@raclettejs/core 0.1.28 → 0.1.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/package.json +2 -2
- package/dist/cli.js +0 -1562
- package/dist/cli.js.map +0 -7
- package/dist/index.js +0 -452
- package/dist/index.js.map +0 -7
- package/services/backend/.yarn/install-state.gz +0 -0
- package/services/backend/dist/core/eventBus/index.js +0 -7
- package/services/backend/dist/core/pluginSystem/configGenerator/index.js +0 -346
- package/services/backend/dist/core/sockets/index.js +0 -95
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/account/events/index.js +0 -31
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/account/index.js +0 -48
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/account/routes/index.js +0 -15
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/composition/events/index.js +0 -22
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/composition/index.js +0 -51
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/composition/routes/index.js +0 -19
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/interactionLink/events/index.js +0 -22
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/interactionLink/index.js +0 -48
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/interactionLink/routes/index.js +0 -19
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/project/events/index.js +0 -31
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/project/index.js +0 -49
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/project/routes/index.js +0 -16
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/tag/events/index.js +0 -39
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/tag/index.js +0 -50
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/tag/routes/index.js +0 -19
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/user/events/index.js +0 -31
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/user/index.js +0 -51
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/user/routes/index.js +0 -21
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/workSession/events/index.js +0 -31
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/workSession/index.js +0 -48
- package/services/backend/dist/corePlugins/raclette__core/backend/datatypes/workSession/routes/index.js +0 -15
- package/services/backend/dist/corePlugins/raclette__core/backend/index.js +0 -34
- package/services/backend/dist/domains/index.js +0 -11
- package/services/backend/dist/domains/system/index.js +0 -11
- package/services/backend/dist/domains/system/routes/index.js +0 -17
- package/services/backend/dist/helpers/index.js +0 -14
- package/services/backend/dist/index.js +0 -3
- package/services/backend/dist/modules/authentication/index.js +0 -253
- package/services/backend/dist/shared/types/core/index.js +0 -8
- package/services/backend/dist/shared/types/dataTypes/index.js +0 -6
- package/services/backend/dist/shared/types/index.js +0 -8
- package/services/backend/dist/shared/types/plugins/index.js +0 -8
- package/services/backend/dist/types/index.js +0 -12
- package/services/backend/dist/utils/index.js +0 -2
- package/services/frontend/.yarn/install-state.gz +0 -0
|
@@ -1,253 +0,0 @@
|
|
|
1
|
-
import jwt from "@fastify/jwt";
|
|
2
|
-
import fastifyPlugin from "fastify-plugin";
|
|
3
|
-
import configService from "@c/config/configService";
|
|
4
|
-
import { ForbiddenError } from "@/utils/errors";
|
|
5
|
-
const WORK_SESSION_COLLECTION = "raclette__core-worksession";
|
|
6
|
-
const WORK_SESSION_HEADER = "x-work-session-id";
|
|
7
|
-
/**
|
|
8
|
-
* Middleware: allow either authenticated user (JWT) or valid work session (X-Work-Session-Id).
|
|
9
|
-
* When using this, the route states that it handles permission checks itself (e.g. compare req.workSession with query).
|
|
10
|
-
* - If JWT present and valid: sets req.user (normal auth).
|
|
11
|
-
* - If no/invalid JWT but X-Work-Session-Id present: loads work session, validates (active, not expired),
|
|
12
|
-
* optionally checks that workSession.pluginData includes the given pluginKey, then sets req.workSession and req.isWorkSession.
|
|
13
|
-
*/
|
|
14
|
-
export const authenticatedOrWorksession = async (req, res, fastify, pluginKey) => {
|
|
15
|
-
fastify.log.debug(`[Auth] authenticatedOrWorksession: ${pluginKey} ${req.method} ${req.url}`);
|
|
16
|
-
const { requireAuthentication } = configService.getConfig()?.global ?? {
|
|
17
|
-
requireAuthentication: true,
|
|
18
|
-
};
|
|
19
|
-
const isAdminTagRequired = configService.isAdminTagRequired();
|
|
20
|
-
if (!requireAuthentication) {
|
|
21
|
-
const mockUser = { _id: "SYSTEM" };
|
|
22
|
-
req.user = mockUser;
|
|
23
|
-
return;
|
|
24
|
-
}
|
|
25
|
-
// 1) Try JWT first
|
|
26
|
-
try {
|
|
27
|
-
await req.jwtVerify();
|
|
28
|
-
const payload = req.user;
|
|
29
|
-
fastify.log.debug(`[Auth] JWT verified, payload type: ${payload.type || "user"}, sessionId: ${payload.sessionId || "none"}, _id: ${payload._id || "none"}`);
|
|
30
|
-
if (payload.type === "workSession" && payload.sessionId) {
|
|
31
|
-
fastify.log.info(`[Auth] Work session JWT detected, sessionId: ${payload.sessionId}, pluginKey: ${pluginKey}`);
|
|
32
|
-
// Work session JWT: load session and validate
|
|
33
|
-
const workSession = await loadAndValidateWorkSession(fastify, payload.sessionId, pluginKey);
|
|
34
|
-
if (!workSession) {
|
|
35
|
-
fastify.log.warn(`[Auth] Work session validation failed for sessionId: ${payload.sessionId}`);
|
|
36
|
-
return res
|
|
37
|
-
.status(401)
|
|
38
|
-
.send({ message: "Invalid or expired work session" });
|
|
39
|
-
}
|
|
40
|
-
fastify.log.info(`[Auth] Work session authenticated: sessionId=${payload.sessionId}, pluginKey=${pluginKey}`);
|
|
41
|
-
req.workSession = workSession;
|
|
42
|
-
req.isWorkSession = true;
|
|
43
|
-
// Set projectId from workSession.project if available
|
|
44
|
-
if (workSession.project) {
|
|
45
|
-
req.projectId = workSession.project;
|
|
46
|
-
fastify.log.debug(`[Auth] Work session projectId: ${req.projectId}`);
|
|
47
|
-
}
|
|
48
|
-
return;
|
|
49
|
-
}
|
|
50
|
-
// Normal user JWT: fetch user and set req.user
|
|
51
|
-
fastify.log.debug(`[Auth] Normal user JWT, fetching user: ${req.user?._id}`);
|
|
52
|
-
const { _id } = req.user;
|
|
53
|
-
const adminTag = await fastify.database
|
|
54
|
-
.collection("raclette__core-tag")
|
|
55
|
-
.findOne({ title: "ADMIN", locked: true, type: "system" });
|
|
56
|
-
let isAdmin = false;
|
|
57
|
-
const user = await fastify.database
|
|
58
|
-
.collection("raclette__core-user")
|
|
59
|
-
.findOne({ _id }, { projection: { password: 0, resetKey: 0 } });
|
|
60
|
-
if (user && user.tags && adminTag) {
|
|
61
|
-
user.tags.forEach((tag) => {
|
|
62
|
-
if (adminTag._id === tag)
|
|
63
|
-
isAdmin = true;
|
|
64
|
-
});
|
|
65
|
-
}
|
|
66
|
-
if (isAdminTagRequired && !isAdmin) {
|
|
67
|
-
fastify.log.error("User not allowed in workbench");
|
|
68
|
-
return res.status(403).send({ message: "User not allowed in workbench" });
|
|
69
|
-
}
|
|
70
|
-
if (isAdmin)
|
|
71
|
-
user.isAdmin = true;
|
|
72
|
-
if (!user) {
|
|
73
|
-
fastify.log.error("User not found");
|
|
74
|
-
return res.status(401).send({ message: "User not found" });
|
|
75
|
-
}
|
|
76
|
-
const account = await fastify.database
|
|
77
|
-
.collection("raclette__core-account")
|
|
78
|
-
.findOne({ _id: user.account });
|
|
79
|
-
user.account = account;
|
|
80
|
-
req.user = user;
|
|
81
|
-
// Set projectId from user's lastProjectId (for requestData.project in payload wrappers)
|
|
82
|
-
if (user.ux?.lastProjectId) {
|
|
83
|
-
req.projectId = user.ux.lastProjectId;
|
|
84
|
-
fastify.log.debug(`[Auth] User projectId: ${req.projectId}`);
|
|
85
|
-
}
|
|
86
|
-
return;
|
|
87
|
-
}
|
|
88
|
-
catch (error) {
|
|
89
|
-
// JWT missing or invalid: try work session via header
|
|
90
|
-
fastify.log.debug(`[Auth] JWT verification failed: ${error.message}, trying work session header`);
|
|
91
|
-
}
|
|
92
|
-
// 2) Try X-Work-Session-Id header
|
|
93
|
-
const sessionId = req.headers[WORK_SESSION_HEADER];
|
|
94
|
-
if (sessionId) {
|
|
95
|
-
const workSession = await loadAndValidateWorkSession(fastify, sessionId, pluginKey);
|
|
96
|
-
if (workSession) {
|
|
97
|
-
req.workSession = workSession;
|
|
98
|
-
req.isWorkSession = true;
|
|
99
|
-
// Set projectId from workSession.project if available
|
|
100
|
-
// workaround for how projects/spaces are currently handled - tbd
|
|
101
|
-
if (workSession.project) {
|
|
102
|
-
req.projectId = workSession.project;
|
|
103
|
-
}
|
|
104
|
-
return;
|
|
105
|
-
}
|
|
106
|
-
else {
|
|
107
|
-
fastify.log.warn(`[Auth] Work session validation failed for header sessionId: ${sessionId}`);
|
|
108
|
-
}
|
|
109
|
-
}
|
|
110
|
-
return res.status(401).send({ message: "Authentication required" });
|
|
111
|
-
};
|
|
112
|
-
async function loadAndValidateWorkSession(fastify, sessionId, pluginKey) {
|
|
113
|
-
fastify.log.debug(`[WorkSession Auth] Loading and validating work session: sessionId=${sessionId}, pluginKey=${pluginKey}`);
|
|
114
|
-
if (!sessionId || typeof sessionId !== "string") {
|
|
115
|
-
fastify.log.warn(`[WorkSession Auth] Invalid sessionId: ${sessionId}`);
|
|
116
|
-
return null;
|
|
117
|
-
}
|
|
118
|
-
fastify.log.debug(`[WorkSession Auth] Querying database for work session`);
|
|
119
|
-
const doc = await fastify.database
|
|
120
|
-
.collection(WORK_SESSION_COLLECTION)
|
|
121
|
-
.findOne({ _id: sessionId });
|
|
122
|
-
if (!doc) {
|
|
123
|
-
fastify.log.warn(`[WorkSession Auth] Work session not found: ${sessionId}`);
|
|
124
|
-
return null;
|
|
125
|
-
}
|
|
126
|
-
if (!doc.isActive) {
|
|
127
|
-
fastify.log.warn(`[WorkSession Auth] Work session is not active: ${sessionId}`);
|
|
128
|
-
return null;
|
|
129
|
-
}
|
|
130
|
-
const expiry = doc.expiryDate ? new Date(doc.expiryDate) : null;
|
|
131
|
-
if (expiry && expiry.getTime() < Date.now()) {
|
|
132
|
-
fastify.log.warn(`[WorkSession Auth] Work session expired: ${sessionId}, expiryDate: ${expiry.toISOString()}`);
|
|
133
|
-
return null;
|
|
134
|
-
}
|
|
135
|
-
// Check that this plugin is part of the work session (pluginData keys are "pluginKey:widgetName")
|
|
136
|
-
const pluginData = doc.pluginData || {};
|
|
137
|
-
const pluginKeys = Object.keys(pluginData);
|
|
138
|
-
const hasPlugin = pluginKeys.some((k) => k.startsWith(pluginKey + ":")) ||
|
|
139
|
-
Object.prototype.hasOwnProperty.call(pluginData, pluginKey);
|
|
140
|
-
if (!hasPlugin) {
|
|
141
|
-
fastify.log.warn(`[WorkSession Auth] Plugin ${pluginKey} not found in work session pluginData: ${pluginKeys.join(", ")}`);
|
|
142
|
-
return null;
|
|
143
|
-
}
|
|
144
|
-
fastify.log.info(`[WorkSession Auth] Work session validated successfully: sessionId=${sessionId}, pluginKey=${pluginKey}`);
|
|
145
|
-
return doc;
|
|
146
|
-
}
|
|
147
|
-
export const authenticate = async (req, res, fastify) => {
|
|
148
|
-
{
|
|
149
|
-
const { requireAuthentication } = configService.getConfig()?.global ?? {
|
|
150
|
-
requireAuthentication: true,
|
|
151
|
-
};
|
|
152
|
-
const isAdminTagRequired = configService.isAdminTagRequired();
|
|
153
|
-
// Skip JWT verification and database queries, if global.requireAuthentication is configured to false
|
|
154
|
-
if (!requireAuthentication) {
|
|
155
|
-
const mockUser = {
|
|
156
|
-
_id: "SYSTEM",
|
|
157
|
-
};
|
|
158
|
-
req.user = mockUser;
|
|
159
|
-
return;
|
|
160
|
-
}
|
|
161
|
-
try {
|
|
162
|
-
await req.jwtVerify();
|
|
163
|
-
const payload = req.user;
|
|
164
|
-
if (payload.type === "workSession") {
|
|
165
|
-
return res
|
|
166
|
-
.status(401)
|
|
167
|
-
.send({ message: "Work session token not allowed on this route" });
|
|
168
|
-
}
|
|
169
|
-
// fetch current user data from the db
|
|
170
|
-
const { _id } = req.user;
|
|
171
|
-
const adminTag = await fastify.database
|
|
172
|
-
.collection("raclette__core-tag")
|
|
173
|
-
.findOne({ title: "ADMIN", locked: true, type: "system" });
|
|
174
|
-
// IMPORTANT
|
|
175
|
-
// due to some very weird behaviour, mongoose always returns empty results
|
|
176
|
-
// so we are using mongodb directly until we fix this
|
|
177
|
-
let isAdmin = false;
|
|
178
|
-
const user = await fastify.database
|
|
179
|
-
.collection("raclette__core-user")
|
|
180
|
-
.findOne({ _id }, { projection: { password: 0, resetKey: 0 } });
|
|
181
|
-
if (user && user.tags && adminTag) {
|
|
182
|
-
user.tags.forEach((tag) => {
|
|
183
|
-
if (adminTag._id === tag) {
|
|
184
|
-
isAdmin = true;
|
|
185
|
-
}
|
|
186
|
-
});
|
|
187
|
-
}
|
|
188
|
-
if (isAdminTagRequired && !isAdmin) {
|
|
189
|
-
fastify.log.error("User not allowed in workbench");
|
|
190
|
-
throw new Error("User not allowed in workbench");
|
|
191
|
-
}
|
|
192
|
-
if (isAdmin) {
|
|
193
|
-
user.isAdmin = true;
|
|
194
|
-
}
|
|
195
|
-
if (!user) {
|
|
196
|
-
fastify.log.error("User not found");
|
|
197
|
-
throw new Error("User not found");
|
|
198
|
-
}
|
|
199
|
-
const account = await fastify.database
|
|
200
|
-
.collection("raclette__core-account")
|
|
201
|
-
.findOne({ _id: user.account });
|
|
202
|
-
user.account = account;
|
|
203
|
-
req.user = user;
|
|
204
|
-
}
|
|
205
|
-
catch (error) {
|
|
206
|
-
return res.send(error);
|
|
207
|
-
}
|
|
208
|
-
}
|
|
209
|
-
};
|
|
210
|
-
export const checkPermissions = async (req, res, fastify, permissions) => {
|
|
211
|
-
{
|
|
212
|
-
try {
|
|
213
|
-
if (!permissions.length) {
|
|
214
|
-
fastify.log.error("No permissions given for permission check");
|
|
215
|
-
throw new Error("No Permissions");
|
|
216
|
-
}
|
|
217
|
-
// TODO implement proper Permission lookup here
|
|
218
|
-
permissions.forEach((permissionStr) => {
|
|
219
|
-
if (permissionStr === "user.isAdmin") {
|
|
220
|
-
if (!req.user.isAdmin) {
|
|
221
|
-
throw new ForbiddenError("User not permitted to action");
|
|
222
|
-
}
|
|
223
|
-
}
|
|
224
|
-
});
|
|
225
|
-
}
|
|
226
|
-
catch (error) {
|
|
227
|
-
fastify.log.error(error.message);
|
|
228
|
-
return res.send(error.message);
|
|
229
|
-
}
|
|
230
|
-
}
|
|
231
|
-
};
|
|
232
|
-
export default fastifyPlugin(async (fastify, opts = {}) => {
|
|
233
|
-
// provide some sensible options
|
|
234
|
-
const defaults = {
|
|
235
|
-
secret: false,
|
|
236
|
-
decode: { complete: true },
|
|
237
|
-
sign: {
|
|
238
|
-
iss: "api.raclettejs.info",
|
|
239
|
-
expiresIn: "30d",
|
|
240
|
-
},
|
|
241
|
-
verify: { allowedIss: "api.raclettejs.info" },
|
|
242
|
-
};
|
|
243
|
-
// merge proved opts with defaults
|
|
244
|
-
const mergedOptions = { ...defaults, ...opts };
|
|
245
|
-
/* register the plugin */
|
|
246
|
-
fastify.register(jwt, mergedOptions);
|
|
247
|
-
// decorate the fastify instance, so we can call it anywhere
|
|
248
|
-
fastify.decorate("authenticate", (req, res) => {
|
|
249
|
-
return authenticate(req, res, fastify);
|
|
250
|
-
});
|
|
251
|
-
fastify.decorate("authenticatedOrWorksession", (pluginKey) => (req, res) => authenticatedOrWorksession(req, res, fastify, pluginKey));
|
|
252
|
-
fastify.decorate("checkPermissions", (permissionsArr) => (req, res) => checkPermissions(req, res, fastify, permissionsArr));
|
|
253
|
-
});
|
|
@@ -1,6 +0,0 @@
|
|
|
1
|
-
export * from "./tags";
|
|
2
|
-
// TODO make the mongoDataTypes dynamic
|
|
3
|
-
export const systemDataTypes = ["account", "projectConfig", "userConfig"];
|
|
4
|
-
export const userContents = ["tag", "user", "project"];
|
|
5
|
-
export const mongoDataTypes = systemDataTypes.concat(userContents);
|
|
6
|
-
export const syncableDatatypes = ["tag", "user", "searchResult"];
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
export * from "../core/backgroundTasks/taskManagerTypes";
|
|
2
|
-
export * from "../core/config/configTypes";
|
|
3
|
-
export * from "../core/crud/crudTypes";
|
|
4
|
-
export * from "../core/http/httpTypes";
|
|
5
|
-
export * from "../core/http/httpTypes";
|
|
6
|
-
export * from "../core/payload/payloadTypes";
|
|
7
|
-
export * from "../core/pluginSystem/pluginTypes";
|
|
8
|
-
export * from "../core/sockets/socketTypes";
|
|
9
|
-
export * from "../core/validation/schemaTypes";
|
|
10
|
-
export * from "../modules/cache/cacheTypes";
|
|
11
|
-
export * from "../core/validation/schemaTypes";
|
|
12
|
-
export * from "../core/pluginSystem/configGenerator/generatorTypes";
|
|
Binary file
|