC,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,yBAAyB,GAAG,MAAM,qBAAqB,CACrD,IAAI,CAAC,eAAe,EAAE,iCAAiC,CAAC,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,yBAAyB,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,QAAgB;IAC3D,MAAM,SAAS,GAAG,MAAM,wBAAwB,EAAE,CAAC;IACnD,MAAM,MAAM,GAAG,GAAG,SAAS,IAAI,QAAQ,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC/D,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAAa,EAAE,QAAgB;IAC1E,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,GAAG,SAAS,IAAI,QAAQ,EAAE,CAAC;QAC1C,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,MAAM,GAAG,MAAM,wBAAwB,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC3D,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAa;IACpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,wBAAwB,EAAE,CAAC;QAChD,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -1,11 +1,17 @@
|
|
|
1
|
-
import { PROTECTED_TOKEN_COOKIE, validateProtectedToken } from "./protected-access-token.js";
|
|
1
|
+
import { ADMIN_TOKEN_COOKIE, PROTECTED_TOKEN_COOKIE, validateAdminToken, validateProtectedToken, } from "./protected-access-token.js";
|
|
2
2
|
export async function protectedSiteReqHandler(siteContext, httpContext) {
|
|
3
3
|
const { access: { access, password }, } = siteContext;
|
|
4
4
|
if (access === "public")
|
|
5
5
|
return false;
|
|
6
|
-
const
|
|
7
|
-
if (
|
|
8
|
-
if (await
|
|
6
|
+
const adminToken = httpContext.req.cookies?.[ADMIN_TOKEN_COOKIE];
|
|
7
|
+
if (adminToken) {
|
|
8
|
+
if (await validateAdminToken(adminToken))
|
|
9
|
+
return false;
|
|
10
|
+
httpContext.res.clearCookie(ADMIN_TOKEN_COOKIE);
|
|
11
|
+
}
|
|
12
|
+
const protectedToken = httpContext.req.cookies?.[PROTECTED_TOKEN_COOKIE];
|
|
13
|
+
if (protectedToken && password) {
|
|
14
|
+
if (await validateProtectedToken(protectedToken, password))
|
|
9
15
|
return false;
|
|
10
16
|
httpContext.res.clearCookie(PROTECTED_TOKEN_COOKIE);
|
|
11
17
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protected-site.req-handler.js","sourceRoot":"","sources":["../../src/protected-site/protected-site.req-handler.ts"],"names":[],"mappings":"AAEA,OAAO,
|
|
1
|
+
{"version":3,"file":"protected-site.req-handler.js","sourceRoot":"","sources":["../../src/protected-site/protected-site.req-handler.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,6BAA6B,CAAC;AAKrC,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,WAAwB,EACxB,WAA0B;IAE1B,MAAM,EACJ,MAAM,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAC7B,GAAG,WAAW,CAAC;IAEhB,IAAI,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAGtC,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CAAC;IACjE,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,MAAM,kBAAkB,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAClD,CAAC;IAGD,MAAM,cAAc,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,sBAAsB,CAAC,CAAC;IACzE,IAAI,cAAc,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,MAAM,sBAAsB,CAAC,cAAc,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QACzE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IACtD,CAAC;IAGD,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC;AACd,CAAC;AAKD,SAAS,kBAAkB,CAAC,YAAqB;IAC/C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAyEH,YAAY,CAAC,CAAC,CAAC,8BAA8B,YAAY,QAAQ,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAyEpE,CAAC;AACT,CAAC"}
|