@steedos/auth 2.2.50 → 2.2.51-beta.4

package/src/spaceUserSession.ts

@@ -1,149 +0,0 @@
-import { getSteedosSchema, addConfig, getConfig, removeConfig } from '@steedos/objectql';
-import { isExpried } from './utils'
-const _ = require('underscore');
-const sessionCacheInMinutes = 10;
-const SPACEUSERCACHENAME = 'space_users_cache';
-
-const internalProfiles = ['admin', 'user', 'supplier', 'customer']
-
-async function getSpaceUserProfile(userId: string, spaceId: string) {
-    let filters = `(space eq '${spaceId}') and (user eq '${userId}')`;
-    let spaceUser = await getSteedosSchema().getObject('space_users').find({ filters: filters, fields: ['profile'] });
-    if (spaceUser && spaceUser.length > 0) {
-        return spaceUser[0].profile
-    }
-}
-
-async function getUserRoles(userId: string, spaceId: string) {
-    let roles = ['user'];
-    let space = await getSteedosSchema().getObject('spaces').findOne(spaceId, { fields: ['admins'] });
-    if (space && space.admins.includes(userId)) {
-        roles = ['admin'];
-    }
-
-    let profile = await getSpaceUserProfile(userId, spaceId);
-
-    if (profile) {
-        roles = [profile]
-    }
-
-    let filters = `(space eq '${spaceId}') and (users eq '${userId}')`;
-    let permission_sets = await getSteedosSchema().getObject('permission_set').directFind({ filters: filters, fields: ['name'] });
-    permission_sets.forEach(p => {
-        if (!_.include(internalProfiles, p.name)) {
-            roles.push(p.name);
-        }
-    });
-    return roles;
-}
-
-async function getObjectDataByIds(objectName: string, ids: string[], fields?: string[]) {
-    if (!ids || ids.length === 0) {
-        return []
-    }
-
-    let filters = _.map(ids, function (id) {
-        if (!id) {
-            return ''
-        }
-        return `(_id eq '${id}')`
-    }).join(' or ');
-
-    if (!filters) {
-        return []
-    }
-
-    let query = { filters: filters };
-    if (fields && fields.length > 0) {
-        query['fields'] = fields;
-    }
-
-    return await getSteedosSchema().getObject(objectName).directFind(query)
-}
-
-async function getUserPermissionShares(spaceUser) {
-    let userFilters = [`(users eq '${spaceUser.user}')`];
-    _.each(spaceUser.organizations_parents, (orgId) => {
-        userFilters.push(`(organizations eq '${orgId}')`);
-    })
-    let filters = `((${userFilters.join(' or ')}) and space eq '${spaceUser.space}')`
-    return await getSteedosSchema().getObject('permission_shares').find({ filters: filters, fields: ['_id', 'object_name'] });
-}
-
-export function getSpaceSessionFromCache(spaceId, userId) {
-    let spaceUserSession = getConfig(SPACEUSERCACHENAME, `${spaceId}-${userId}`)
-    if (!spaceUserSession) {
-        return null;
-    }
-    if (isExpried(spaceUserSession.expiredAt)) {
-        removeConfig(SPACEUSERCACHENAME, spaceUserSession);
-        return null;
-    }
-    return spaceUserSession;
-}
-
-export function addSpaceSessionToCache(spaceId, userId, spaceUserSession) {
-    spaceUserSession._id = `${spaceId}-${userId}`
-    addConfig(SPACEUSERCACHENAME, spaceUserSession);
-}
-
-
-export async function getSpaceUserSession(spaceId, userId) {
-    let spaceSession: any = getSpaceSessionFromCache(spaceId, userId);
-    if (!spaceSession) {
-        let expiredAt = new Date().getTime() + sessionCacheInMinutes * 60 * 1000;
-        let su = null;
-        let suFields = ['_id', 'space', 'company_id', 'company_ids', 'organization', 'organizations', 'organizations_parents', 'user'];
-        
-        // 如果spaceid和user不匹配，则取用户的第一个工作区
-        let spaceUsers = await getSteedosSchema().getObject('space_users').directFind({ filters: `(user eq '${userId}') and (user_accepted eq true)`, fields: suFields });
-        const findSpaceUser = _.find(spaceUsers, (spaceUser)=>{ return spaceUser.space === spaceId })
-        if(findSpaceUser){
-            su = findSpaceUser;
-        }else{
-            su = spaceUsers[0];
-        }
-
-        if (su) {
-            let userSpaceId = su.space;
-            let userSpaceIds = _.pluck(spaceUsers, 'space');
-            let roles = await getUserRoles(userId, userSpaceId);
-            let profile = await getSpaceUserProfile(userId, userSpaceId);
-            spaceSession = { roles: roles, profile: profile,expiredAt: expiredAt };
-            spaceSession.spaceId = userSpaceId;
-            spaceSession.spaces = await getObjectDataByIds('spaces', userSpaceIds, ['name', 'admins']);
-            spaceSession.space = _.find(spaceSession.spaces, (record)=>{ return record._id === userSpaceId });
-            
-            spaceSession.companies = await getObjectDataByIds('company', su.company_ids, ['name', 'organization']);
-            spaceSession.company = _.find(spaceSession.companies, (record)=>{ return record._id === su.company_id });
-            
-            spaceSession.organizations = await getObjectDataByIds('organizations', su.organizations, ['name', 'fullname', 'company_id']);
-            spaceSession.organization = _.find(spaceSession.organizations, (record)=>{ return record._id === su.organization });
-
-            if (spaceSession.space && spaceSession.space.admins) {
-                spaceSession.is_space_admin = spaceSession.space.admins.indexOf(userId) > -1;
-            }
-            if (spaceSession.company) {
-                spaceSession.company_id = spaceSession.company._id;
-            }
-            if (spaceSession.companies) {
-                spaceSession.company_ids = spaceSession.companies.map(function (company: any) { return company._id });
-            }
-            spaceSession.permission_shares = await getUserPermissionShares(su);
-            addSpaceSessionToCache(spaceId, userId, spaceSession);
-            return spaceSession;
-        } else {
-            spaceSession = { roles: ['guest'], expiredAt: expiredAt };
-        }
-    }
-    return spaceSession;
-}
-
-export async function updateSpaceUserSessionRolesCache(spaceId, userId) {
-    let spaceSession: any = getSpaceSessionFromCache(spaceId, userId);
-    if (spaceSession) {
-        spaceSession.roles = await getUserRoles(userId, spaceId);
-        return true;
-    }
-    return false;
-}

package/src/tokenMap.ts

@@ -1,54 +0,0 @@
-import crypto = require('crypto');
-import {
-  getSteedosSchema,
-  addConfig,
-  getConfig,
-  removeManyConfigs,
-} from "@steedos/objectql";
-const TOKENMAPCACHENAME = "token_map_cache";
-
-function getTokenMapCache(token) {
-  return getConfig(TOKENMAPCACHENAME, token);
-}
-
-function setTokenMapCache(token, tokenMap) {
-  tokenMap._id = token;
-  addConfig(TOKENMAPCACHENAME, tokenMap);
-}
-
-function _hashLoginToken(token: string) {
-  const hash = crypto.createHash("sha256");
-  hash.update(token);
-  return hash.digest("base64");
-}
-
-async function getUser(token: string) {
-  let hashedToken = _hashLoginToken(token).replace(/\//g, "%2F");
-  let filters = `(services/resume/loginTokens/hashedToken eq '${hashedToken}')`;
-  let users = await getSteedosSchema()
-    .getObject("users")
-    .find({ filters: filters, fields: ["_id"] });
-  return users[0];
-}
-
-export async function getUserIdByToken(token, clientInfos = {}) {
-  let tokenMap = getTokenMapCache(token);
-  if (!tokenMap) {
-    let user = await getUser(token);
-    if (user) {
-      let userId = user._id;
-      setTokenMapCache(
-        token,
-        Object.assign({}, clientInfos, { userId: userId })
-      );
-      return userId;
-    } else {
-      return;
-    }
-  }
-  return tokenMap.userId;
-}
-
-export function removeUserTokens(userId, is_phone) {
-  removeManyConfigs(TOKENMAPCACHENAME, { userId: userId, is_phone });
-}

package/src/userSession.ts

@@ -1,59 +0,0 @@
-import { getSteedosSchema, addConfig, getConfig, removeConfig } from '@steedos/objectql';
-import { isExpried } from './utils'
-const sessionCacheInMinutes = 10;
-const USERCACHENAME = 'users_cache';
-
-export function getSessionFromCache(userId) {
-    let userSession = getConfig(USERCACHENAME, userId)
-    if (!userSession) {
-        return null;
-    }
-    if (isExpried(userSession.expiredAt)) {
-        removeConfig(USERCACHENAME, userSession);
-        return null;
-    }
-    return userSession;
-}
-
-export function addSessionToCache(userId, userSession) {
-    userSession._id = userId
-    addConfig(USERCACHENAME, userSession);
-}
-
-async function getUser(userId) {
-    let user = await getSteedosSchema().getObject('users').findOne(userId, { fields: ['name', 'username', 'mobile', 'email', 'utcOffset', 'steedos_id', 'locale'] });
-    return user;
-}
-
-export async function getUserSession(userId) {
-    let expiredAt = new Date().getTime() + sessionCacheInMinutes * 60 * 1000;
-    let session = getSessionFromCache(userId);
-    if (!session) {
-        let user = await getUser(userId);
-        if (user) {
-            session = {};
-            session.userId = user._id;
-            session.name = user.name;
-            session.username = user.username;
-            session.mobile = user.mobile;
-            session.email = user.email;
-            session.utcOffset = user.utcOffset;
-            session.steedos_id = user.steedos_id;
-            session.locale = user.locale;
-            if(user.locale == "en-us"){
-                session.language = "en"
-            }else if(user.locale == "zh-cn"){
-                session.language = "zh-CN"
-            }else{
-                session.language = user.locale
-            }
-            session.expiredAt = expiredAt;
-            addSessionToCache(userId, session);
-            return session;
-        }
-        else {
-            return
-        }
-    }
-    return session
-}

package/src/utils/index.ts

@@ -1,82 +0,0 @@
-import crypto = require('crypto');
-import { default as Random } from './random';
-import { getSteedosSchema } from '@steedos/objectql';
-const Cookies = require('cookies');
-
-export const hashLoginToken = function (loginToken) {
-  const hash = crypto.createHash('sha256');
-  hash.update(loginToken);
-  return hash.digest('base64');
-}
-
-export const generateStampedLoginToken = function () {
-  return {
-    token: Random.secret(),
-    when: new Date
-  };
-}
-
-export const hashStampedToken = function (stampedToken) {
-  const hashedStampedToken = Object.keys(stampedToken).reduce(
-    (prev, key) => key === 'token' ?
-      prev :
-      { ...prev, [key]: stampedToken[key] },
-    {},
-  )
-  return {
-    ...hashedStampedToken,
-    hashedToken: hashLoginToken(stampedToken.token)
-  };
-}
-
-export const insertHashedLoginToken = async function (userId, hashedToken) {
-  let userObject = getSteedosSchema().getObject('users')
-  let user = await userObject.findOne(userId, { fields: ['services'] })
-  if(!user['services']){
-    user['services'] = {}
-  }
-  if(!user['services']['resume']){
-    user['services']['resume'] = {loginTokens: []}
-  }
-  user['services']['resume']['loginTokens'].push(hashedToken)
-  let data = { services: user['services'] }
-  return await userObject.update(userId, data);
-}
-
-
-
-export const setAuthCookies = function (req, res, userId, authToken, spaceId?) {
-  let cookies = new Cookies(req, res);
-  let options = {
-    maxAge: 90 * 60 * 60 * 24 * 1000,
-    httpOnly: true,
-    overwrite: true
-  }
-  cookies.set("X-User-Id", userId, options);
-  cookies.set("X-Auth-Token", authToken, options);
-  if (spaceId) {
-    cookies.set("X-Space-Id", spaceId, options);
-    cookies.set("X-Space-Token", spaceId + ',' + authToken, options);
-  }
-
-  return;
-}
-
-
-export const clearAuthCookies = function (req, res) {
-  let cookies = new Cookies(req, res);
-  let options = {
-    maxAge: 0,
-    httpOnly: true,
-    overwrite: true
-  }
-  cookies.set("X-User-Id", null, options);
-  cookies.set("X-Auth-Token", null, options);
-  cookies.set("X-Access-Token", null, options);
-  cookies.set("X-Space-Token", null, options);
-  return;
-}
-
-export function isExpried(expiredAt: number) {
-  return expiredAt <= new Date().getTime();
-}

package/src/utils/random.ts

@@ -1,236 +0,0 @@
-// We use cryptographically strong PRNGs (crypto.getRandomBytes() on the server,
-// window.crypto.getRandomValues() in the browser) when available. If these
-// PRNGs fail, we fall back to the Alea PRNG, which is not cryptographically
-// strong, and we seed it with various sources such as the date, Math.random,
-// and window size on the client.  When using crypto.getRandomValues(), our
-// primitive is hexString(), from which we construct fraction(). When using
-// window.crypto.getRandomValues() or alea, the primitive is fraction and we use
-// that to construct hex string.
-
-var nodeCrypto = require('crypto');
-
-// see http://baagoe.org/en/wiki/Better_random_numbers_for_javascript
-// for a full discussion and Alea implementation.
-var Alea = function () {
-  function Mash() {
-    var n = 0xefc8249d;
-
-    var mash = function(data) {
-      data = data.toString();
-      for (var i = 0; i < data.length; i++) {
-        n += data.charCodeAt(i);
-        var h = 0.02519603282416938 * n;
-        n = h >>> 0;
-        h -= n;
-        h *= n;
-        n = h >>> 0;
-        h -= n;
-        n += h * 0x100000000; // 2^32
-      }
-      return (n >>> 0) * 2.3283064365386963e-10; // 2^-32
-    };
-
-    mash['version'] = 'Mash 0.9';
-    return mash;
-  }
-
-  return (function (args) {
-    var s0 = 0;
-    var s1 = 0;
-    var s2 = 0;
-    var c = 1;
-
-    if (args.length == 0) {
-      args = [+new Date];
-    }
-    var mash = Mash();
-    s0 = mash(' ');
-    s1 = mash(' ');
-    s2 = mash(' ');
-
-    for (var i = 0; i < args.length; i++) {
-      s0 -= mash(args[i]);
-      if (s0 < 0) {
-        s0 += 1;
-      }
-      s1 -= mash(args[i]);
-      if (s1 < 0) {
-        s1 += 1;
-      }
-      s2 -= mash(args[i]);
-      if (s2 < 0) {
-        s2 += 1;
-      }
-    }
-    mash = null;
-
-    var random = function() {
-      var t = 2091639 * s0 + c * 2.3283064365386963e-10; // 2^-32
-      s0 = s1;
-      s1 = s2;
-      return s2 = t - (c = t | 0);
-    };
-    random['uint32'] = function() {
-      return random() * 0x100000000; // 2^32
-    };
-    random['fract53'] = function() {
-      return random() +
-        (random() * 0x200000 | 0) * 1.1102230246251565e-16; // 2^-53
-    };
-    random['version'] = 'Alea 0.9';
-    random['args'] = args;
-    return random;
-
-  } (Array.prototype.slice.call(arguments)));
-};
-
-var UNMISTAKABLE_CHARS = "23456789ABCDEFGHJKLMNPQRSTWXYZabcdefghijkmnopqrstuvwxyz";
-var BASE64_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" +
-  "0123456789-_";
-
-// `type` is one of `RandomGenerator.Type` as defined below.
-//
-// options:
-// - seeds: (required, only for RandomGenerator.Type.ALEA) an array
-//   whose items will be `toString`ed and used as the seed to the Alea
-//   algorithm
-var RandomGenerator = function (type, options?) {
-  var self = this;
-  self.type = type;
-
-  if (!RandomGenerator['Type'][type]) {
-    throw new Error("Unknown random generator type: " + type);
-  }
-
-  if (type === RandomGenerator['Type'].ALEA) {
-    if (!options.seeds) {
-      throw new Error("No seeds were provided for Alea PRNG");
-    }
-    self.alea = Alea.apply(null, options.seeds);
-  }
-};
-
-// Types of PRNGs supported by the `RandomGenerator` class
-RandomGenerator['Type'] = {
-  // Use Node's built-in `crypto.getRandomBytes` (cryptographically
-  // secure but not seedable, runs only on the server). Reverts to
-  // `crypto.getPseudoRandomBytes` in the extremely uncommon case that
-  // there isn't enough entropy yet
-  NODE_CRYPTO: "NODE_CRYPTO",
-
-
-  // Use the *fast*, seedaable and not cryptographically secure
-  // Alea algorithm
-  ALEA: "ALEA",
-};
-
-/**
- * @name Random.fraction
- * @summary Return a number between 0 and 1, like `Math.random`.
- * @locus Anywhere
- */
-RandomGenerator.prototype.fraction = function () {
-  var self = this;
-  if (self.type === RandomGenerator['Type'].ALEA) {
-    return self.alea();
-  } else if (self.type === RandomGenerator['Type'].NODE_CRYPTO) {
-    var numerator = parseInt(self.hexString(8), 16);
-    return numerator * 2.3283064365386963e-10; // 2^-32
-  } else {
-    throw new Error('Unknown random generator type: ' + self.type);
-  }
-};
-
-/**
- * @name Random.hexString
- * @summary Return a random string of `n` hexadecimal digits.
- * @locus Anywhere
- * @param {Number} n Length of the string
- */
-RandomGenerator.prototype.hexString = function (digits) {
-  var self = this;
-  if (self.type === RandomGenerator['Type'].NODE_CRYPTO) {
-    var numBytes = Math.ceil(digits / 2);
-    var bytes;
-    // Try to get cryptographically strong randomness. Fall back to
-    // non-cryptographically strong if not available.
-    try {
-      bytes = nodeCrypto.randomBytes(numBytes);
-    } catch (e) {
-      // XXX should re-throw any error except insufficient entropy
-      bytes = nodeCrypto.pseudoRandomBytes(numBytes);
-    }
-    var result = bytes.toString("hex");
-    // If the number of digits is odd, we'll have generated an extra 4 bits
-    // of randomness, so we need to trim the last digit.
-    return result.substring(0, digits);
-  } else {
-    return this._randomString(digits, "0123456789abcdef");
-  }
-};
-
-RandomGenerator.prototype._randomString = function (charsCount,
-                                                    alphabet) {
-  var self = this;
-  var digits = [];
-  for (var i = 0; i < charsCount; i++) {
-    digits[i] = self.choice(alphabet);
-  }
-  return digits.join("");
-};
-
-/**
- * @name Random.id
- * @summary Return a unique identifier, such as `"Jjwjg6gouWLXhMGKW"`, that is
- * likely to be unique in the whole world.
- * @locus Anywhere
- * @param {Number} [n] Optional length of the identifier in characters
- *   (defaults to 17)
- */
-RandomGenerator.prototype.id = function (charsCount) {
-  var self = this;
-  // 17 characters is around 96 bits of entropy, which is the amount of
-  // state in the Alea PRNG.
-  if (charsCount === undefined)
-    charsCount = 17;
-
-  return self._randomString(charsCount, UNMISTAKABLE_CHARS);
-};
-
-/**
- * @name Random.secret
- * @summary Return a random string of printable characters with 6 bits of
- * entropy per character. Use `Random.secret` for security-critical secrets
- * that are intended for machine, rather than human, consumption.
- * @locus Anywhere
- * @param {Number} [n] Optional length of the secret string (defaults to 43
- *   characters, or 256 bits of entropy)
- */
-RandomGenerator.prototype.secret = function (charsCount) {
-  var self = this;
-  // Default to 256 bits of entropy, or 43 characters at 6 bits per
-  // character.
-  if (charsCount === undefined)
-    charsCount = 43;
-  return self._randomString(charsCount, BASE64_CHARS);
-};
-
-/**
- * @name Random.choice
- * @summary Return a random element of the given array or string.
- * @locus Anywhere
- * @param {Array|String} arrayOrString Array or string to choose from
- */
-RandomGenerator.prototype.choice = function (arrayOrString) {
-  var index = Math.floor(this.fraction() * arrayOrString.length);
-  if (typeof arrayOrString === "string")
-    return arrayOrString.substr(index, 1);
-  else
-    return arrayOrString[index];
-};
-
-
-let Random = new RandomGenerator(RandomGenerator['Type'].NODE_CRYPTO);
-
-
-export default Random

package/test/init.js

@@ -1,12 +0,0 @@
-/*
- * Copyright (c) 2018, salesforce.com, inc.
- * All rights reserved.
- * SPDX-License-Identifier: BSD-3-Clause
- * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
- */
-const path = require('path');
-process.env.TS_NODE_PROJECT = path.resolve('test/tsconfig.json');
-// process.env.DRIVER_SQLSERVER_URL = "mssql://sa:hotoainc.@192.168.0.190/driver-test";
-// process.env.DRIVER_SQLSERVER_URL = "mssql://sa:hotoainc.@192.168.0.78/driver-test";
-// process.env.DRIVER_SQLSERVER_TDS = "7_2";//7_2为2005,7_4为2012+,默认为7_4
-

package/test/mocha.opts

@@ -1,7 +0,0 @@
---require test/init.js
---require ts-node/register
---require test/utils/test-setup
---watch-extensions ts
---recursive
---reporter spec
---timeout 5000

package/test/tsconfig.json

@@ -1,11 +0,0 @@
-{
-  "extends": "../../../node_modules/@salesforce/dev-config/tsconfig",
-  "include": ["unit/**/*.ts", "../node_modules/@types/**/*.d.ts"],
-  "compilerOptions": {
-    "noEmit": true,
-    "strict": false,
-    "noUnusedLocals": true,
-    "emitDecoratorMetadata": true,
-    "experimentalDecorators": true
-  }
-}

package/test/tslint.json

@@ -1,6 +0,0 @@
-{
-  "extends": "../tslint.json",
-  "rules": {
-    "no-unused-expression": false
-  }
-}

package/test/unit/jwt.test.ts

@@ -1,11 +0,0 @@
-// import { expect } from 'chai';
-// import { jwtRouter } from '../../src/jwt';
-
-// describe('test session', () => {
-
-//     it('test jwtRouter', () => {
-//         console.log(jwtRouter)
-//         expect(!!jwtRouter).to.be.eq(true);
-//     });
-
-// });