@steedos/auth 2.2.51-beta.1 → 2.2.51-beta.2

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@steedos/auth",
   "private": false,
-  "version": "2.2.51-beta.1",
+  "version": "2.2.51-beta.2",
   "main": "lib/index.js",
   "scripts": {
     "watch": "tsc --watch",
@@ -14,7 +14,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@steedos/objectql": "2.2.51-beta.1",
+    "@steedos/objectql": "2.2.51-beta.2",
     "cookies": "^0.7.3",
     "express": "^4.16.4",
     "jsonwebtoken": "^8.5.1",
@@ -32,5 +32,5 @@
     "ts-node": "^8.0.3",
     "typescript": "3.5.3"
   },
-  "gitHead": "edeb1c70d34159e3caac697f9e207c2ca98d8d00"
+  "gitHead": "c324c40fa8facd3bf73a51e8c417293a9349f9fb"
 }

package/lib/apikey.d.ts

@@ -1,9 +0,0 @@
-export declare function isAPIKey(token: any): any;
-export declare function verifyAPIKey(token: any): Promise<{
-    userId: any;
-    spaceId: any;
-}>;
-export declare function getAPIKey(spaceId: any): Promise<any>;
-export declare function getAPIKeyAuthHeader(spaceId: any): Promise<{
-    Authorization: string;
-}>;

package/lib/auth-middleware.d.ts

@@ -1,7 +0,0 @@
-import { Response } from 'express';
-import * as core from "express-serve-static-core";
-interface Request extends core.Request {
-    user: any;
-}
-export declare const requireAuthentication: (req: Request, res: Response, next: () => void) => Promise<void>;
-export {};

package/lib/endpoints/jwt.d.ts

@@ -1 +0,0 @@
-export declare const jwtSSO: (req: any, res: any) => Promise<void>;

package/lib/endpoints/login.d.ts

@@ -1,2 +0,0 @@
-import * as express from 'express';
-export declare const login: (req: express.Request, res: express.Response) => Promise<express.Response<any, Record<string, any>>>;

package/lib/endpoints/logout.d.ts

@@ -1,2 +0,0 @@
-import * as express from 'express';
-export declare const logout: (req: express.Request, res: express.Response) => Promise<express.Response<any, Record<string, any>>>;

package/lib/endpoints/validate.d.ts

@@ -1,2 +0,0 @@
-import * as express from 'express';
-export declare const validate: (req: express.Request, res: express.Response) => Promise<express.Response<any, Record<string, any>>>;

package/lib/express-middleware.d.ts

@@ -1 +0,0 @@
-export declare const authExpress: any;

package/lib/index.d.ts

@@ -1,8 +0,0 @@
-export { getSession, auth, setRequestUser, getSessionByUserId, getSessionByUserIdSync, removeUserSessionsCacheByUserId } from "./session";
-export * from "./utils";
-export * from "./tokenMap";
-export * from './userSession';
-export * from './spaceUserSession';
-export { authExpress } from "./express-middleware";
-export { getAPIKeyAuthHeader } from './apikey';
-export { requireAuthentication } from './auth-middleware';

package/lib/session.d.ts

@@ -1,18 +0,0 @@
-import { SteedosUserSession } from '@steedos/objectql';
-import { Response } from "express";
-import * as core from "express-serve-static-core";
-interface Request extends core.Request {
-    user?: any;
-}
-export declare function getSessionByUserId(userId: any, spaceId?: any): Promise<SteedosUserSession>;
-export declare function getSessionByUserIdSync(userId: any, spaceId?: any): any;
-export declare function getSession(token: string, spaceId?: string, clientInfos?: any): Promise<SteedosUserSession>;
-export declare function getUserAgent(req: any): string;
-export declare function getLoginDevice(userAgent: any): {
-    is_phone: boolean;
-    is_tablet: boolean;
-};
-export declare function auth(request: Request, response: Response): Promise<any>;
-export declare function setRequestUser(request: Request, response: Response, next: () => void): Promise<void>;
-export declare function removeUserSessionsCacheByUserId(userId: any, is_phone: any): void;
-export {};

package/lib/spaceUserSession.d.ts

@@ -1,4 +0,0 @@
-export declare function getSpaceSessionFromCache(spaceId: any, userId: any): any;
-export declare function addSpaceSessionToCache(spaceId: any, userId: any, spaceUserSession: any): void;
-export declare function getSpaceUserSession(spaceId: any, userId: any): Promise<any>;
-export declare function updateSpaceUserSessionRolesCache(spaceId: any, userId: any): Promise<boolean>;

package/lib/tokenMap.d.ts

@@ -1,2 +0,0 @@
-export declare function getUserIdByToken(token: any, clientInfos?: {}): Promise<any>;
-export declare function removeUserTokens(userId: any, is_phone: any): void;

package/lib/userSession.d.ts

@@ -1,3 +0,0 @@
-export declare function getSessionFromCache(userId: any): any;
-export declare function addSessionToCache(userId: any, userSession: any): void;
-export declare function getUserSession(userId: any): Promise<any>;

package/lib/utils/index.d.ts

@@ -1,12 +0,0 @@
-export declare const hashLoginToken: (loginToken: any) => string;
-export declare const generateStampedLoginToken: () => {
-    token: any;
-    when: Date;
-};
-export declare const hashStampedToken: (stampedToken: any) => {
-    hashedToken: string;
-};
-export declare const insertHashedLoginToken: (userId: any, hashedToken: any) => Promise<any>;
-export declare const setAuthCookies: (req: any, res: any, userId: any, authToken: any, spaceId?: any) => void;
-export declare const clearAuthCookies: (req: any, res: any) => void;
-export declare function isExpried(expiredAt: number): boolean;

package/lib/utils/random.d.ts

@@ -1,2 +0,0 @@
-declare let Random: any;
-export default Random;

package/src/apikey.ts

@@ -1,36 +0,0 @@
-import { getObject, SteedosError } from '@steedos/objectql';
-
-const HEADER_AUTH = 'Authorization';
-const AUTH_TYPE = 'Bearer';
-
-export function isAPIKey(token) {
-    return token.startsWith('apikey,')
-}
-
-export async function verifyAPIKey(token) {
-    if (isAPIKey(token)) {
-        const apikey = token.replace('apikey,', '');
-        const records = await getObject('api_keys').find({ filters: [['api_key', '=', apikey], ['active', '=', true]] });
-        if (records.length > 0) {
-            const record = records[0];
-            await getObject('api_keys').update(record._id, { last_use_time: new Date() });
-            return { userId: record.owner, spaceId: record.space };
-        }
-    }
-}
-
-export async function getAPIKey(spaceId) {
-    const space = await getObject('spaces').findOne(spaceId, {});
-    if (space) {
-        return space.api_key;
-    }
-}
-
-export async function getAPIKeyAuthHeader(spaceId) {
-    const api_key = await getAPIKey(spaceId);
-    if (!api_key) {
-        throw new SteedosError('space_apikey_notfind');
-    }else{
-        return {[HEADER_AUTH]: `${AUTH_TYPE} apikey,${api_key}`};
-    }
-}

package/src/auth-middleware.ts

@@ -1,18 +0,0 @@
-import { setRequestUser } from "./session";
-import { Response } from 'express';
-import * as core from "express-serve-static-core";
-interface Request extends core.Request {
-    user: any;
-}
-
-export const requireAuthentication = async (req: Request, res: Response, next: () => void) => {
-    await setRequestUser(req, res, function () {
-        if (req.user) {
-            next();
-        }
-        else {
-            res.status(401).send({ status: 'error', message: 'You must be logged in to do this.' });
-        }
-    });
-
-}

package/src/creator.d.ts

@@ -1,7 +0,0 @@
-declare var Meteor;
-declare var SimpleSchema;
-declare var Match;
-declare var Creator;
-declare var Steedos;
-declare var WebApp;
-declare var WebAppInternals;

package/src/endpoints/jwt.ts

@@ -1,77 +0,0 @@
-import { hashStampedToken, insertHashedLoginToken, hashLoginToken, setAuthCookies } from '../utils';
-import { getSteedosSchema } from '@steedos/objectql'
-
-// function secretCallback(req, payload, done) {
-//   let issuer = payload.iss
-//   let collection = getSteedosSchema().getObject('OAuth2Clients')
-//   collection.find({ filters: `clientId eq '${issuer}'` }).then(function (resolve) {
-//     let clientInfo = resolve[0]
-//     let clientSecret = clientInfo ? clientInfo.clientSecret : ''
-//     done(null, clientSecret)
-//   }).catch(function (reject) {
-//     done(reject, '')
-//   })
-// }
-
-async function getTokenInfo(req) {
-  let payload = req.user
-  let data = { userId: '', authToken: '' }
-  let userObj = getSteedosSchema().getObject('users')
-  let user = (await userObj.find({ filters: `username eq '${payload.username}'`, fields: ['_id'] }))[0]
-  if (user) {
-    let userId = user._id
-    let authToken = payload.sessionId ? `${payload.iss}-${payload.username}-${payload.sessionId}` : `${payload.iss}-${payload.username}`
-    let hashedToken = hashLoginToken(authToken).replace(/\//g, '%2F');
-    let filters = `(services/resume/loginTokens/hashedToken eq '${hashedToken}')`;
-    if (await userObj.count({ filters: filters })) {
-      data = { userId: userId, authToken: authToken }
-    } else {
-      let stampedToken = {
-        token: authToken,
-        when: new Date
-      }
-      let hashedTokenObj = hashStampedToken(stampedToken)
-      await insertHashedLoginToken(userId, hashedTokenObj)
-
-      data = { userId: userId, authToken: authToken }
-    }
-  }
-
-  return data;
-}
-
-export const jwtSSO = async (req, res) => {
-  try {
-    let jwt = require('jsonwebtoken');
-    let token = req.query.jwt_token;
-    if (!token) {
-      throw new Error('jwt_token is needed!')
-    }
-    let decoded = jwt.decode(token, { complete: true });
-    let payload = decoded.payload;
-    let issuer = payload.iss;
-    if (!issuer) {
-      throw new Error('issuer is needed!')
-    }
-    let collection = getSteedosSchema().getObject('OAuth2Clients')
-    let clients = await collection.find({ filters: `clientId eq '${issuer}'` })
-    let clientInfo = clients[0]
-    let secret = clientInfo ? clientInfo.clientSecret : ''
-    let spaceId = clientInfo ? clientInfo.space : ''
-    if (!secret) {
-      throw new Error('secret is needed!')
-    }
-    if (!spaceId) {
-      throw new Error('spaceId is needed!')
-    }
-    let verifiedPayload = jwt.verify(token, secret);
-    let data = await getTokenInfo({ user: verifiedPayload })
-    setAuthCookies(req, res, data.userId, data.authToken, spaceId)
-    let redirectUrl = verifiedPayload.redirect_url;
-    res.redirect(302, redirectUrl);
-  } catch (error) {
-    console.error(error);
-    res.status(500).send(error.messenger)
-  }
-
-}

package/src/endpoints/login.ts

@@ -1,38 +0,0 @@
-
-import * as express from 'express';
-const SHA256 = require("sha256");
-const bcrypt = require('bcryptjs');
-import { getSession } from '../session';
-import { setAuthCookies, generateStampedLoginToken, hashStampedToken, insertHashedLoginToken } from '../utils';
-
-declare var Meteor;
-
-export const login = async (req: express.Request, res: express.Response) => {
-    let username = req.body["username"];
-    let password = req.body["password"];
-    let spaceId = req.body["spaceId"]; // 需要登录的工作区Id，如果不传入，自动选中第一个工作区
-    let bcryptPassword = SHA256(password);
-    let user = Meteor.users.findOne({
-        $or: [{ "username": username }, { "emails.address": username }, { "mobile": username }]
-    });
-    if (!user) {
-        res.status(401).send();
-        return;
-    }
-    let match = await bcrypt.compare(bcryptPassword, user.services.password.bcrypt);
-    if (!match) {
-        res.status(401).send();
-        return;
-    }
-    let authtToken = null;
-    let stampedAuthToken = generateStampedLoginToken();
-    authtToken = stampedAuthToken.token;
-    let hashedToken = hashStampedToken(stampedAuthToken);
-    await insertHashedLoginToken(user._id, hashedToken);
-    let userSession = await getSession(authtToken, spaceId);
-    // set cookie to response
-    // maxAge 3 month
-    setAuthCookies(req, res, user._id, authtToken, userSession.spaceId);
-    res.setHeader('X-Space-Token', userSession.spaceId + ',' + authtToken);
-    return res.send(userSession);
-}

package/src/endpoints/logout.ts

@@ -1,8 +0,0 @@
-
-import * as express from 'express';
-import { clearAuthCookies } from '../utils';
-
-export const logout = async (req: express.Request, res: express.Response) => {
-    clearAuthCookies(req, res);
-    return res.end();
-}

package/src/endpoints/validate.ts

@@ -1,33 +0,0 @@
-
-import * as express from 'express';
-import { auth } from '../session';
-import { setAuthCookies, clearAuthCookies } from '../utils';
-import { getSteedosSchema } from '@steedos/objectql';
-
-export const validate = async (req: express.Request, res: express.Response) => {
-    let utcOffset = req.body.utcOffset;
-    let userSession = await auth(req, res);
-    let spaceUser = await getSteedosSchema().getObject('space_users').find({filters: [['space', '=', userSession.spaceId], ['user', '=', userSession.userId], ['user_accepted', '=', true]]});
-    if (userSession.userId) {
-        if(spaceUser.length > 0){
-            let user = await getSteedosSchema().getObject('users').findOne(userSession.userId, { fields: ['utcOffset','password_expired','lockout'] });
-            if(user.lockout){
-                clearAuthCookies(req, res)
-            }else{
-                setAuthCookies(req, res, userSession.userId, userSession.authToken, userSession.spaceId);
-                if (!user.hasOwnProperty('utcOffset')) {
-                    await getSteedosSchema().getObject('users').update(userSession.userId, { 'utcOffset': utcOffset })
-                }
-                return res.send(Object.assign({}, userSession, {password_expired: user.password_expired}));
-            }
-        }else{
-            clearAuthCookies(req, res)
-        }
-    }
-    clearAuthCookies(req, res);
-    return res.status(401).send({
-        "error": "Validate Request -- Missing X-Auth-Token",
-        "instance": "1329598861",
-        "success": false
-    })
-}

package/src/express-middleware.ts

@@ -1,19 +0,0 @@
-const express = require('express');
-
-import { login } from "./endpoints/login";
-import { logout } from "./endpoints/logout";
-import { validate } from "./endpoints/validate";
-import { jwtSSO } from "./endpoints/jwt";
-
-export const authExpress = express.Router();
-
-authExpress.post('/api/v4/users/login', login);
-authExpress.post('/api/v4/users/logout', logout);
-authExpress.post('/api/v4/users/validate', validate)
-
-// 保留以前的接口路由
-authExpress.post('/api/setup/login', login);
-authExpress.post('/api/setup/logout', logout)
-authExpress.post('/api/setup/validate', validate)
-
-authExpress.get('/jwt/sso', jwtSSO);

package/src/index.ts

@@ -1,8 +0,0 @@
-export { getSession, auth, setRequestUser, getSessionByUserId, getSessionByUserIdSync, removeUserSessionsCacheByUserId } from "./session";
-export * from "./utils";
-export * from "./tokenMap";
-export * from './userSession';
-export * from './spaceUserSession';
-export { authExpress } from "./express-middleware";
-export { getAPIKeyAuthHeader } from './apikey';
-export { requireAuthentication } from './auth-middleware';

package/src/session.ts

@@ -1,172 +0,0 @@
-import { SteedosUserSession, isTemplateSpace, wrapAsync } from '@steedos/objectql';
-import { Response } from "express";
-import { getUserIdByToken, removeUserTokens } from './tokenMap'
-import { getUserSession } from './userSession'
-import { getSpaceUserSession } from './spaceUserSession'
-
-import * as core from "express-serve-static-core";
-import { isAPIKey, verifyAPIKey } from './apikey';
-
-import isMobile from "ismobilejs";
-interface Request extends core.Request {
-  user?: any;
-}
-
-const Cookies = require("cookies");
-
-function assignSession(spaceId, userSession, spaceSession) {
-  let result = Object.assign({ spaceId: spaceId }, userSession, spaceSession);
-  return reviseSession(result);
-}
-
-function reviseSession(session) {
-  if (session) {
-    delete session.expiredAt;
-    delete session._id;
-  }
-  return session;
-}
-
-export async function getSessionByUserId(
-  userId,
-  spaceId?
-): Promise<SteedosUserSession> {
-  if (!userId) {
-    return;
-  }
-
-  let userSession = await getUserSession(userId);
-  if (!userSession) {
-    return;
-  }
-
-  let spaceUserSession = {};
-  if (spaceId) {
-    spaceUserSession = await getSpaceUserSession(spaceId, userId);
-  }
-
-  return assignSession(spaceId, userSession, spaceUserSession);
-}
-
-export function getSessionByUserIdSync(userId, spaceId?): any {
-  let getSessionFn = function() {
-    return getSessionByUserId(userId, spaceId);
-  };
-  return wrapAsync(getSessionFn, {});
-}
-
-export async function getSession(
-  token: string,
-  spaceId?: string,
-  clientInfos?: any
-): Promise<SteedosUserSession> {
-  if (!token) {
-    return;
-  }
-  let userId = null;
-  if (isAPIKey(token)) {
-    const apiKeyInfo = await verifyAPIKey(token);
-    if (apiKeyInfo) {
-      userId = apiKeyInfo.userId;
-      spaceId = apiKeyInfo.spaceId;
-    }
-  } else {
-    userId = await getUserIdByToken(token, clientInfos);
-  }
-  if (!userId) {
-    return;
-  }
-  let userSession = await getUserSession(userId);
-  if (!userSession) {
-    return;
-  }
-  let spaceUserSession = await getSpaceUserSession(spaceId, userId);
-
-  return assignSession(spaceId, userSession, spaceUserSession);
-}
-
-export function getUserAgent(req: any) {
-  let userAgent: string = (req.headers["user-agent"] as string) || "";
-  if (req.headers["x-ucbrowser-ua"]) {
-    // special case of UC Browser
-    userAgent = req.headers["x-ucbrowser-ua"] as string;
-  }
-  return userAgent;
-}
-
-export function getLoginDevice(userAgent) {
-  let is_phone = false;
-  let is_tablet = false;
-  if (userAgent) {
-    try {
-      const { phone, tablet } = isMobile(userAgent);
-      is_phone = phone;
-      is_tablet = tablet;
-    } catch (Exception) {
-      console.log(`Exception`, Exception);
-    }
-  }
-  return { is_phone, is_tablet };
-}
-
-// 解析Request对象，返回SteedosUserSession类型
-export async function auth(request: Request, response: Response): Promise<any> {
-  let cookies = new Cookies(request, response);
-  let authToken: string =
-    request.headers["x-auth-token"] || (cookies.get("X-Auth-Token") || "").replace(/"/g, "");
-    let spaceToken = (cookies.get("X-Space-Token") || "").replace(/"/g, "");
-  let authorization = request.headers.authorization;
-  let spaceId =
-    (request.params ? request.params.spaceId : null) ||
-    (request.query ? request.query.space_id : null) ||
-    request.headers["x-space-id"];
-  if (authorization && authorization.split(" ")[0] == "Bearer") {
-    let spaceAuthToken = authorization.split(" ")[1];
-    if (isAPIKey(spaceAuthToken)) {
-      authToken = spaceAuthToken;
-    } else {
-      if (!spaceId) {
-        spaceId = spaceAuthToken.split(",")[0];
-      }
-      authToken = spaceAuthToken.split(",")[1];
-    }
-  }
-
-  if (spaceToken) {
-    if (!spaceId) {
-      spaceId = spaceToken.split(",")[0];
-    }
-    if (!authToken) {
-      authToken = spaceToken.split(",")[1];
-    }
-  }
-
-  let userAgent = getUserAgent(request) || "";
-  const loginDevice = getLoginDevice(userAgent);
-
-  let user = await getSession(authToken, spaceId as string, loginDevice);
-  if (isTemplateSpace(spaceId)) {
-    return Object.assign({ authToken: authToken }, user, loginDevice, {
-      spaceId: spaceId,
-    });
-  } else {
-    return Object.assign({ authToken: authToken }, user, loginDevice);
-  }
-}
-
-// 给Request对象添加user属性，值为SteedosUserSession类型
-export async function setRequestUser(
-  request: Request,
-  response: Response,
-  next: () => void
-) {
-  let user = await auth(request, response);
-  if (user.userId) {
-    request.user = user;
-  }
-  next();
-}
-
-export function removeUserSessionsCacheByUserId(userId, is_phone) {
-  return removeUserTokens(userId, is_phone);
-}