@solidxai/core 0.1.8-beta.1 → 0.1.8-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controllers/authentication.controller.d.ts +32 -2
- package/dist/controllers/authentication.controller.d.ts.map +1 -1
- package/dist/controllers/authentication.controller.js +80 -3
- package/dist/controllers/authentication.controller.js.map +1 -1
- package/dist/dtos/create-api-key.dto.d.ts +5 -0
- package/dist/dtos/create-api-key.dto.d.ts.map +1 -0
- package/dist/dtos/create-api-key.dto.js +34 -0
- package/dist/dtos/create-api-key.dto.js.map +1 -0
- package/dist/dtos/post-chatter-message.dto.d.ts +1 -0
- package/dist/dtos/post-chatter-message.dto.d.ts.map +1 -1
- package/dist/dtos/post-chatter-message.dto.js +6 -1
- package/dist/dtos/post-chatter-message.dto.js.map +1 -1
- package/dist/dtos/register-private.dto.d.ts +3 -5
- package/dist/dtos/register-private.dto.d.ts.map +1 -1
- package/dist/dtos/register-private.dto.js +6 -18
- package/dist/dtos/register-private.dto.js.map +1 -1
- package/dist/dtos/sso-exchange.dto.d.ts +4 -0
- package/dist/dtos/sso-exchange.dto.d.ts.map +1 -0
- package/dist/dtos/sso-exchange.dto.js +26 -0
- package/dist/dtos/sso-exchange.dto.js.map +1 -0
- package/dist/dtos/update-api-key.dto.d.ts +4 -0
- package/dist/dtos/update-api-key.dto.d.ts.map +1 -0
- package/dist/dtos/update-api-key.dto.js +28 -0
- package/dist/dtos/update-api-key.dto.js.map +1 -0
- package/dist/entities/agent-event.entity.d.ts +3 -12
- package/dist/entities/agent-event.entity.d.ts.map +1 -1
- package/dist/entities/agent-event.entity.js +21 -46
- package/dist/entities/agent-event.entity.js.map +1 -1
- package/dist/entities/agent-session.entity.d.ts +2 -11
- package/dist/entities/agent-session.entity.d.ts.map +1 -1
- package/dist/entities/agent-session.entity.js +15 -40
- package/dist/entities/agent-session.entity.js.map +1 -1
- package/dist/entities/field-metadata.entity.js +1 -1
- package/dist/entities/field-metadata.entity.js.map +1 -1
- package/dist/entities/legacy-common.entity.d.ts +9 -9
- package/dist/entities/legacy-common.entity.d.ts.map +1 -1
- package/dist/entities/legacy-common.entity.js +7 -7
- package/dist/entities/legacy-common.entity.js.map +1 -1
- package/dist/entities/sms-template.entity.d.ts.map +1 -1
- package/dist/entities/sms-template.entity.js +2 -1
- package/dist/entities/sms-template.entity.js.map +1 -1
- package/dist/entities/user-api-key.entity.d.ts +12 -0
- package/dist/entities/user-api-key.entity.d.ts.map +1 -0
- package/dist/entities/user-api-key.entity.js +62 -0
- package/dist/entities/user-api-key.entity.js.map +1 -0
- package/dist/entities/user.entity.d.ts +3 -0
- package/dist/entities/user.entity.d.ts.map +1 -1
- package/dist/entities/user.entity.js +12 -1
- package/dist/entities/user.entity.js.map +1 -1
- package/dist/enums/auth-type.enum.d.ts +2 -1
- package/dist/enums/auth-type.enum.d.ts.map +1 -1
- package/dist/enums/auth-type.enum.js +2 -1
- package/dist/enums/auth-type.enum.js.map +1 -1
- package/dist/guards/api-key.guard.d.ts +11 -0
- package/dist/guards/api-key.guard.d.ts.map +1 -0
- package/dist/guards/api-key.guard.js +43 -0
- package/dist/guards/api-key.guard.js.map +1 -0
- package/dist/guards/authentication.guard.d.ts +4 -2
- package/dist/guards/authentication.guard.d.ts.map +1 -1
- package/dist/guards/authentication.guard.js +7 -3
- package/dist/guards/authentication.guard.js.map +1 -1
- package/dist/helpers/bootstrap.helper.d.ts.map +1 -1
- package/dist/helpers/bootstrap.helper.js +12 -1
- package/dist/helpers/bootstrap.helper.js.map +1 -1
- package/dist/helpers/field-crud-managers/SelectionDynamicFieldCrudManager.d.ts.map +1 -1
- package/dist/helpers/field-crud-managers/SelectionDynamicFieldCrudManager.js +15 -6
- package/dist/helpers/field-crud-managers/SelectionDynamicFieldCrudManager.js.map +1 -1
- package/dist/helpers/typeorm-db-helper.d.ts.map +1 -1
- package/dist/helpers/typeorm-db-helper.js +9 -0
- package/dist/helpers/typeorm-db-helper.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/repository/user-api-key.repository.d.ts +12 -0
- package/dist/repository/user-api-key.repository.d.ts.map +1 -0
- package/dist/repository/user-api-key.repository.js +34 -0
- package/dist/repository/user-api-key.repository.js.map +1 -0
- package/dist/seeders/module-test-data.service.d.ts +5 -0
- package/dist/seeders/module-test-data.service.d.ts.map +1 -1
- package/dist/seeders/module-test-data.service.js +131 -4
- package/dist/seeders/module-test-data.service.js.map +1 -1
- package/dist/seeders/seed-data/solid-core-metadata.json +287 -197
- package/dist/services/api-key.service.d.ts +20 -0
- package/dist/services/api-key.service.d.ts.map +1 -0
- package/dist/services/api-key.service.js +98 -0
- package/dist/services/api-key.service.js.map +1 -0
- package/dist/services/authentication.service.d.ts +19 -1
- package/dist/services/authentication.service.d.ts.map +1 -1
- package/dist/services/authentication.service.js +31 -5
- package/dist/services/authentication.service.js.map +1 -1
- package/dist/services/chatter-message.service.d.ts.map +1 -1
- package/dist/services/chatter-message.service.js +6 -0
- package/dist/services/chatter-message.service.js.map +1 -1
- package/dist/services/export-transaction.service.d.ts.map +1 -1
- package/dist/services/export-transaction.service.js +0 -23
- package/dist/services/export-transaction.service.js.map +1 -1
- package/dist/services/field-metadata.service.d.ts +1 -3
- package/dist/services/field-metadata.service.d.ts.map +1 -1
- package/dist/services/field-metadata.service.js +6 -13
- package/dist/services/field-metadata.service.js.map +1 -1
- package/dist/services/file/disk-file.service.d.ts +1 -0
- package/dist/services/file/disk-file.service.d.ts.map +1 -1
- package/dist/services/file/disk-file.service.js +11 -3
- package/dist/services/file/disk-file.service.js.map +1 -1
- package/dist/services/media.service.d.ts +0 -1
- package/dist/services/media.service.d.ts.map +1 -1
- package/dist/services/media.service.js +10 -11
- package/dist/services/media.service.js.map +1 -1
- package/dist/services/settings/default-settings-provider.service.d.ts.map +1 -1
- package/dist/services/settings/default-settings-provider.service.js +5 -2
- package/dist/services/settings/default-settings-provider.service.js.map +1 -1
- package/dist/services/sso-code-storage.service.d.ts +15 -0
- package/dist/services/sso-code-storage.service.d.ts.map +1 -0
- package/dist/services/sso-code-storage.service.js +47 -0
- package/dist/services/sso-code-storage.service.js.map +1 -0
- package/dist/services/user.service.d.ts.map +1 -1
- package/dist/services/user.service.js +3 -2
- package/dist/services/user.service.js.map +1 -1
- package/dist/solid-core.module.d.ts.map +1 -1
- package/dist/solid-core.module.js +10 -0
- package/dist/solid-core.module.js.map +1 -1
- package/package.json +1 -1
- package/src/controllers/authentication.controller.ts +59 -3
- package/src/dtos/create-api-key.dto.ts +14 -0
- package/src/dtos/post-chatter-message.dto.ts +4 -0
- package/src/dtos/register-private.dto.ts +5 -14
- package/src/dtos/sso-exchange.dto.ts +7 -0
- package/src/dtos/update-api-key.dto.ts +9 -0
- package/src/entities/agent-event.entity.ts +21 -55
- package/src/entities/agent-session.entity.ts +15 -47
- package/src/entities/field-metadata.entity.ts +1 -1
- package/src/entities/legacy-common.entity.ts +15 -15
- package/src/entities/sms-template.entity.ts +3 -2
- package/src/entities/user-api-key.entity.ts +37 -0
- package/src/entities/user.entity.ts +8 -0
- package/src/enums/auth-type.enum.ts +1 -0
- package/src/guards/api-key.guard.ts +32 -0
- package/src/guards/authentication.guard.ts +6 -3
- package/src/helpers/bootstrap.helper.ts +16 -1
- package/src/helpers/field-crud-managers/SelectionDynamicFieldCrudManager.ts +17 -6
- package/src/helpers/typeorm-db-helper.ts +11 -0
- package/src/index.ts +1 -0
- package/src/repository/user-api-key.repository.ts +17 -0
- package/src/seeders/module-test-data.service.ts +165 -6
- package/src/seeders/seed-data/solid-core-metadata.json +287 -197
- package/src/services/api-key.service.ts +111 -0
- package/src/services/authentication.service.ts +35 -3
- package/src/services/chatter-message.service.ts +7 -0
- package/src/services/export-transaction.service.ts +0 -26
- package/src/services/field-metadata.service.ts +5 -12
- package/src/services/file/disk-file.service.ts +15 -7
- package/src/services/media.service.ts +12 -51
- package/src/services/settings/default-settings-provider.service.ts +5 -2
- package/src/services/sso-code-storage.service.ts +36 -0
- package/src/services/user.service.ts +3 -2
- package/src/solid-core.module.ts +10 -0
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { CreateApiKeyDto } from 'src/dtos/create-api-key.dto';
|
|
2
|
+
import { UpdateApiKeyDto } from 'src/dtos/update-api-key.dto';
|
|
3
|
+
import { UserApiKey } from 'src/entities/user-api-key.entity';
|
|
4
|
+
import { ActiveUserData } from 'src/interfaces/active-user-data.interface';
|
|
5
|
+
import { UserApiKeyRepository } from 'src/repository/user-api-key.repository';
|
|
6
|
+
import { PermissionMetadataService } from 'src/services/permission-metadata.service';
|
|
7
|
+
export declare class ApiKeyService {
|
|
8
|
+
private readonly apiKeyRepository;
|
|
9
|
+
private readonly permissionMetadataService;
|
|
10
|
+
private readonly logger;
|
|
11
|
+
constructor(apiKeyRepository: UserApiKeyRepository, permissionMetadataService: PermissionMetadataService);
|
|
12
|
+
generate(userId: number, dto: CreateApiKeyDto): Promise<{
|
|
13
|
+
apiKey: string;
|
|
14
|
+
record: UserApiKey;
|
|
15
|
+
}>;
|
|
16
|
+
validate(rawKey: string): Promise<ActiveUserData>;
|
|
17
|
+
updateKey(id: number, userId: number, dto: UpdateApiKeyDto): Promise<void>;
|
|
18
|
+
private hash;
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=api-key.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-key.service.d.ts","sourceRoot":"","sources":["../../src/services/api-key.service.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAE9D,OAAO,EAAE,cAAc,EAAE,MAAM,2CAA2C,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,0CAA0C,CAAC;AAErF,qBACa,aAAa;IAIlB,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,yBAAyB;IAJ9C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkC;gBAGpC,gBAAgB,EAAE,oBAAoB,EACtC,yBAAyB,EAAE,yBAAyB;IAGnE,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC;IA+B/F,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAkCjD,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBhF,OAAO,CAAC,IAAI;CAGf"}
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var ApiKeyService_1;
|
|
12
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
+
exports.ApiKeyService = void 0;
|
|
14
|
+
const common_1 = require("@nestjs/common");
|
|
15
|
+
const crypto_1 = require("crypto");
|
|
16
|
+
const user_api_key_entity_1 = require("../entities/user-api-key.entity");
|
|
17
|
+
const user_entity_1 = require("../entities/user.entity");
|
|
18
|
+
const user_api_key_repository_1 = require("../repository/user-api-key.repository");
|
|
19
|
+
const permission_metadata_service_1 = require("./permission-metadata.service");
|
|
20
|
+
let ApiKeyService = ApiKeyService_1 = class ApiKeyService {
|
|
21
|
+
constructor(apiKeyRepository, permissionMetadataService) {
|
|
22
|
+
this.apiKeyRepository = apiKeyRepository;
|
|
23
|
+
this.permissionMetadataService = permissionMetadataService;
|
|
24
|
+
this.logger = new common_1.Logger(ApiKeyService_1.name);
|
|
25
|
+
}
|
|
26
|
+
async generate(userId, dto) {
|
|
27
|
+
const user = await this.apiKeyRepository.manager.findOne(user_entity_1.User, {
|
|
28
|
+
where: { id: userId },
|
|
29
|
+
select: ['id', 'isAllowedToGenerateApiKeys'],
|
|
30
|
+
});
|
|
31
|
+
if (!user?.isAllowedToGenerateApiKeys) {
|
|
32
|
+
throw new common_1.ForbiddenException('You are not allowed to generate API keys');
|
|
33
|
+
}
|
|
34
|
+
const rawKey = 'sldx_' + (0, crypto_1.randomBytes)(32).toString('hex');
|
|
35
|
+
const hashedKey = this.hash(rawKey);
|
|
36
|
+
const maskedKey = 'sldx_****' + rawKey.slice(-4);
|
|
37
|
+
const record = this.apiKeyRepository.create({
|
|
38
|
+
name: dto.name,
|
|
39
|
+
hashedKey,
|
|
40
|
+
maskedKey,
|
|
41
|
+
isActive: true,
|
|
42
|
+
expiresAt: dto.expiresAt ? new Date(dto.expiresAt) : null,
|
|
43
|
+
user,
|
|
44
|
+
});
|
|
45
|
+
await this.apiKeyRepository.save(record);
|
|
46
|
+
delete record.hashedKey;
|
|
47
|
+
return { apiKey: rawKey, record };
|
|
48
|
+
}
|
|
49
|
+
async validate(rawKey) {
|
|
50
|
+
const hashedKey = this.hash(rawKey);
|
|
51
|
+
const keyRecord = await this.apiKeyRepository.findOne({
|
|
52
|
+
where: { hashedKey, isActive: true },
|
|
53
|
+
relations: ['user', 'user.roles'],
|
|
54
|
+
});
|
|
55
|
+
if (!keyRecord) {
|
|
56
|
+
throw new common_1.UnauthorizedException();
|
|
57
|
+
}
|
|
58
|
+
if (keyRecord.expiresAt && keyRecord.expiresAt < new Date()) {
|
|
59
|
+
throw new common_1.UnauthorizedException('API key expired');
|
|
60
|
+
}
|
|
61
|
+
this.apiKeyRepository.update(keyRecord.id, { lastUsedAt: new Date() }).catch((err) => {
|
|
62
|
+
this.logger.warn(`Failed to update lastUsedAt for key ${keyRecord.id}: ${err.message}`);
|
|
63
|
+
});
|
|
64
|
+
const roles = (keyRecord.user.roles ?? []).map((r) => r.name);
|
|
65
|
+
const permissions = await this.permissionMetadataService.findAllUsingRoles(roles);
|
|
66
|
+
return {
|
|
67
|
+
sub: keyRecord.user.id,
|
|
68
|
+
username: keyRecord.user.username,
|
|
69
|
+
email: keyRecord.user.email,
|
|
70
|
+
roles,
|
|
71
|
+
permissions: permissions.map((p) => p.name),
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
async updateKey(id, userId, dto) {
|
|
75
|
+
const keyRecord = await this.apiKeyRepository.findOne({
|
|
76
|
+
where: { id, user: { id: userId } },
|
|
77
|
+
});
|
|
78
|
+
if (!keyRecord) {
|
|
79
|
+
throw new common_1.NotFoundException('API key not found');
|
|
80
|
+
}
|
|
81
|
+
await this.apiKeyRepository.manager
|
|
82
|
+
.createQueryBuilder()
|
|
83
|
+
.update(user_api_key_entity_1.UserApiKey)
|
|
84
|
+
.set({ isActive: dto.isActive })
|
|
85
|
+
.where('id = :id', { id })
|
|
86
|
+
.execute();
|
|
87
|
+
}
|
|
88
|
+
hash(rawKey) {
|
|
89
|
+
return (0, crypto_1.createHash)('sha256').update(rawKey).digest('hex');
|
|
90
|
+
}
|
|
91
|
+
};
|
|
92
|
+
exports.ApiKeyService = ApiKeyService;
|
|
93
|
+
exports.ApiKeyService = ApiKeyService = ApiKeyService_1 = __decorate([
|
|
94
|
+
(0, common_1.Injectable)(),
|
|
95
|
+
__metadata("design:paramtypes", [user_api_key_repository_1.UserApiKeyRepository,
|
|
96
|
+
permission_metadata_service_1.PermissionMetadataService])
|
|
97
|
+
], ApiKeyService);
|
|
98
|
+
//# sourceMappingURL=api-key.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-key.service.js","sourceRoot":"","sources":["../../src/services/api-key.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAMwB;AACxB,mCAAiD;AAGjD,yEAA8D;AAC9D,yDAAgD;AAEhD,mFAA8E;AAC9E,+EAAqF;AAG9E,IAAM,aAAa,qBAAnB,MAAM,aAAa;IAGtB,YACqB,gBAAsC,EACtC,yBAAoD;QADpD,qBAAgB,GAAhB,gBAAgB,CAAsB;QACtC,8BAAyB,GAAzB,yBAAyB,CAA2B;QAJxD,WAAM,GAAG,IAAI,eAAM,CAAC,eAAa,CAAC,IAAI,CAAC,CAAC;IAKtD,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,GAAoB;QAC/C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAI,EAAE;YAC3D,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,CAAC,IAAI,EAAE,4BAA4B,CAAC;SAC/C,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,0BAA0B,EAAE,CAAC;YACpC,MAAM,IAAI,2BAAkB,CAAC,0CAA0C,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;YACxC,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS;YACT,SAAS;YACT,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI;YACzD,IAAI;SACP,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAGzC,OAAQ,MAAc,CAAC,SAAS,CAAC;QAEjC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAc;QACzB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAGpC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAClD,KAAK,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACpC,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACtC,CAAC;QAED,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC1D,MAAM,IAAI,8BAAqB,CAAC,iBAAiB,CAAC,CAAC;QACvD,CAAC;QAGD,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uCAAuC,SAAS,CAAC,EAAE,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAElF,OAAO;YACH,GAAG,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;YACtB,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;YACjC,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,KAAK;YAC3B,KAAK;YACL,WAAW,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC9C,CAAC;IACN,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,EAAU,EAAE,MAAc,EAAE,GAAoB;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAClD,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE;SACtC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,0BAAiB,CAAC,mBAAmB,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO;aAC9B,kBAAkB,EAAE;aACpB,MAAM,CAAC,gCAAU,CAAC;aAClB,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;aAC/B,KAAK,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC;aACzB,OAAO,EAAE,CAAC;IACnB,CAAC;IAEO,IAAI,CAAC,MAAc;QACvB,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7D,CAAC;CACJ,CAAA;AA7FY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;qCAK8B,8CAAoB;QACX,uDAAyB;GALhE,aAAa,CA6FzB","sourcesContent":["import {\n ForbiddenException,\n Injectable,\n Logger,\n NotFoundException,\n UnauthorizedException,\n} from '@nestjs/common';\nimport { createHash, randomBytes } from 'crypto';\nimport { CreateApiKeyDto } from 'src/dtos/create-api-key.dto';\nimport { UpdateApiKeyDto } from 'src/dtos/update-api-key.dto';\nimport { UserApiKey } from 'src/entities/user-api-key.entity';\nimport { User } from 'src/entities/user.entity';\nimport { ActiveUserData } from 'src/interfaces/active-user-data.interface';\nimport { UserApiKeyRepository } from 'src/repository/user-api-key.repository';\nimport { PermissionMetadataService } from 'src/services/permission-metadata.service';\n\n@Injectable()\nexport class ApiKeyService {\n private readonly logger = new Logger(ApiKeyService.name);\n\n constructor(\n private readonly apiKeyRepository: UserApiKeyRepository,\n private readonly permissionMetadataService: PermissionMetadataService,\n ) {}\n\n async generate(userId: number, dto: CreateApiKeyDto): Promise<{ apiKey: string; record: UserApiKey }> {\n const user = await this.apiKeyRepository.manager.findOne(User, {\n where: { id: userId },\n select: ['id', 'isAllowedToGenerateApiKeys'],\n });\n\n if (!user?.isAllowedToGenerateApiKeys) {\n throw new ForbiddenException('You are not allowed to generate API keys');\n }\n\n const rawKey = 'sldx_' + randomBytes(32).toString('hex');\n const hashedKey = this.hash(rawKey);\n const maskedKey = 'sldx_****' + rawKey.slice(-4);\n\n const record = this.apiKeyRepository.create({\n name: dto.name,\n hashedKey,\n maskedKey,\n isActive: true,\n expiresAt: dto.expiresAt ? new Date(dto.expiresAt) : null,\n user,\n });\n\n await this.apiKeyRepository.save(record);\n\n // Strip hashedKey from the returned record — maskedKey is all the UI needs\n delete (record as any).hashedKey;\n\n return { apiKey: rawKey, record };\n }\n\n async validate(rawKey: string): Promise<ActiveUserData> {\n const hashedKey = this.hash(rawKey);\n\n // Bypass security rules for auth validation — must find the key regardless of caller context\n const keyRecord = await this.apiKeyRepository.findOne({\n where: { hashedKey, isActive: true },\n relations: ['user', 'user.roles'],\n });\n\n if (!keyRecord) {\n throw new UnauthorizedException();\n }\n\n if (keyRecord.expiresAt && keyRecord.expiresAt < new Date()) {\n throw new UnauthorizedException('API key expired');\n }\n\n // Fire-and-forget — does not need security rule context\n this.apiKeyRepository.update(keyRecord.id, { lastUsedAt: new Date() }).catch((err) => {\n this.logger.warn(`Failed to update lastUsedAt for key ${keyRecord.id}: ${err.message}`);\n });\n\n const roles = (keyRecord.user.roles ?? []).map((r) => r.name);\n const permissions = await this.permissionMetadataService.findAllUsingRoles(roles);\n\n return {\n sub: keyRecord.user.id,\n username: keyRecord.user.username,\n email: keyRecord.user.email,\n roles,\n permissions: permissions.map((p) => p.name),\n };\n }\n\n async updateKey(id: number, userId: number, dto: UpdateApiKeyDto): Promise<void> {\n const keyRecord = await this.apiKeyRepository.findOne({\n where: { id, user: { id: userId } },\n });\n\n if (!keyRecord) {\n throw new NotFoundException('API key not found');\n }\n\n await this.apiKeyRepository.manager\n .createQueryBuilder()\n .update(UserApiKey)\n .set({ isActive: dto.isActive })\n .where('id = :id', { id })\n .execute();\n }\n\n private hash(rawKey: string): string {\n return createHash('sha256').update(rawKey).digest('hex');\n }\n}\n"]}
|
|
@@ -18,6 +18,7 @@ import { User } from '../entities/user.entity';
|
|
|
18
18
|
import { ActiveUserData } from '../interfaces/active-user-data.interface';
|
|
19
19
|
import { HashingService } from './hashing.service';
|
|
20
20
|
import { RefreshTokenIdsStorageService } from './refresh-token-ids-storage.service';
|
|
21
|
+
import { SsoCodeStorageService } from './sso-code-storage.service';
|
|
21
22
|
import { RoleMetadataService } from './role-metadata.service';
|
|
22
23
|
import { SettingService } from './setting.service';
|
|
23
24
|
import { UserActivityHistoryService } from './user-activity-history.service';
|
|
@@ -36,9 +37,10 @@ export declare class AuthenticationService {
|
|
|
36
37
|
private readonly settingService;
|
|
37
38
|
private readonly roleMetadataService;
|
|
38
39
|
private readonly userActivityHistoryService;
|
|
40
|
+
private readonly ssoCodeStorage;
|
|
39
41
|
private readonly dataSource;
|
|
40
42
|
private readonly logger;
|
|
41
|
-
constructor(userService: UserService, userRepository: UserRepository, hashingService: HashingService, jwtService: JwtService, refreshTokenIdsStorage: RefreshTokenIdsStorageService, httpService: HttpService, mailServiceFactory: MailFactory, smsFactory: SmsFactory, eventEmitter: EventEmitter2, settingService: SettingService, roleMetadataService: RoleMetadataService, userActivityHistoryService: UserActivityHistoryService, dataSource: DataSource);
|
|
43
|
+
constructor(userService: UserService, userRepository: UserRepository, hashingService: HashingService, jwtService: JwtService, refreshTokenIdsStorage: RefreshTokenIdsStorageService, httpService: HttpService, mailServiceFactory: MailFactory, smsFactory: SmsFactory, eventEmitter: EventEmitter2, settingService: SettingService, roleMetadataService: RoleMetadataService, userActivityHistoryService: UserActivityHistoryService, ssoCodeStorage: SsoCodeStorageService, dataSource: DataSource);
|
|
42
44
|
private getCompanyLogo;
|
|
43
45
|
resolveUser(username: string, email: string): Promise<User>;
|
|
44
46
|
updatePasswordDetails(user: User, newPassword: string): Promise<User>;
|
|
@@ -119,6 +121,7 @@ export declare class AuthenticationService {
|
|
|
119
121
|
}>;
|
|
120
122
|
private validateLoginOtp;
|
|
121
123
|
private clearLoginOtp;
|
|
124
|
+
private buildUserPayload;
|
|
122
125
|
private buildLoginTokenResponse;
|
|
123
126
|
changePassword(changePasswordDto: ChangePasswordDto, activeUser: ActiveUserData): Promise<boolean>;
|
|
124
127
|
private generateForgotPasswordToken;
|
|
@@ -183,5 +186,20 @@ export declare class AuthenticationService {
|
|
|
183
186
|
};
|
|
184
187
|
refreshToken: any;
|
|
185
188
|
}>;
|
|
189
|
+
generateSsoCode(activeUser: ActiveUserData, rawAccessToken: string): Promise<{
|
|
190
|
+
ssoCode: string;
|
|
191
|
+
}>;
|
|
192
|
+
exchangeSsoCode(code: string): Promise<{
|
|
193
|
+
accessToken: string;
|
|
194
|
+
refreshToken: string;
|
|
195
|
+
user: {
|
|
196
|
+
id: number;
|
|
197
|
+
username: string;
|
|
198
|
+
email: string;
|
|
199
|
+
mobile: string;
|
|
200
|
+
lastLoginProvider: string;
|
|
201
|
+
roles: string[];
|
|
202
|
+
};
|
|
203
|
+
}>;
|
|
186
204
|
}
|
|
187
205
|
//# sourceMappingURL=authentication.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.service.d.ts","sourceRoot":"","sources":["../../src/services/authentication.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAY5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAOjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAgC,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAClH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAavD,qBACa,qBAAqB;IAI1B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IAEnC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,0BAA0B;
|
|
1
|
+
{"version":3,"file":"authentication.service.d.ts","sourceRoot":"","sources":["../../src/services/authentication.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAY5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAOjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAgC,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAClH,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAavD,qBACa,qBAAqB;IAI1B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IAEnC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,0BAA0B;IAC3C,OAAO,CAAC,QAAQ,CAAC,cAAc;IAG/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IArB/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0C;gBAG5C,WAAW,EAAE,WAAW,EAExB,cAAc,EAAE,cAAc,EAC9B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,sBAAsB,EAAE,6BAA6B,EACrD,WAAW,EAAE,WAAW,EAExB,kBAAkB,EAAE,WAAW,EAE/B,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,aAAa,EAC3B,cAAc,EAAE,cAAc,EAC9B,mBAAmB,EAAE,mBAAmB,EACxC,0BAA0B,EAAE,0BAA0B,EACtD,cAAc,EAAE,qBAAqB,EAGrC,UAAU,EAAE,UAAU;YAK7B,cAAc;IAItB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAY3C,qBAAqB,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM;IAcrD,8BAA8B,CAAC,KAAK,EAAE,MAAM;YAOpC,4BAA4B;YAY5B,wBAAwB;IAMhC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,GAAE,cAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoC9E,sBAAsB,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC,SAAS,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;YAuBhJ,iBAAiB;YAwDjB,gBAAgB;IAc9B,gBAAgB,CAAC,MAAM,GAAE,MAAU,GAAG,MAAM;YAiB9B,+BAA+B;YAyB/B,qBAAqB;YAKrB,mBAAmB;YAKnB,kBAAkB;IA4C1B,uBAAuB,CAAC,SAAS,EAAE,YAAY;;;IA2BrD,OAAO,CAAC,4BAA4B;YAStB,4BAA4B;IAU1C,OAAO,CAAC,mCAAmC;YAI7B,4CAA4C;IAe1D,OAAO,CAAC,UAAU;YAWJ,qBAAqB;YAyBrB,mCAAmC;IAyC3C,sBAAsB,CAAC,gBAAgB,EAAE,gBAAgB;;;;YAuBjD,gCAAgC;IAc9C,OAAO,CAAC,uBAAuB;IAiB/B,OAAO,CAAC,oBAAoB;IAY5B,OAAO,CAAC,wBAAwB;YAMlB,uDAAuD;YAevD,GAAG;IAUjB,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,gBAAgB;IAalB,MAAM,CAAC,SAAS,EAAE,SAAS;;;;;;;;;;;;IA0BjC,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,UAAU;IAWZ,gBAAgB,CAAC,SAAS,EAAE,YAAY;;;;;;;;;;IAgB9C,OAAO,CAAC,gBAAgB;YAmBV,gBAAgB;YAqBhB,cAAc;IAmB5B,OAAO,CAAC,qBAAqB;YAOf,6BAA6B;IA6CrC,eAAe,CAAC,gBAAgB,EAAE,gBAAgB;;;;;;;;;;;;IAoCxD,OAAO,CAAC,gBAAgB;YAaV,aAAa;IAwB3B,OAAO,CAAC,gBAAgB;YAMV,uBAAuB;IAK/B,cAAc,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,UAAU,EAAE,cAAc;YAuDvE,2BAA2B;IAYnC,sBAAsB,CAAC,yBAAyB,EAAE,yBAAyB;;;;;;;;;;;YAkDnE,0BAA0B;IA4ClC,qBAAqB,CAAC,wBAAwB,EAAE,wBAAwB;;;;;;;YA8ChE,2BAA2B;IA4CnC,cAAc,CAAC,IAAI,EAAE,IAAI;;;;IAazB,mBAAmB,CAAC,IAAI,EAAE,IAAI;IAe9B,oBAAoB,CAAC,IAAI,EAAE,IAAI,EAAE,oBAAoB,CAAC,EAAE,MAAM;IAa9D,aAAa,CAAC,eAAe,EAAE,eAAe;;;;YAmDtC,SAAS;IAqBjB,uBAAuB,CAAC,IAAI,EAAE,IAAI;IAkBlC,iBAAiB,CAAC,UAAU,EAAE,MAAM;;;;;;;;;;;YAqC5B,iCAAiC;IAK/C,OAAO,CAAC,mBAAmB;YAOb,uBAAuB;YAMvB,mBAAmB;IAa3B,MAAM,CAAC,YAAY,EAAE,MAAM;;;IAuC3B,YAAY,CAAC,MAAM,EAAE,MAAM;IAS3B,EAAE,CAAC,UAAU,EAAE,cAAc;;;;;;;;;;IA8B7B,eAAe,CAAC,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAajG,eAAe,CAAC,IAAI,EAAE,MAAM;;;;;;;;;;;;CASrC"}
|
|
@@ -32,6 +32,7 @@ const user_entity_1 = require("../entities/user.entity");
|
|
|
32
32
|
const interfaces_1 = require("../interfaces");
|
|
33
33
|
const hashing_service_1 = require("./hashing.service");
|
|
34
34
|
const refresh_token_ids_storage_service_1 = require("./refresh-token-ids-storage.service");
|
|
35
|
+
const sso_code_storage_service_1 = require("./sso-code-storage.service");
|
|
35
36
|
const role_metadata_service_1 = require("./role-metadata.service");
|
|
36
37
|
const setting_service_1 = require("./setting.service");
|
|
37
38
|
const user_activity_history_service_1 = require("./user-activity-history.service");
|
|
@@ -44,7 +45,7 @@ var LoginProvider;
|
|
|
44
45
|
LoginProvider["OTP"] = "otp";
|
|
45
46
|
})(LoginProvider || (LoginProvider = {}));
|
|
46
47
|
let AuthenticationService = AuthenticationService_1 = class AuthenticationService {
|
|
47
|
-
constructor(userService, userRepository, hashingService, jwtService, refreshTokenIdsStorage, httpService, mailServiceFactory, smsFactory, eventEmitter, settingService, roleMetadataService, userActivityHistoryService, dataSource) {
|
|
48
|
+
constructor(userService, userRepository, hashingService, jwtService, refreshTokenIdsStorage, httpService, mailServiceFactory, smsFactory, eventEmitter, settingService, roleMetadataService, userActivityHistoryService, ssoCodeStorage, dataSource) {
|
|
48
49
|
this.userService = userService;
|
|
49
50
|
this.userRepository = userRepository;
|
|
50
51
|
this.hashingService = hashingService;
|
|
@@ -57,6 +58,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
57
58
|
this.settingService = settingService;
|
|
58
59
|
this.roleMetadataService = roleMetadataService;
|
|
59
60
|
this.userActivityHistoryService = userActivityHistoryService;
|
|
61
|
+
this.ssoCodeStorage = ssoCodeStorage;
|
|
60
62
|
this.dataSource = dataSource;
|
|
61
63
|
this.logger = new common_1.Logger(AuthenticationService_1.name);
|
|
62
64
|
}
|
|
@@ -115,6 +117,10 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
115
117
|
const activateUserOnRegistration = this.settingService.getConfigValue('activateUserOnRegistration');
|
|
116
118
|
const defaultRole = this.settingService.getConfigValue('defaultRole');
|
|
117
119
|
var { user, pwd, autoGeneratedPwd } = await this.populateForSignup(new user_entity_1.User(), signUpDto, activateUserOnRegistration, onForcePasswordChange);
|
|
120
|
+
const privateDto = signUpDto;
|
|
121
|
+
if (privateDto.isAllowedToGenerateApiKeys !== undefined) {
|
|
122
|
+
user.isAllowedToGenerateApiKeys = privateDto.isAllowedToGenerateApiKeys;
|
|
123
|
+
}
|
|
118
124
|
const savedUser = await this.userRepository.save(user);
|
|
119
125
|
const userRoles = signUpDto.roles ?? [];
|
|
120
126
|
if (signUpDto.username !== 'sa' && defaultRole) {
|
|
@@ -680,11 +686,14 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
680
686
|
});
|
|
681
687
|
}
|
|
682
688
|
}
|
|
683
|
-
|
|
684
|
-
const { accessToken, refreshToken } = await this.generateTokens(user);
|
|
689
|
+
buildUserPayload(user) {
|
|
685
690
|
const { id, username, email, mobile, lastLoginProvider } = user;
|
|
686
691
|
const roles = user.roles.map((role) => role.name);
|
|
687
|
-
return {
|
|
692
|
+
return { id, username, email, mobile, lastLoginProvider, roles };
|
|
693
|
+
}
|
|
694
|
+
async buildLoginTokenResponse(user) {
|
|
695
|
+
const { accessToken, refreshToken } = await this.generateTokens(user);
|
|
696
|
+
return { accessToken, refreshToken, user: this.buildUserPayload(user) };
|
|
688
697
|
}
|
|
689
698
|
async changePassword(changePasswordDto, activeUser) {
|
|
690
699
|
const user = await this.userRepository.findOne({
|
|
@@ -1042,11 +1051,27 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
1042
1051
|
};
|
|
1043
1052
|
return response;
|
|
1044
1053
|
}
|
|
1054
|
+
async generateSsoCode(activeUser, rawAccessToken) {
|
|
1055
|
+
const refreshTokenState = await this.refreshTokenIdsStorage.getCurrentRefreshTokenState(activeUser.sub);
|
|
1056
|
+
if (!refreshTokenState?.currentRefreshToken) {
|
|
1057
|
+
throw new common_1.UnauthorizedException('No active session found');
|
|
1058
|
+
}
|
|
1059
|
+
const ssoCode = await this.ssoCodeStorage.generateCode(activeUser.sub, rawAccessToken, refreshTokenState.currentRefreshToken);
|
|
1060
|
+
return { ssoCode };
|
|
1061
|
+
}
|
|
1062
|
+
async exchangeSsoCode(code) {
|
|
1063
|
+
const { userId, accessToken, refreshToken } = await this.ssoCodeStorage.consumeCode(code);
|
|
1064
|
+
const user = await this.userRepository.findOne({ where: { id: userId }, relations: { roles: true } });
|
|
1065
|
+
if (!user) {
|
|
1066
|
+
throw new common_1.UnauthorizedException('User not found');
|
|
1067
|
+
}
|
|
1068
|
+
return { accessToken, refreshToken, user: this.buildUserPayload(user) };
|
|
1069
|
+
}
|
|
1045
1070
|
};
|
|
1046
1071
|
exports.AuthenticationService = AuthenticationService;
|
|
1047
1072
|
exports.AuthenticationService = AuthenticationService = AuthenticationService_1 = __decorate([
|
|
1048
1073
|
(0, common_1.Injectable)(),
|
|
1049
|
-
__param(
|
|
1074
|
+
__param(13, (0, typeorm_1.InjectDataSource)()),
|
|
1050
1075
|
__metadata("design:paramtypes", [user_service_1.UserService,
|
|
1051
1076
|
user_repository_1.UserRepository,
|
|
1052
1077
|
hashing_service_1.HashingService,
|
|
@@ -1059,6 +1084,7 @@ exports.AuthenticationService = AuthenticationService = AuthenticationService_1
|
|
|
1059
1084
|
setting_service_1.SettingService,
|
|
1060
1085
|
role_metadata_service_1.RoleMetadataService,
|
|
1061
1086
|
user_activity_history_service_1.UserActivityHistoryService,
|
|
1087
|
+
sso_code_storage_service_1.SsoCodeStorageService,
|
|
1062
1088
|
typeorm_2.DataSource])
|
|
1063
1089
|
], AuthenticationService);
|
|
1064
1090
|
function parseUniqueConstraintError(detail) {
|