@plusscommunities/pluss-core-aws 1.6.11 → 1.6.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/helper/auth/getSessionUserFromReqAuthKey.js +11 -0
- package/helper/auth/validateApiKey.js +43 -0
- package/helper/auth/validateMasterAuth.js +119 -66
- package/helper/auth/validateSiteAccess.js +4 -0
- package/helper/auth/validateUserLoggedIn.js +3 -3
- package/helper/sendEmail.js +2 -2
- package/package.json +1 -1
|
@@ -1,5 +1,16 @@
|
|
|
1
|
+
const getRef = require("../../db/common/getRef");
|
|
1
2
|
const getSessionUser = require("./getSessionUser");
|
|
2
3
|
|
|
3
4
|
module.exports = async (event) => {
|
|
5
|
+
if (!event.headers) {
|
|
6
|
+
return null;
|
|
7
|
+
}
|
|
8
|
+
if (event.headers.apikey) {
|
|
9
|
+
const key = await getRef("accesskeys", "Key", event.headers.apikey);
|
|
10
|
+
return key.UserId;
|
|
11
|
+
}
|
|
12
|
+
if (!event.headers.authkey) {
|
|
13
|
+
return null;
|
|
14
|
+
}
|
|
4
15
|
return getSessionUser(event.headers.authkey);
|
|
5
16
|
};
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
const _ = require("lodash");
|
|
2
|
+
const { log, generateLogId } = require("../");
|
|
3
|
+
const getRef = require("../../db/common/getRef");
|
|
4
|
+
|
|
5
|
+
module.exports = async (req, actionType, site) => {
|
|
6
|
+
const logId = generateLogId();
|
|
7
|
+
try {
|
|
8
|
+
log("ApiKey", "Input", req.headers.apikey, logId);
|
|
9
|
+
const key = await getRef("accesskeys", "Key", req.headers.apikey);
|
|
10
|
+
log("ApiKey", "Key", key, logId);
|
|
11
|
+
|
|
12
|
+
if (key.UserId) {
|
|
13
|
+
const validateMasterAuth = require("./validateMasterAuth");
|
|
14
|
+
return await validateMasterAuth(undefined, actionType, site, undefined, {
|
|
15
|
+
userId: key.UserId,
|
|
16
|
+
});
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
const validSite = key.Site === site;
|
|
20
|
+
const isHQKey = key.Site === "hq";
|
|
21
|
+
log("ApiKey", "validSite", validSite, logId);
|
|
22
|
+
log("ApiKey", "isHQKey", isHQKey, logId);
|
|
23
|
+
|
|
24
|
+
if (!validSite && !isHQKey) {
|
|
25
|
+
log("ApiKey", "Result", false, logId);
|
|
26
|
+
return false;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
const isAny = actionType === "any";
|
|
30
|
+
const isMaster = _.includes(key.Permissions, "master");
|
|
31
|
+
const hasPermission = _.includes(key.Permissions, actionType);
|
|
32
|
+
const result = isAny || isMaster || hasPermission;
|
|
33
|
+
|
|
34
|
+
log("ApiKey", "isAny", isAny, logId);
|
|
35
|
+
log("ApiKey", "isMaster", isMaster, logId);
|
|
36
|
+
log("ApiKey", "hasPermission", hasPermission, logId);
|
|
37
|
+
log("ApiKey", "Result", result, logId);
|
|
38
|
+
return result;
|
|
39
|
+
} catch (e) {
|
|
40
|
+
log("ApiKey", "Error", e, logId);
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
};
|
|
@@ -6,7 +6,8 @@ const {
|
|
|
6
6
|
} = require("./validKioskActions");
|
|
7
7
|
const getUserAuth = require("../../db/auth/getUserAuth");
|
|
8
8
|
const getSiteUserTypes = require("../../db/auth/getSiteUserTypes");
|
|
9
|
-
const { log,
|
|
9
|
+
const { log, generateLogId } = require("../");
|
|
10
|
+
const validateApiKey = require("./validateApiKey");
|
|
10
11
|
|
|
11
12
|
const checkSite = (roles, site, actionType) => {
|
|
12
13
|
return new Promise((resolve) => {
|
|
@@ -67,84 +68,136 @@ const checkSite = (roles, site, actionType) => {
|
|
|
67
68
|
});
|
|
68
69
|
};
|
|
69
70
|
|
|
70
|
-
|
|
71
|
+
const checkApiKey = async (
|
|
72
|
+
req,
|
|
73
|
+
actionType,
|
|
74
|
+
site,
|
|
75
|
+
plussStaffOnly,
|
|
76
|
+
options,
|
|
77
|
+
logId
|
|
78
|
+
) => {
|
|
71
79
|
return new Promise((resolve) => {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
if (actionType == null || _.isUndefined(actionType)) {
|
|
75
|
-
log("validateMasterAuth", "Error:noActionType");
|
|
76
|
-
return resolve(false);
|
|
80
|
+
if (plussStaffOnly) {
|
|
81
|
+
return resolve(validateApiKey(req, actionType, "plussSpace"));
|
|
77
82
|
}
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
83
|
+
const promises = [];
|
|
84
|
+
site.forEach((s) => {
|
|
85
|
+
promises.push(validateApiKey(req, actionType, s));
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
Promise.all(promises).then((results) => {
|
|
89
|
+
log("validateMasterAuth", "ValidationResults", results, logId);
|
|
90
|
+
if (options && options.resolveAllSites) {
|
|
91
|
+
log("validateMasterAuth", "resolveAllSites", true, logId);
|
|
92
|
+
// check all sites individually
|
|
93
|
+
const authResult = site.map((s, i) => {
|
|
94
|
+
return { site: s, valid: results[i] };
|
|
95
|
+
});
|
|
96
|
+
log("validateMasterAuth", "AuthorisedAllSites", authResult, logId);
|
|
97
|
+
return resolve(authResult);
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
// check if any site is valid
|
|
101
|
+
const authorised = _.includes(results, true);
|
|
102
|
+
log("validateMasterAuth", "Authorised", authorised, logId);
|
|
103
|
+
return resolve(authorised);
|
|
104
|
+
});
|
|
105
|
+
});
|
|
106
|
+
};
|
|
107
|
+
|
|
108
|
+
module.exports = async (req, actionType, site, plussStaffOnly, options) => {
|
|
109
|
+
return new Promise(async (resolve) => {
|
|
110
|
+
const logId = generateLogId();
|
|
111
|
+
let uid = null;
|
|
112
|
+
let data = {};
|
|
113
|
+
if (!req) {
|
|
114
|
+
uid = options.userId; // allow for not using the request header
|
|
115
|
+
} else {
|
|
116
|
+
const data = JSON.parse(req.body);
|
|
117
|
+
if (!site) {
|
|
118
|
+
if (!data.site) {
|
|
119
|
+
log("validateMasterAuth", "Error:noSite", data, logId);
|
|
120
|
+
return resolve(false);
|
|
121
|
+
}
|
|
122
|
+
site = data.site;
|
|
123
|
+
}
|
|
124
|
+
if (req.headers.apikey) {
|
|
125
|
+
log("validateMasterAuth", "checkApiKey", req.headers.apikey, logId);
|
|
126
|
+
return resolve(
|
|
127
|
+
checkApiKey(
|
|
128
|
+
req,
|
|
129
|
+
actionType,
|
|
130
|
+
Array.isArray(site) ? site : [site],
|
|
131
|
+
plussStaffOnly,
|
|
132
|
+
options,
|
|
133
|
+
logId
|
|
134
|
+
)
|
|
135
|
+
);
|
|
136
|
+
}
|
|
137
|
+
if (!req.headers.authkey) {
|
|
138
|
+
log("validateMasterAuth", "Error:noAuthKey", req.headers, logId);
|
|
81
139
|
return resolve(false);
|
|
82
140
|
}
|
|
83
|
-
|
|
141
|
+
|
|
142
|
+
uid = await getSessionUser(req.headers.authkey);
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
if (actionType == null || _.isUndefined(actionType)) {
|
|
146
|
+
log("validateMasterAuth", "Error:noActionType", null, logId);
|
|
147
|
+
return resolve(false);
|
|
84
148
|
}
|
|
85
149
|
if (!Array.isArray(site)) {
|
|
86
150
|
// support array of sites
|
|
87
151
|
site = [site];
|
|
88
152
|
}
|
|
89
|
-
if (!req.headers.authkey) {
|
|
90
|
-
log("validateMasterAuth", "Error:noAuthKey", req.headers);
|
|
91
|
-
return resolve(false);
|
|
92
|
-
}
|
|
93
153
|
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
_.some(roles, (r) => {
|
|
102
|
-
return r.type === "master";
|
|
103
|
-
})
|
|
104
|
-
) {
|
|
105
|
-
if (
|
|
106
|
-
plussStaffOnly &&
|
|
107
|
-
!_.some(roles, (r) => {
|
|
108
|
-
return r.site === "plussSpace" && r.type === "master";
|
|
109
|
-
})
|
|
110
|
-
) {
|
|
111
|
-
return resolve(false);
|
|
112
|
-
}
|
|
113
|
-
if (options && options.resolveAllSites) {
|
|
114
|
-
return resolve(
|
|
115
|
-
site.map((s, i) => {
|
|
116
|
-
return { site: s, valid: true };
|
|
117
|
-
})
|
|
118
|
-
);
|
|
119
|
-
}
|
|
120
|
-
return resolve(true);
|
|
121
|
-
}
|
|
122
|
-
|
|
123
|
-
// allow for multiple sites to be checked
|
|
124
|
-
const promises = [];
|
|
125
|
-
site.forEach((s) => {
|
|
126
|
-
promises.push(checkSite(roles, s, actionType));
|
|
127
|
-
});
|
|
128
|
-
Promise.all(promises).then((results) => {
|
|
129
|
-
const authorised = _.includes(results, true);
|
|
130
|
-
if (options && options.resolveAllSites) {
|
|
131
|
-
return resolve(
|
|
132
|
-
site.map((s, i) => {
|
|
133
|
-
return { site: s, valid: results[i] };
|
|
134
|
-
})
|
|
135
|
-
);
|
|
136
|
-
}
|
|
137
|
-
log("validateMasterAuth", "Authorised", authorised);
|
|
138
|
-
return resolve(authorised);
|
|
139
|
-
});
|
|
154
|
+
log("validateMasterAuth", "SessionUser", uid);
|
|
155
|
+
getUserAuth(uid)
|
|
156
|
+
.then((roles) => {
|
|
157
|
+
// If user a master level admin
|
|
158
|
+
if (
|
|
159
|
+
_.some(roles, (r) => {
|
|
160
|
+
return r.type === "master";
|
|
140
161
|
})
|
|
141
|
-
|
|
142
|
-
|
|
162
|
+
) {
|
|
163
|
+
if (
|
|
164
|
+
plussStaffOnly &&
|
|
165
|
+
!_.some(roles, (r) => {
|
|
166
|
+
return r.site === "plussSpace" && r.type === "master";
|
|
167
|
+
})
|
|
168
|
+
) {
|
|
143
169
|
return resolve(false);
|
|
144
|
-
}
|
|
170
|
+
}
|
|
171
|
+
if (options && options.resolveAllSites) {
|
|
172
|
+
return resolve(
|
|
173
|
+
site.map((s, i) => {
|
|
174
|
+
return { site: s, valid: true };
|
|
175
|
+
})
|
|
176
|
+
);
|
|
177
|
+
}
|
|
178
|
+
return resolve(true);
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
// allow for multiple sites to be checked
|
|
182
|
+
const promises = [];
|
|
183
|
+
site.forEach((s) => {
|
|
184
|
+
promises.push(checkSite(roles, s, actionType));
|
|
185
|
+
});
|
|
186
|
+
Promise.all(promises).then((results) => {
|
|
187
|
+
const authorised = _.includes(results, true);
|
|
188
|
+
if (options && options.resolveAllSites) {
|
|
189
|
+
return resolve(
|
|
190
|
+
site.map((s, i) => {
|
|
191
|
+
return { site: s, valid: results[i] };
|
|
192
|
+
})
|
|
193
|
+
);
|
|
194
|
+
}
|
|
195
|
+
log("validateMasterAuth", "Authorised", authorised);
|
|
196
|
+
return resolve(authorised);
|
|
197
|
+
});
|
|
145
198
|
})
|
|
146
|
-
.catch((
|
|
147
|
-
log("validateMasterAuth", "Error:
|
|
199
|
+
.catch((error2) => {
|
|
200
|
+
log("validateMasterAuth", "Error:getUserAuth", error2);
|
|
148
201
|
return resolve(false);
|
|
149
202
|
});
|
|
150
203
|
});
|
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
const validateMasterAuth = require("./validateMasterAuth");
|
|
2
|
+
const validateApiKey = require("./validateApiKey");
|
|
2
3
|
|
|
3
4
|
module.exports = async (req, site) => {
|
|
4
5
|
return new Promise(async (resolve) => {
|
|
5
6
|
if (!site) {
|
|
6
7
|
return resolve(false);
|
|
7
8
|
}
|
|
9
|
+
if (req.headers.apikey) {
|
|
10
|
+
return resolve(validateApiKey(req, "any", site));
|
|
11
|
+
}
|
|
8
12
|
if (!req.headers.authkey) {
|
|
9
13
|
return resolve(false);
|
|
10
14
|
}
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
const
|
|
1
|
+
const getSessionUserFromReqAuthKey = require("./getSessionUserFromReqAuthKey");
|
|
2
2
|
|
|
3
3
|
module.exports = async (req, userId) => {
|
|
4
4
|
return new Promise((resolve) => {
|
|
5
|
-
if (!req.headers.authkey) {
|
|
5
|
+
if (!req.headers.authkey && !req.headers.apikey) {
|
|
6
6
|
resolve(false);
|
|
7
7
|
return;
|
|
8
8
|
}
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
getSessionUserFromReqAuthKey(req)
|
|
11
11
|
.then((uid) => {
|
|
12
12
|
if (userId && uid !== userId) {
|
|
13
13
|
resolve(false);
|
package/helper/sendEmail.js
CHANGED
|
@@ -49,7 +49,7 @@ module.exports = async (
|
|
|
49
49
|
<div style='margin-top: 32px; border-top: 2px solid #e0e0e0;'></div>
|
|
50
50
|
<div style='padding-top: 24px; display: block;'>
|
|
51
51
|
<div style='clear: both; height: 30px;'>
|
|
52
|
-
<img height="
|
|
52
|
+
<img height="30" width="auto" src="${communityConfig.emailBrandingAbovePoweredBy.image}" style="float: left; height: 30px; width: auto; background-repeat: no-repeat; background-size: contain;"></img>
|
|
53
53
|
</div>
|
|
54
54
|
</div>
|
|
55
55
|
`
|
|
@@ -60,7 +60,7 @@ module.exports = async (
|
|
|
60
60
|
<div style='vertical-align: top; height: 20px; margin-right: 10px; color: #828282; display: inline-block;'>
|
|
61
61
|
<span style=' font-size: 13px; line-height: 20px;'>powered by</span>
|
|
62
62
|
</div>
|
|
63
|
-
<img height="
|
|
63
|
+
<img height="20" width="142" src="https://pluss-prd-uploads.s3.ap-southeast-2.amazonaws.com/uploads/users/ap-southeast-2:80aecdcb-9955-493e-a341-2f2263f64777/public/9c785b064c6abbec00bd4ef12b/logoplusscommunitieslong.png" style="display: inline-block; height: 20px; width: 142px; background-repeat: no-repeat; background-size:contain;"></img>
|
|
64
64
|
</div>
|
|
65
65
|
</div>
|
|
66
66
|
</div>`;
|