@tachybase/module-auth 0.23.8

package/dist/server/model/authenticator.js

@@ -0,0 +1,81 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var authenticator_exports = {};
+__export(authenticator_exports, {
+  AuthModel: () => AuthModel
+});
+module.exports = __toCommonJS(authenticator_exports);
+var import_database = require("@tachybase/database");
+class AuthModel extends import_database.Model {
+  async findUser(uuid) {
+    let user;
+    const users = await this.getUsers({
+      through: {
+        where: { uuid }
+      }
+    });
+    if (users.length) {
+      user = users[0];
+      return user;
+    }
+    return null;
+  }
+  async newUser(uuid, userValues) {
+    let user;
+    const db = this.constructor.database;
+    await this.sequelize.transaction(async (transaction) => {
+      user = await this.createUser(
+        userValues || {
+          nickname: uuid
+        },
+        {
+          through: {
+            uuid
+          },
+          transaction
+        }
+      );
+      await db.emitAsync(`users.afterCreateWithAssociations`, user, {
+        transaction
+      });
+    });
+    return user;
+  }
+  async findOrCreateUser(uuid, userValues) {
+    const user = await this.findUser(uuid);
+    if (user) {
+      return user;
+    }
+    return await this.newUser(uuid, userValues);
+  }
+  async bindUser(userId, uuid, info) {
+    await this.sequelize.transaction(async (transaction) => {
+      await this.addUser(userId, {
+        through: {
+          uuid,
+          ...info
+        },
+        transaction
+      });
+    });
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthModel
+});

package/dist/server/plugin.d.ts

@@ -0,0 +1,11 @@
+import { Cache } from '@tachybase/cache';
+import { InstallOptions, Plugin } from '@tachybase/server';
+export declare class PluginAuthServer extends Plugin {
+    cache: Cache;
+    afterAdd(): void;
+    beforeLoad(): Promise<void>;
+    load(): Promise<void>;
+    install(options?: InstallOptions): Promise<void>;
+    remove(): Promise<void>;
+}
+export default PluginAuthServer;

package/dist/server/plugin.js

@@ -0,0 +1,132 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var plugin_exports = {};
+__export(plugin_exports, {
+  PluginAuthServer: () => PluginAuthServer,
+  default: () => plugin_default
+});
+module.exports = __toCommonJS(plugin_exports);
+var import_path = require("path");
+var import_server = require("@tachybase/server");
+var import_preset = require("../preset");
+var import_auth = __toESM(require("./actions/auth"));
+var import_authenticators = __toESM(require("./actions/authenticators"));
+var import_basic_auth = require("./basic-auth");
+var import_locale = require("./locale");
+var import_authenticator = require("./model/authenticator");
+var import_storer = require("./storer");
+var import_token_blacklist = require("./token-blacklist");
+class PluginAuthServer extends import_server.Plugin {
+  cache;
+  afterAdd() {
+  }
+  async beforeLoad() {
+    this.app.i18n.addResources("zh-CN", import_preset.namespace, import_locale.zhCN);
+    this.app.i18n.addResources("en-US", import_preset.namespace, import_locale.enUS);
+    this.app.db.registerModels({ AuthModel: import_authenticator.AuthModel });
+  }
+  async load() {
+    await this.importCollections((0, import_path.resolve)(__dirname, "collections"));
+    this.db.addMigrations({
+      namespace: "auth",
+      directory: (0, import_path.resolve)(__dirname, "migrations"),
+      context: {
+        plugin: this
+      }
+    });
+    this.cache = await this.app.cacheManager.createCache({
+      name: "auth",
+      prefix: "auth",
+      store: "memory"
+    });
+    const storer = new import_storer.Storer({
+      db: this.db,
+      cache: this.cache
+    });
+    this.app.authManager.setStorer(storer);
+    if (!this.app.authManager.jwt.blacklist) {
+      this.app.authManager.setTokenBlacklistService(new import_token_blacklist.TokenBlacklistService(this));
+    }
+    this.app.authManager.registerTypes(import_preset.presetAuthType, {
+      auth: import_basic_auth.BasicAuth,
+      title: "Password"
+    });
+    Object.entries(import_auth.default).forEach(
+      ([action, handler]) => {
+        var _a;
+        return (_a = this.app.resourcer.getResource("auth")) == null ? void 0 : _a.addAction(action, handler);
+      }
+    );
+    Object.entries(import_authenticators.default).forEach(
+      ([action, handler]) => this.app.resourcer.registerAction(`authenticators:${action}`, handler)
+    );
+    ["check", "signIn", "signUp"].forEach((action) => this.app.acl.allow("auth", action));
+    ["signOut", "changePassword"].forEach((action) => this.app.acl.allow("auth", action, "loggedIn"));
+    this.app.acl.allow("authenticators", "publicList");
+    this.app.acl.allow("authenticators", "bindTypes", "loggedIn");
+    this.app.acl.registerSnippet({
+      name: `pm.${this.name}.authenticators`,
+      actions: ["authenticators:*"]
+    });
+    this.app.db.on("users.afterSave", async (user) => {
+      const cache = this.app.cache;
+      await cache.set(`auth:${user.id}`, user.toJSON());
+    });
+    this.app.db.on("users.afterDestroy", async (user) => {
+      const cache = this.app.cache;
+      await cache.del(`auth:${user.id}`);
+    });
+  }
+  async install(options) {
+    const repository = this.db.getRepository("authenticators");
+    const exist = await repository.findOne({ filter: { name: import_preset.presetAuthenticator } });
+    if (exist) {
+      return;
+    }
+    await repository.create({
+      values: {
+        name: import_preset.presetAuthenticator,
+        authType: import_preset.presetAuthType,
+        description: "Sign in with username/email.",
+        enabled: true,
+        options: {
+          public: {
+            allowSignUp: true
+          }
+        }
+      }
+    });
+  }
+  async remove() {
+  }
+}
+var plugin_default = PluginAuthServer;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PluginAuthServer
+});

package/dist/server/storer.d.ts

@@ -0,0 +1,16 @@
+import { Storer as IStorer } from '@tachybase/auth';
+import { Cache } from '@tachybase/cache';
+import { Database } from '@tachybase/database';
+import { AuthModel } from './model/authenticator';
+export declare class Storer implements IStorer {
+    db: Database;
+    cache: Cache;
+    key: string;
+    constructor({ db, cache }: {
+        db: Database;
+        cache: Cache;
+    });
+    getCache(): Promise<AuthModel[]>;
+    setCache(authenticators: AuthModel[]): Promise<void>;
+    get(name: string): Promise<AuthModel>;
+}

package/dist/server/storer.js

@@ -0,0 +1,69 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var storer_exports = {};
+__export(storer_exports, {
+  Storer: () => Storer
+});
+module.exports = __toCommonJS(storer_exports);
+class Storer {
+  db;
+  cache;
+  key = "authenticators";
+  constructor({ db, cache }) {
+    this.db = db;
+    this.cache = cache;
+    this.db.on("authenticators.afterSave", async (model) => {
+      if (!model.enabled) {
+        await this.cache.delValueInObject(this.key, model.name);
+        return;
+      }
+      await this.cache.setValueInObject(this.key, model.name, model);
+    });
+    this.db.on("authenticators.afterDestroy", async (model) => {
+      await this.cache.delValueInObject(this.key, model.name);
+    });
+  }
+  async getCache() {
+    const authenticators = await this.cache.get(this.key);
+    if (!authenticators) {
+      return [];
+    }
+    return Object.values(authenticators);
+  }
+  async setCache(authenticators) {
+    const obj = authenticators.reduce((obj2, authenticator) => {
+      obj2[authenticator.name] = authenticator;
+      return obj2;
+    }, {});
+    await this.cache.set(this.key, obj);
+  }
+  async get(name) {
+    let authenticators = await this.getCache();
+    if (!authenticators.length) {
+      const repo = this.db.getRepository("authenticators");
+      authenticators = await repo.find({ filter: { enabled: true } });
+      await this.setCache(authenticators);
+    }
+    const authenticator = authenticators.find((authenticator2) => authenticator2.name === name);
+    return authenticator || authenticators[0];
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Storer
+});

package/dist/server/token-blacklist.d.ts

@@ -0,0 +1,17 @@
+import { ITokenBlacklistService } from '@tachybase/auth';
+import { BloomFilter } from '@tachybase/cache';
+import { Repository } from '@tachybase/database';
+import { CronJob } from 'cron';
+import AuthPlugin from './plugin';
+export declare class TokenBlacklistService implements ITokenBlacklistService {
+    protected plugin: AuthPlugin;
+    repo: Repository;
+    cronJob: CronJob;
+    bloomFilter: BloomFilter;
+    cacheKey: string;
+    constructor(plugin: AuthPlugin);
+    get app(): import("packages/server/lib").default<import("packages/server/lib").DefaultState, import("packages/server/lib").DefaultContext>;
+    has(token: string): Promise<boolean>;
+    add(values: any): Promise<[import("@tachybase/database").Model<any, any>, boolean]>;
+    deleteExpiredTokens(): Promise<any>;
+}

package/dist/server/token-blacklist.js

@@ -0,0 +1,86 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var token_blacklist_exports = {};
+__export(token_blacklist_exports, {
+  TokenBlacklistService: () => TokenBlacklistService
+});
+module.exports = __toCommonJS(token_blacklist_exports);
+class TokenBlacklistService {
+  constructor(plugin) {
+    this.plugin = plugin;
+    this.repo = plugin.db.getRepository("tokenBlacklist");
+    plugin.app.on("beforeStart", async () => {
+      try {
+        this.bloomFilter = await plugin.app.cacheManager.createBloomFilter();
+        await this.bloomFilter.reserve(this.cacheKey, 1e-3, 1e6);
+        const data = await this.repo.find({ fields: ["token"], raw: true });
+        const tokens = data.map((item) => item.token);
+        await this.bloomFilter.mAdd(this.cacheKey, tokens);
+      } catch (error) {
+        plugin.app.logger.error("token-blacklist: create bloom filter failed", error);
+        this.bloomFilter = null;
+      }
+    });
+  }
+  repo;
+  cronJob;
+  bloomFilter;
+  cacheKey = "token-black-list";
+  get app() {
+    return this.plugin.app;
+  }
+  async has(token) {
+    if (this.bloomFilter) {
+      const exists = await this.bloomFilter.exists(this.cacheKey, token);
+      if (!exists) {
+        return false;
+      }
+    }
+    return !!await this.repo.findOne({
+      filter: {
+        token
+      }
+    });
+  }
+  async add(values) {
+    await this.deleteExpiredTokens();
+    const { token } = values;
+    if (this.bloomFilter) {
+      await this.bloomFilter.add(this.cacheKey, token);
+    }
+    return this.repo.model.findOrCreate({
+      defaults: values,
+      where: {
+        token
+      }
+    });
+  }
+  async deleteExpiredTokens() {
+    return this.repo.destroy({
+      filter: {
+        expiration: {
+          $dateNotAfter: /* @__PURE__ */ new Date()
+        }
+      }
+    });
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TokenBlacklistService
+});