@skroz/profile-api 1.0.5

package/dist/services/ProfileAuthService.js

@@ -0,0 +1,94 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProfileAuthService = exports.LAST_SENT_AT_REDIS_POSTFIX = exports.TOKEN_REDIS_POSTFIX = exports.RECOVERY_REDIS_PREFIX = exports.CONFIRMATION_REDIS_PREFIX = void 0;
+const argon2_1 = __importDefault(require("argon2"));
+exports.CONFIRMATION_REDIS_PREFIX = 'conf';
+exports.RECOVERY_REDIS_PREFIX = 'rec';
+exports.TOKEN_REDIS_POSTFIX = 'token';
+exports.LAST_SENT_AT_REDIS_POSTFIX = 'lastSentAt';
+class ProfileAuthService {
+    constructor(db, email, redis, config) {
+        this.db = db;
+        this.email = email;
+        this.redis = redis;
+        this.config = config;
+    }
+    hashPassword(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return argon2_1.default.hash(password, { type: argon2_1.default.argon2id });
+        });
+    }
+    verifyPassword(hash, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return argon2_1.default.verify(hash, password);
+        });
+    }
+    getLimitMs() {
+        return this.config.resendEmailLimitSeconds * 1000;
+    }
+    setTokenToRedis(prefix, user, token, ttlMinutes) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const exSeconds = ttlMinutes * 60;
+            // token -> userId
+            yield this.redis.setex(`${prefix}:${token}`, exSeconds, user.id.toString());
+            // userId -> token
+            yield this.redis.setex(`${prefix}:${user.id}:${exports.TOKEN_REDIS_POSTFIX}`, exSeconds, token);
+            // lastSentAt
+            yield this.redis.psetex(`${prefix}:${user.id}:${exports.LAST_SENT_AT_REDIS_POSTFIX}`, this.getLimitMs(), Date.now().toString());
+        });
+    }
+    sendLink(user, type) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const prefix = type === 'confirmation'
+                ? exports.CONFIRMATION_REDIS_PREFIX
+                : exports.RECOVERY_REDIS_PREFIX;
+            const ttlMinutes = type === 'confirmation'
+                ? this.config.confirmationTokenLifetimeMinutes
+                : this.config.recoveryTokenLifetimeMinutes;
+            // Check limit
+            const lastSentAtStr = yield this.redis.get(`${prefix}:${user.id}:${exports.LAST_SENT_AT_REDIS_POSTFIX}`);
+            const lastSentAt = Number(lastSentAtStr) || 0;
+            const expiresAt = lastSentAt + this.getLimitMs();
+            const expiresIn = expiresAt - Date.now();
+            if (expiresIn > 0)
+                return { ok: false, limitExpiresAt: expiresAt };
+            // Generate token (6 digits as in original code)
+            let token = '';
+            for (let i = 0; i < 6; i++) {
+                token += Math.floor(Math.random() * 10);
+            }
+            yield this.setTokenToRedis(prefix, user, token, ttlMinutes);
+            const ok = yield this.email.sendToken(user, type, token);
+            return { ok, limitExpiresAt: Date.now() + this.getLimitMs() };
+        });
+    }
+    getUserByToken(prefix, token) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const userIdStr = yield this.redis.get(`${prefix}:${token}`);
+            if (!userIdStr)
+                return null;
+            const userId = Number(userIdStr);
+            if (isNaN(userId))
+                return null;
+            return this.db.findUserById(userId);
+        });
+    }
+    removeTokenFromRedis(prefix, user, token) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.redis.del(`${prefix}:${token}`, `${prefix}:${user.id}:${exports.TOKEN_REDIS_POSTFIX}`, `${prefix}:${user.id}:${exports.LAST_SENT_AT_REDIS_POSTFIX}`);
+        });
+    }
+}
+exports.ProfileAuthService = ProfileAuthService;

package/dist/services/ProfileEmailService.d.ts

@@ -0,0 +1,15 @@
+import { AuthUser, EmailConfig, ProfileLocales } from '../types';
+export type EmailType = 'auth' | 'activity' | 'info' | 'admin' | 'other';
+export declare class ProfileEmailService {
+    private ses;
+    private config;
+    private locales;
+    constructor(config: EmailConfig, locales: ProfileLocales);
+    private getWebsiteUrl;
+    private render;
+    private getFrom;
+    send(to: string, subject: string, template: string, vars: any, type?: EmailType): Promise<boolean>;
+    sendToken(user: AuthUser, type: 'confirmation' | 'recovery', token: string): Promise<boolean>;
+    sendTemporaryPassword(user: AuthUser, tempPassword: string): Promise<boolean>;
+    sendGenericEmail(user: AuthUser, subject: string, text: string, type?: EmailType, vars?: any): Promise<boolean>;
+}

package/dist/services/ProfileEmailService.js

@@ -0,0 +1,105 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProfileEmailService = void 0;
+const aws_ses_1 = __importDefault(require("@os-team/aws-ses"));
+const pug_1 = __importDefault(require("pug"));
+const path_1 = __importDefault(require("path"));
+const types_1 = require("../types");
+class ProfileEmailService {
+    constructor(config, locales) {
+        this.ses = new aws_ses_1.default({ region: 'eu-west-1' });
+        this.config = config;
+        this.locales = locales;
+    }
+    getWebsiteUrl() {
+        return this.config.websiteUrl || `https://${this.config.domain}`;
+    }
+    render(templateName, vars) {
+        const templatePath = path_1.default.resolve(this.config.templateDir, `${templateName}.pug`);
+        return pug_1.default.renderFile(templatePath, Object.assign({ domain: this.config.domain, websiteUrl: this.getWebsiteUrl(), primaryBrandColor: this.config.primaryBrandColor, logoUrl: this.config.logoUrl || '' }, vars));
+    }
+    getFrom(type) {
+        const { domain } = this.config;
+        const username = this.config.fromEmailUsername;
+        switch (type) {
+            case 'auth':
+                return `${domain} <${username}@auth.${domain}>`;
+            case 'activity':
+                return `${domain} <${username}@a.${domain}>`;
+            case 'info':
+                return `${domain} <${username}@i.${domain}>`;
+            case 'admin':
+                return `${domain} <${username}@admin.${domain}>`;
+            default:
+                return `${domain} <${username}@o.${domain}>`;
+        }
+    }
+    send(to_1, subject_1, template_1, vars_1) {
+        return __awaiter(this, arguments, void 0, function* (to, subject, template, vars, type = 'other') {
+            const html = this.render(template, vars);
+            const from = this.getFrom(type);
+            return this.ses.send({
+                Destination: { ToAddresses: [to] },
+                Message: {
+                    Subject: { Data: subject, Charset: 'UTF-8' },
+                    Body: { Html: { Data: html, Charset: 'UTF-8' } },
+                },
+                Source: from,
+            });
+        });
+    }
+    sendToken(user, type, token) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!user.email)
+                return false;
+            const isConfirm = type === 'confirmation';
+            const emailLocales = isConfirm
+                ? this.locales.email.confirmEmail
+                : this.locales.email.forgotPassword;
+            const template = isConfirm
+                ? types_1.ProfileEmailTemplate.CONFIRM_EMAIL
+                : types_1.ProfileEmailTemplate.FORGOT_PASSWORD;
+            return this.send(user.email, emailLocales.subject, template, {
+                header: emailLocales.header,
+                text: emailLocales.text,
+                linkTitle: emailLocales.linkTitle,
+                linkHref: `${this.getWebsiteUrl()}/${type}?token=${token}&email=${user.email}`,
+                confirmationToken: token,
+            }, 'auth');
+        });
+    }
+    sendTemporaryPassword(user, tempPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!user.email)
+                return false;
+            const emailLocales = this.locales.email.tempPassword;
+            return this.send(user.email, emailLocales.subject, types_1.ProfileEmailTemplate.TEMP_PASSWORD, {
+                header: emailLocales.header.replace('{{tempPassword}}', tempPassword),
+                text: emailLocales.text,
+                linkTitle: emailLocales.linkTitle,
+                linkHref: this.getWebsiteUrl(),
+            }, 'auth');
+        });
+    }
+    /* Generic method for any custom project emails */
+    sendGenericEmail(user_1, subject_1, text_1) {
+        return __awaiter(this, arguments, void 0, function* (user, subject, text, type = 'info', vars = {}) {
+            if (!user.email)
+                return false;
+            return this.send(user.email, subject, types_1.ProfileEmailTemplate.GENERIC_NOTIFICATION, Object.assign({ header: subject, text, linkTitle: 'Go to Website', linkHref: this.getWebsiteUrl() }, vars), type);
+        });
+    }
+}
+exports.ProfileEmailService = ProfileEmailService;

package/dist/types/index.d.ts

@@ -0,0 +1,98 @@
+export interface AuthUser {
+    id: number;
+    email: string | null;
+    name?: string | null;
+    avatar?: string | null;
+    password?: string;
+    isEmailConfirmed: boolean;
+    isBanned: boolean;
+    isTempPassword: boolean;
+    urlSlug?: string | null;
+    telegramId?: string | null;
+    isEmailNotificationEnabled: boolean;
+    isTelegramNotificationEnabled: boolean;
+    lastSeenAt: Date;
+    save(): Promise<this>;
+}
+export interface ProfileDbAdapter {
+    findUserByEmail(email: string): Promise<AuthUser | null>;
+    findUserById(id: number): Promise<AuthUser | null>;
+    findUserByTelegramId(telegramId: string): Promise<AuthUser | null>;
+    createUser(data: {
+        email: string;
+        passwordHash: string;
+    }): Promise<AuthUser>;
+    isEmailTaken(email: string, excludeUserId?: number): Promise<boolean>;
+}
+export interface ProfileAuthConfig {
+    resendEmailLimitSeconds: number;
+    confirmationTokenLifetimeMinutes: number;
+    recoveryTokenLifetimeMinutes: number;
+}
+export interface EmailConfig extends ProfileAuthConfig {
+    domain: string;
+    websiteUrl?: string;
+    primaryBrandColor: string;
+    logoUrl?: string;
+    fromEmailUsername?: string;
+    templateDir: string;
+    isOnlineSeconds: number;
+    isOnlineRecentlySeconds: number;
+}
+export declare enum ProfileEmailTemplate {
+    CONFIRM_EMAIL = "confirmEmail",
+    FORGOT_PASSWORD = "forgotPassword",
+    TEMP_PASSWORD = "tempPassword",
+    GENERIC_NOTIFICATION = "notification"
+}
+export interface ProfileLocales {
+    auth: {
+        emailConfirmed: string;
+        emailExists: string;
+    };
+    login: {
+        wrongPassword: string;
+    };
+    user: {
+        notFound: string;
+        banned: string;
+    };
+    error: {
+        wrongCode: string;
+    };
+    forgot: {
+        errors: {
+            notRegistered: string;
+        };
+    };
+    updatePassword: {
+        noPassword: string;
+        wrongOldPassword: string;
+    };
+    email: {
+        confirmEmail: {
+            subject: string;
+            header: string;
+            text: string;
+            linkTitle: string;
+        };
+        forgotPassword: {
+            subject: string;
+            header: string;
+            text: string;
+            linkTitle: string;
+        };
+        tempPassword: {
+            subject: string;
+            header: string;
+            text: string;
+            linkTitle: string;
+        };
+    };
+}
+export interface ProfileContext<TUser = AuthUser> {
+    user?: TUser;
+    req: any;
+    res: any;
+    t: (key: string, options?: any) => string;
+}

package/dist/types/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProfileEmailTemplate = void 0;
+var ProfileEmailTemplate;
+(function (ProfileEmailTemplate) {
+    ProfileEmailTemplate["CONFIRM_EMAIL"] = "confirmEmail";
+    ProfileEmailTemplate["FORGOT_PASSWORD"] = "forgotPassword";
+    ProfileEmailTemplate["TEMP_PASSWORD"] = "tempPassword";
+    ProfileEmailTemplate["GENERIC_NOTIFICATION"] = "notification";
+})(ProfileEmailTemplate || (exports.ProfileEmailTemplate = ProfileEmailTemplate = {}));

package/dist/validators/isTrue.d.ts

@@ -0,0 +1,3 @@
+import { Validator } from '@os-team/graphql-validators';
+declare const isTrue: Validator;
+export default isTrue;

package/dist/validators/isTrue.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const isTrue = {
+    name: 'isTrue',
+    validate: (value) => value === true,
+};
+exports.default = isTrue;

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@skroz/profile-api",
+  "version": "1.0.5",
+  "license": "MIT",
+  "repository": "git@gitlab.com:skroz/libs/utils.git",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "src",
+    "!**/*.test.ts"
+  ],
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "yarn clean && tsc --outDir dist",
+    "ncu": "ncu -u"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@os-team/aws-ses": "1.0.27",
+    "@os-team/graphql-transformers": "1.0.15",
+    "@os-team/graphql-utils": "1.1.61",
+    "@os-team/graphql-validators": "1.0.26",
+    "@os-team/session": "1.0.32",
+    "argon2": "0.30.2",
+    "class-validator": "0.13.2",
+    "nanoid": "3.3.4",
+    "pug": "3.0.2",
+    "type-graphql": "2.0.0-beta.1",
+    "typeorm": "0.2.45"
+  },
+  "devDependencies": {
+    "@types/node": "18.0.6",
+    "@types/pug": "2.0.6",
+    "ioredis": "5.2.1",
+    "rimraf": "3.0.2",
+    "typescript": "^5.0.0"
+  },
+  "peerDependencies": {
+    "reflect-metadata": "0.1.13"
+  },
+  "gitHead": "fbc3bff05af003470fe79b7ea7d11bc29caa9ae3"
+}

package/src/adapters/TypeOrmProfileAdapter.ts

@@ -0,0 +1,40 @@
+import { Repository, getConnection, Not } from 'typeorm';
+import { AuthUser, ProfileDbAdapter } from '../types';
+
+export class TypeOrmProfileAdapter implements ProfileDbAdapter {
+    private repository: Repository<any>;
+
+    constructor(userEntity: any) {
+        this.repository = getConnection().getRepository(userEntity);
+    }
+
+    async findUserByEmail(email: string): Promise<AuthUser | null> {
+        return this.repository.findOne({ where: { email: email.toLowerCase() } }) as Promise<AuthUser | null>;
+    }
+
+    async findUserById(id: number): Promise<AuthUser | null> {
+        return this.repository.findOne(id) as Promise<AuthUser | null>;
+    }
+
+    async findUserByTelegramId(telegramId: string): Promise<AuthUser | null> {
+        return this.repository.findOne({ where: { telegramId } }) as Promise<AuthUser | null>;
+    }
+
+    async createUser(data: { email: string; passwordHash: string }): Promise<AuthUser> {
+        const user = this.repository.create({
+            email: data.email.toLowerCase(),
+            password: data.passwordHash,
+            isEmailConfirmed: false,
+        });
+        return (await this.repository.save(user)) as AuthUser;
+    }
+
+    async isEmailTaken(email: string, excludeUserId?: number): Promise<boolean> {
+        const where: any = { email: email.toLowerCase() };
+        if (excludeUserId) {
+            where.id = Not(excludeUserId);
+        }
+        const count = await this.repository.count({ where });
+        return count > 0;
+    }
+}

package/src/dto/ConfirmEmailInput.ts

@@ -0,0 +1,12 @@
+import { Field, InputType } from 'type-graphql';
+import { isNotEmpty } from '@os-team/graphql-validators';
+
+@InputType()
+export class ConfirmEmailInput {
+    @Field()
+    token!: string;
+}
+
+export const confirmEmailValidators = {
+    token: [isNotEmpty],
+};

package/src/dto/ForgotPasswordInput.ts

@@ -0,0 +1,17 @@
+import { Field, InputType } from 'type-graphql';
+import { isEmail } from '@os-team/graphql-validators';
+import { toLowerCase, trim } from '@os-team/graphql-transformers';
+
+@InputType()
+export class ForgotPasswordInput {
+    @Field()
+    email!: string;
+}
+
+export const forgotPasswordValidators = {
+    email: [isEmail],
+};
+
+export const forgotPasswordTransformers = {
+    email: [trim, toLowerCase],
+};

package/src/dto/LoginInput.ts

@@ -0,0 +1,20 @@
+import { Field, InputType } from 'type-graphql';
+import { isEmail, isNotEmpty } from '@os-team/graphql-validators';
+import { toLowerCase, trim } from '@os-team/graphql-transformers';
+import { PasswordInput, passwordTransformers } from './PasswordInput';
+
+@InputType()
+export class LoginInput extends PasswordInput {
+    @Field()
+    email!: string;
+}
+
+export const loginValidators = {
+    email: [isEmail],
+    password: [isNotEmpty],
+};
+
+export const loginTransformers = {
+    email: [trim, toLowerCase],
+    ...passwordTransformers,
+};

package/src/dto/PasswordInput.ts

@@ -0,0 +1,17 @@
+import { Field, InputType } from 'type-graphql';
+import { maxLength, minLength } from '@os-team/graphql-validators';
+import { trim } from '@os-team/graphql-transformers';
+
+@InputType({ isAbstract: true })
+export class PasswordInput {
+    @Field()
+    password!: string;
+}
+
+export const passwordValidators = {
+    password: [minLength(6), maxLength(64)],
+};
+
+export const passwordTransformers = {
+    password: [trim],
+};

package/src/dto/RecoverPasswordInput.ts

@@ -0,0 +1,20 @@
+import { Field, InputType } from 'type-graphql';
+import { isNotEmpty } from '@os-team/graphql-validators';
+import { trim } from '@os-team/graphql-transformers';
+import { PasswordInput, passwordTransformers, passwordValidators } from './PasswordInput';
+
+@InputType()
+export class RecoverPasswordInput extends PasswordInput {
+    @Field()
+    token!: string;
+}
+
+export const recoverPasswordTransformers = {
+    ...passwordTransformers,
+    token: [trim],
+};
+
+export const recoverPasswordValidators = {
+    ...passwordValidators,
+    token: [isNotEmpty],
+};

package/src/dto/RegisterInput.ts

@@ -0,0 +1,29 @@
+import { Field, InputType } from 'type-graphql';
+import { isEmail } from '@os-team/graphql-validators';
+import { toLowerCase, trim } from '@os-team/graphql-transformers';
+import { PasswordInput, passwordTransformers, passwordValidators } from './PasswordInput';
+import isTrue from '../validators/isTrue';
+
+@InputType()
+export class RegisterInput extends PasswordInput {
+    @Field()
+    email!: string;
+
+    @Field(() => Boolean, { nullable: true })
+    isUserAgreementAgree?: boolean;
+
+    @Field(() => Boolean, { nullable: true })
+    isPrivacyPolicyAgree?: boolean;
+}
+
+export const registerValidators = {
+    email: [isEmail],
+    isUserAgreementAgree: [isTrue],
+    isPrivacyPolicyAgree: [isTrue],
+    ...passwordValidators,
+};
+
+export const registerTransformers = {
+    email: [trim, toLowerCase],
+    ...passwordTransformers,
+};

package/src/dto/SendTokenPayload.ts

@@ -0,0 +1,10 @@
+import { Field, ObjectType } from 'type-graphql';
+
+@ObjectType()
+export class SendTokenPayload {
+    @Field()
+    confirmationLinkIsSent!: boolean;
+
+    @Field(() => Number, { nullable: true })
+    limitExpiresAt?: number;
+}

package/src/dto/StatusPayload.ts

@@ -0,0 +1,7 @@
+import { Field, ObjectType } from 'type-graphql';
+
+@ObjectType()
+export class StatusPayload {
+    @Field()
+    ok!: boolean;
+}

package/src/dto/UpdateEmailInput.ts

@@ -0,0 +1,17 @@
+import { Field, InputType } from 'type-graphql';
+import { isEmail, isNotEmpty } from '@os-team/graphql-validators';
+import { toLowerCase, trim } from '@os-team/graphql-transformers';
+
+@InputType()
+export class UpdateEmailInput {
+    @Field()
+    email!: string;
+}
+
+export const updateEmailTransformers = {
+    email: [trim, toLowerCase],
+};
+
+export const updateEmailValidators = {
+    email: [isNotEmpty, isEmail],
+};

package/src/dto/UpdatePasswordInput.ts

@@ -0,0 +1,20 @@
+import { Field, InputType } from 'type-graphql';
+import { isNotEmpty } from '@os-team/graphql-validators';
+import { trim } from '@os-team/graphql-transformers';
+import { PasswordInput, passwordTransformers, passwordValidators } from './PasswordInput';
+
+@InputType()
+export class UpdatePasswordInput extends PasswordInput {
+    @Field()
+    oldPassword!: string;
+}
+
+export const updatePasswordTransformers = {
+    ...passwordTransformers,
+    oldPassword: [trim],
+};
+
+export const updatePasswordValidators = {
+    ...passwordValidators,
+    oldPassword: [isNotEmpty],
+};

package/src/dto/UpdateProfileInput.ts

@@ -0,0 +1,17 @@
+import { Field, InputType } from 'type-graphql';
+import { isNotEmpty } from '@os-team/graphql-validators';
+import { trim } from '@os-team/graphql-transformers';
+
+@InputType()
+export class UpdateProfileInput {
+    @Field()
+    name!: string;
+}
+
+export const updateProfileTransformers = {
+    name: [trim],
+};
+
+export const updateProfileValidators = {
+    name: [isNotEmpty],
+};

package/src/dto/index.ts

@@ -0,0 +1,11 @@
+export * from './PasswordInput';
+export * from './RegisterInput';
+export * from './LoginInput';
+export * from './ForgotPasswordInput';
+export * from './ConfirmEmailInput';
+export * from './StatusPayload';
+export * from './SendTokenPayload';
+export * from './UpdatePasswordInput';
+export * from './UpdateEmailInput';
+export * from './UpdateProfileInput';
+export * from './RecoverPasswordInput';