@ruiapp/rapid-core 0.4.0 → 0.5.0

package/dist/plugins/license/LicensePlugin.d.ts

@@ -0,0 +1,23 @@
+/**
+ * License plugin
+ */
+import { RpdApplicationConfig } from "../../types";
+import { IRpdServer, RapidPlugin, RpdConfigurationItemOptions, RpdServerPluginConfigurableTargetOptions, RpdServerPluginExtendingAbilities } from "../../core/server";
+import LicenseService from "./LicenseService";
+import { LicensePluginInitOptions } from "./LicensePluginTypes";
+declare class LicensePlugin implements RapidPlugin {
+    #private;
+    constructor(options: LicensePluginInitOptions);
+    get licenseService(): LicenseService;
+    get code(): string;
+    get description(): string;
+    get extendingAbilities(): RpdServerPluginExtendingAbilities[];
+    get configurableTargets(): RpdServerPluginConfigurableTargetOptions[];
+    get configurations(): RpdConfigurationItemOptions[];
+    registerActionHandlers(server: IRpdServer): Promise<any>;
+    configureModels(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any>;
+    configureServices(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any>;
+    configureRoutes(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any>;
+    onApplicationLoaded(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<void>;
+}
+export default LicensePlugin;

package/dist/plugins/license/LicensePluginTypes.d.ts

@@ -0,0 +1,78 @@
+export type LicensePluginInitOptions = {
+    encryptionKey: string;
+};
+export type RpdCert = {
+    /**
+     * 许可证id
+     */
+    id: string;
+    /**
+     * 公钥
+     */
+    pub: string;
+    /**
+     * 加密后的授权信息
+     */
+    lic: string;
+    /**
+     * authtag
+     */
+    tag: string;
+    /**
+     * 证书签名
+     */
+    sig: string;
+};
+export type RpdLicense = {
+    /**
+     * 颁发日期
+     */
+    issueDate: string;
+    /**
+     * 产品信息
+     */
+    product: RpdLicenseProduct;
+    /**
+     * 被授权人，客户信息
+     */
+    grantTo: RpdLicenseOwner;
+    /**
+     * 权限信息
+     */
+    authority: RpdLicenseAuthority;
+};
+export type RpdLicenseProduct = {
+    name: string;
+    version: string;
+};
+export type RpdLicenseOwner = {
+    name: string;
+};
+export type RpdLicenseAuthority = {
+    neverExpire: boolean;
+    expireDate: string;
+    quota?: Record<string, number | string | boolean>;
+    functions?: string[];
+};
+export type RpdLicenseApplication = {
+    /**
+     * 部署识别码
+     */
+    deployId: string;
+    /**
+     * 产品信息
+     */
+    product: RpdLicenseProduct;
+    /**
+     * 申请人，客户信息
+     */
+    applicant: RpdLicenseOwner;
+    /**
+     * 权限信息
+     */
+    authority: RpdLicenseAuthority;
+};
+export type LicenseSettings = {
+    deployId: string;
+    cert: string;
+};

package/dist/plugins/license/LicenseService.d.ts

@@ -0,0 +1,22 @@
+import { IRpdServer } from "../../core/server";
+import { RpdLicense } from "./LicensePluginTypes";
+export interface GetSystemSettingValuesInput {
+    groupCode: string;
+}
+export interface SetSystemSettingValuesInput {
+    groupCode: string;
+    values: Record<string, any>;
+}
+export interface GetUserSettingValuesInput {
+    groupCode: string;
+}
+export default class LicenseService {
+    #private;
+    constructor(server: IRpdServer, encryptionKey: string);
+    loadLicense(): Promise<void>;
+    getLicense(): RpdLicense;
+    isExpired(): boolean;
+    getQuota(name: string): any;
+    isOutOfQuota(name: string, currentAmount: number): boolean;
+    isFunctionAllowed(name: string): boolean;
+}

package/dist/plugins/license/actionHandlers/getLicense.d.ts

@@ -0,0 +1,6 @@
+import { ActionHandlerContext } from "../../../core/actionHandler";
+import { RapidPlugin } from "../../../core/server";
+export interface GetLicenseOptions {
+}
+export declare const code = "getLicense";
+export declare function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: GetLicenseOptions): Promise<void>;

package/dist/plugins/license/actionHandlers/index.d.ts

@@ -0,0 +1,3 @@
+import * as getLicense from "./getLicense";
+declare const _default: (typeof getLicense)[];
+export default _default;

package/dist/plugins/license/helpers/certHelper.d.ts

@@ -0,0 +1,2 @@
+import { RpdCert } from "../LicensePluginTypes";
+export declare function extractCertLicense(encryptionKey: string, deployId: string, cert: RpdCert): any;

package/dist/plugins/license/helpers/cryptoHelper.d.ts

@@ -0,0 +1,8 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import { BinaryToTextEncoding } from "crypto";
+export declare function getEncryptionIV(input: string): string;
+export declare function generatePubKeyFileContent(base64EncodedPubKey: string): string;
+export declare function decryptData(encryptedData: string, encryptedDataEncoding: BufferEncoding, decryptedDataEncoding: BufferEncoding, encryptionKey: string, encryptionIV: string, authTag: string): string;
+export declare function generateDigitalSignature(data: string, dataEncoding: BufferEncoding, privateKey: string): string;
+export declare function validateDigitalSignature(data: string, dataEncoding: BufferEncoding, signature: string, signatureEncoding: BinaryToTextEncoding, publicKey: string): boolean;

package/dist/plugins/license/models/index.d.ts

@@ -0,0 +1,2 @@
+declare const _default: any[];
+export default _default;

package/dist/plugins/license/routes/getLicense.d.ts

@@ -0,0 +1,12 @@
+declare const _default: {
+    namespace: string;
+    name: string;
+    code: string;
+    type: "RESTful";
+    method: "GET";
+    endpoint: string;
+    actions: {
+        code: string;
+    }[];
+};
+export default _default;

package/dist/plugins/license/routes/index.d.ts

@@ -0,0 +1,12 @@
+declare const _default: {
+    namespace: string;
+    name: string;
+    code: string;
+    type: "RESTful";
+    method: "GET";
+    endpoint: string;
+    actions: {
+        code: string;
+    }[];
+}[];
+export default _default;

package/dist/utilities/typeUtility.d.ts

@@ -1,3 +1,4 @@
 export declare function isUndefined(val: any): boolean;
 export declare function isNull(val: any): boolean;
 export declare function isNullOrUndefined(val: any): boolean;
+export declare function isNullOrUndefinedOrEmpty(val: any): boolean;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ruiapp/rapid-core",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/index.ts

@@ -31,6 +31,9 @@ export { default as AuthPlugin } from "./plugins/auth/AuthPlugin";
 
 export { default as FileManagePlugin } from "./plugins/fileManage/FileManagePlugin";
 
+export { default as LicensePlugin } from "./plugins/license/LicensePlugin";
+export * from "./plugins/license/LicensePluginTypes";
+
 export { default as MailPlugin } from "./plugins/mail/MailPlugin";
 export * from "./plugins/mail/MailPluginTypes";
 

package/src/plugins/auth/actionHandlers/createSession.ts

@@ -3,6 +3,8 @@ import { setCookie } from "~/deno-std/http/cookie";
 import { createJwt } from "~/utilities/jwtUtility";
 import { ActionHandlerContext } from "~/core/actionHandler";
 import { RapidPlugin } from "~/core/server";
+import LicenseService from "~/plugins/license/LicenseService";
+import { get } from "lodash";
 
 export interface UserAccessToken {
   sub: "userAccessToken";
@@ -16,6 +18,16 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
   const { response } = routeContext;
   const { account, password } = input;
 
+  const licenseService = server.getService<LicenseService>("licenseService");
+  const license = licenseService.getLicense();
+  if (!license) {
+    throw new Error(`登录失败，无法获取系统授权信息。`);
+  }
+  if (licenseService.isExpired()) {
+    const expireDate = get(license.authority, "expireDate");
+    throw new Error(`登录失败，系统授权已于${expireDate}过期。`);
+  }
+
   const userDataAccessor = server.getDataAccessor({
     singularCode: "oc_user",
   });

package/src/plugins/license/LicensePlugin.ts

@@ -0,0 +1,79 @@
+/**
+ * License plugin
+ */
+
+import { RpdApplicationConfig } from "~/types";
+import {
+  IRpdServer,
+  RapidPlugin,
+  RpdConfigurationItemOptions,
+  RpdServerPluginConfigurableTargetOptions,
+  RpdServerPluginExtendingAbilities,
+} from "~/core/server";
+
+import pluginActionHandlers from "./actionHandlers";
+import pluginModels from "./models";
+import pluginRoutes from "./routes";
+import LicenseService from "./LicenseService";
+import { LicensePluginInitOptions } from "./LicensePluginTypes";
+
+class LicensePlugin implements RapidPlugin {
+  #licenseService!: LicenseService;
+  #encryptionKey: string;
+
+  constructor(options: LicensePluginInitOptions) {
+    if (!options.encryptionKey) {
+      throw new Error(`"encryptionKey" must be provided.`);
+    }
+    this.#encryptionKey = options.encryptionKey;
+  }
+
+  get licenseService() {
+    return this.#licenseService;
+  }
+
+  get code(): string {
+    return "license";
+  }
+
+  get description(): string {
+    return null;
+  }
+
+  get extendingAbilities(): RpdServerPluginExtendingAbilities[] {
+    return [];
+  }
+
+  get configurableTargets(): RpdServerPluginConfigurableTargetOptions[] {
+    return [];
+  }
+
+  get configurations(): RpdConfigurationItemOptions[] {
+    return [];
+  }
+
+  async registerActionHandlers(server: IRpdServer): Promise<any> {
+    for (const actionHandler of pluginActionHandlers) {
+      server.registerActionHandler(this, actionHandler);
+    }
+  }
+
+  async configureModels(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
+    server.appendApplicationConfig({ models: pluginModels });
+  }
+
+  async configureServices(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
+    this.#licenseService = new LicenseService(server, this.#encryptionKey);
+    server.registerService("licenseService", this.#licenseService);
+  }
+
+  async configureRoutes(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
+    server.appendApplicationConfig({ routes: pluginRoutes });
+  }
+
+  async onApplicationLoaded(server: IRpdServer, applicationConfig: RpdApplicationConfig) {
+    await this.#licenseService.loadLicense();
+  }
+}
+
+export default LicensePlugin;

package/src/plugins/license/LicensePluginTypes.ts

@@ -0,0 +1,95 @@
+export type LicensePluginInitOptions = {
+  encryptionKey: string;
+};
+
+export type RpdCert = {
+  /**
+   * 许可证id
+   */
+  id: string;
+
+  /**
+   * 公钥
+   */
+  pub: string;
+
+  /**
+   * 加密后的授权信息
+   */
+  lic: string;
+
+  /**
+   * authtag
+   */
+  tag: string;
+
+  /**
+   * 证书签名
+   */
+  sig: string;
+};
+
+export type RpdLicense = {
+  /**
+   * 颁发日期
+   */
+  issueDate: string;
+
+  /**
+   * 产品信息
+   */
+  product: RpdLicenseProduct;
+
+  /**
+   * 被授权人，客户信息
+   */
+  grantTo: RpdLicenseOwner;
+
+  /**
+   * 权限信息
+   */
+  authority: RpdLicenseAuthority;
+};
+
+export type RpdLicenseProduct = {
+  name: string;
+  version: string;
+};
+
+export type RpdLicenseOwner = {
+  name: string;
+};
+
+export type RpdLicenseAuthority = {
+  neverExpire: boolean;
+  expireDate: string;
+  quota?: Record<string, number | string | boolean>;
+  functions?: string[];
+};
+
+export type RpdLicenseApplication = {
+  /**
+   * 部署识别码
+   */
+  deployId: string;
+
+  /**
+   * 产品信息
+   */
+  product: RpdLicenseProduct;
+
+  /**
+   * 申请人，客户信息
+   */
+  applicant: RpdLicenseOwner;
+
+  /**
+   * 权限信息
+   */
+  authority: RpdLicenseAuthority;
+};
+
+export type LicenseSettings = {
+  deployId: string;
+  cert: string;
+};

package/src/plugins/license/LicenseService.ts

@@ -0,0 +1,112 @@
+import { IRpdServer } from "~/core/server";
+import EntityManager from "~/dataAccess/entityManager";
+import { LicenseSettings, RpdCert, RpdLicense } from "./LicensePluginTypes";
+import { SystemSettingItem } from "../setting/SettingPluginTypes";
+import SettingService from "../setting/SettingService";
+import { extractCertLicense } from "./helpers/certHelper";
+import dayjs from "dayjs";
+import { get, isString } from "lodash";
+import { isNullOrUndefinedOrEmpty } from "~/utilities/typeUtility";
+
+export interface GetSystemSettingValuesInput {
+  groupCode: string;
+}
+
+export interface SetSystemSettingValuesInput {
+  groupCode: string;
+  values: Record<string, any>;
+}
+
+export interface GetUserSettingValuesInput {
+  groupCode: string;
+}
+
+export default class LicenseService {
+  #server: IRpdServer;
+  #systemSettingItemManager: EntityManager<SystemSettingItem>;
+  #encryptionKey: string;
+  #license: RpdLicense;
+
+  constructor(server: IRpdServer, encryptionKey: string) {
+    this.#server = server;
+    this.#encryptionKey = encryptionKey;
+
+    this.#systemSettingItemManager = server.getEntityManager("system_setting_item");
+  }
+
+  async loadLicense(): Promise<void> {
+    const settingService = this.#server.getService<SettingService>("settingService");
+    const licenseSettings = await settingService.getSystemSettingValues("license");
+    const { deployId } = licenseSettings as LicenseSettings;
+    const certText = licenseSettings.cert;
+    const certJSON = Buffer.from(certText, "base64").toString();
+    const cert: RpdCert = JSON.parse(certJSON);
+
+    try {
+      const license = extractCertLicense(this.#encryptionKey, deployId, cert);
+      this.#license = license;
+    } catch (error) {
+      this.#server.getLogger().error("Loading license failed.", error);
+      throw new Error("Loading license failed.");
+    }
+  }
+
+  getLicense() {
+    return this.#license;
+  }
+
+  isExpired() {
+    if (!this.#license) {
+      return true;
+    }
+
+    const { neverExpire, expireDate } = this.#license.authority;
+
+    if (neverExpire) {
+      return false;
+    }
+
+    if (!expireDate) {
+      return true;
+    }
+
+    const today = dayjs(dayjs().format("YYYY-MM-DD"));
+    return today.isAfter(dayjs(expireDate));
+  }
+
+  getQuota(name: string) {
+    if (!this.#license) {
+      return null;
+    }
+
+    return get(this.#license.authority, `quota.${name}`, null);
+  }
+
+  isOutOfQuota(name: string, currentAmount: number) {
+    const quotaLimit = this.getQuota(name);
+
+    if (isNullOrUndefinedOrEmpty(quotaLimit)) {
+      return true;
+    }
+
+    let quotaLimitAmount: string | number = quotaLimit;
+    if (isString(quotaLimitAmount)) {
+      quotaLimitAmount = parseInt(quotaLimit, 10);
+    }
+
+    if (quotaLimitAmount === -1) {
+      return true;
+    }
+
+    return currentAmount > quotaLimitAmount;
+  }
+
+  isFunctionAllowed(name: string) {
+    if (!this.#license) {
+      return false;
+    }
+
+    const functions = get(this.#license.authority, "functions", []);
+    return functions.includes(name);
+  }
+}

package/src/plugins/license/actionHandlers/getLicense.ts

@@ -0,0 +1,18 @@
+import { ActionHandlerContext } from "~/core/actionHandler";
+import { RapidPlugin } from "~/core/server";
+import LicenseService from "../LicenseService";
+
+export interface GetLicenseOptions {}
+
+export const code = "getLicense";
+
+export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: GetLicenseOptions) {
+  const { server, routerContext } = ctx;
+  const { response } = routerContext;
+
+  const licenseService = server.getService<LicenseService>("licenseService");
+
+  const license = licenseService.getLicense();
+
+  ctx.output = license;
+}

package/src/plugins/license/actionHandlers/index.ts

@@ -0,0 +1,4 @@
+import { IPluginActionHandler } from "~/core/actionHandler";
+import * as getLicense from "./getLicense";
+
+export default [getLicense] satisfies IPluginActionHandler[];

package/src/plugins/license/helpers/certHelper.ts

@@ -0,0 +1,21 @@
+import { RpdCert } from "../LicensePluginTypes";
+import { decryptData, getEncryptionIV, validateDigitalSignature, generatePubKeyFileContent } from "./cryptoHelper";
+
+export function extractCertLicense(encryptionKey: string, deployId: string, cert: RpdCert) {
+  const iv = getEncryptionIV(deployId);
+  const signature = cert.sig;
+  const pub = generatePubKeyFileContent(cert.pub);
+  const valid = validateDigitalSignature(cert.lic, "base64", signature, "base64", pub);
+  if (!valid) {
+    throw new Error("Certification validate failed.");
+  }
+
+  try {
+    const licenseText = decryptData(cert.lic, "base64", "utf-8", encryptionKey, iv, cert.tag);
+    return JSON.parse(licenseText);
+  } catch (ex) {
+    throw new Error("Certification parse failed.", {
+      cause: ex,
+    });
+  }
+}

package/src/plugins/license/helpers/cryptoHelper.ts

@@ -0,0 +1,47 @@
+import crypto, { BinaryToTextEncoding } from "crypto";
+
+export function getEncryptionIV(input: string) {
+  const hash = crypto.createHash("sha512").update(input).digest("hex");
+  return hash.substring(0, 12);
+}
+
+export function generatePubKeyFileContent(base64EncodedPubKey: string) {
+  return `-----BEGIN PUBLIC KEY-----\n${base64EncodedPubKey}\n-----END PUBLIC KEY-----`;
+}
+
+const ENC_ALGORITHM: crypto.CipherGCMTypes = "aes-256-gcm";
+
+// Decrypt data
+export function decryptData(
+  encryptedData: string,
+  encryptedDataEncoding: BufferEncoding,
+  decryptedDataEncoding: BufferEncoding,
+  encryptionKey: string,
+  encryptionIV: string,
+  authTag: string,
+) {
+  const decipher = crypto.createDecipheriv(ENC_ALGORITHM, Buffer.from(encryptionKey, "base64"), encryptionIV);
+  decipher.setAuthTag(Buffer.from(authTag, "base64"));
+  const buff = Buffer.from(encryptedData, encryptedDataEncoding);
+  return Buffer.concat([decipher.update(buff), decipher.final()]).toString(decryptedDataEncoding); // Decrypts data and converts to utf8
+}
+
+export function generateDigitalSignature(data: string, dataEncoding: BufferEncoding, privateKey: string): string {
+  const sign = crypto.createSign("RSA-SHA256");
+  const buffer = Buffer.from(data, dataEncoding);
+  sign.update(buffer);
+  return sign.sign(privateKey, "base64");
+}
+
+export function validateDigitalSignature(
+  data: string,
+  dataEncoding: BufferEncoding,
+  signature: string,
+  signatureEncoding: BinaryToTextEncoding,
+  publicKey: string,
+): boolean {
+  const verify = crypto.createVerify("RSA-SHA256");
+  const buffer = Buffer.from(data, dataEncoding);
+  verify.update(buffer);
+  return verify.verify(publicKey, signature, signatureEncoding);
+}

package/src/plugins/license/models/index.ts

@@ -0,0 +1 @@
+export default [];

package/src/plugins/license/routes/getLicense.ts

@@ -0,0 +1,15 @@
+import { RpdRoute } from "~/types";
+
+export default {
+  namespace: "svc",
+  name: "svc.getLicense",
+  code: "svc.getLicense",
+  type: "RESTful",
+  method: "GET",
+  endpoint: "/svc/license",
+  actions: [
+    {
+      code: "getLicense",
+    },
+  ],
+} satisfies RpdRoute;

package/src/plugins/license/routes/index.ts

@@ -0,0 +1,3 @@
+import getLicense from "./getLicense";
+
+export default [getLicense];

package/src/plugins/setting/models/SystemSettingItem.ts

@@ -39,4 +39,10 @@ export default {
       required: false,
     },
   ],
+  indexes: [
+    {
+      unique: true,
+      properties: ["groupCode", "itemCode"],
+    },
+  ],
 } as RpdDataModel;

package/src/plugins/setting/models/UserSettingItem.ts

@@ -46,4 +46,10 @@ export default {
       required: false,
     },
   ],
+  indexes: [
+    {
+      unique: true,
+      properties: ["ownerId", "groupCode", "itemCode"],
+    },
+  ],
 } as RpdDataModel;

package/src/utilities/typeUtility.ts

@@ -9,3 +9,7 @@ export function isNull(val: any) {
 export function isNullOrUndefined(val: any) {
   return isNull(val) || isUndefined(val);
 }
+
+export function isNullOrUndefinedOrEmpty(val: any) {
+  return isNull(val) || isUndefined(val) || val === "";
+}