npm - @things-factory/auth-azure-ad - Versions diffs - 8.0.0-beta.0 → 8.0.0-beta.2 - Mend

@things-factory/auth-azure-ad 8.0.0-beta.0 → 8.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/package.json +4 -4
package/client/tsconfig.json +0 -11
package/server/controllers/get-access-token.ts +0 -30
package/server/controllers/subscribe-users-change.ts +0 -34
package/server/controllers/sync-user-info.ts +0 -129
package/server/index.ts +0 -18
package/server/middlewares/azure-ad-authenticate-middleware.ts +0 -80
package/server/middlewares/index.ts +0 -13
package/server/router/auth-azure-ad-router.ts +0 -11
package/server/router/auth-azure-ad-webhook-router.ts +0 -96
package/server/router/index.ts +0 -2
package/server/routes.ts +0 -29
package/server/service/auth-azure-ad/auth-azure-ad-mutation.ts +0 -24
package/server/service/auth-azure-ad/index.ts +0 -3
package/server/service/index.ts +0 -19
package/server/tsconfig.json +0 -10

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-azure-ad",
-  "version": "8.0.0-beta.0",
+  "version": "8.0.0-beta.2",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -29,10 +29,10 @@
   "dependencies": {
     "@operato/graphql": "^8.0.0-beta",
     "@operato/shell": "^8.0.0-beta",
-    "@things-factory/auth-base": "^8.0.0-beta.0",
-    "@things-factory/shell": "^8.0.0-beta.0",
+    "@things-factory/auth-base": "^8.0.0-beta.2",
+    "@things-factory/shell": "^8.0.0-beta.2",
     "passport": "^0.7.0",
     "passport-azure-ad": "^4.3.5"
   },
-  "gitHead": "add6fb8224b2cb19cbea47bed6a5ecb0424c9a28"
+  "gitHead": "f03431a09435511b2595515658f9cb8f78ba4ebb"
 }

package/client/tsconfig.json DELETED Viewed

@@ -1,11 +0,0 @@
-{
-  "extends": "../../tsconfig-base.json",
-  "compilerOptions": {
-    "strict": true,
-    "declaration": true,
-    "module": "esnext",
-    "outDir": "../dist-client",
-    "baseUrl": "./"
-  },
-  "include": ["./**/*"]
-}

package/server/controllers/get-access-token.ts DELETED Viewed

@@ -1,30 +0,0 @@
-import fetch from 'node-fetch'
-import { AuthProvider } from '@things-factory/auth-base'
-const authorityHostUrl = 'https://login.microsoftonline.com'
-export async function getAccessToken(authProvider: AuthProvider): Promise<string | null> {
-  try {
-    const { clientId, clientSecret, tenantId } = authProvider
-    const authorityUrl = `${authorityHostUrl}/${tenantId}`
-    const resource = 'https://graph.microsoft.com'
-    const OAUTH2_URL = `${authorityUrl}/oauth2/token?api-version=1.0`
-    const tokenResponse = await fetch(OAUTH2_URL, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded'
-      },
-      body: `client_id=${clientId}&resource=${resource}&client_secret=${clientSecret}&grant_type=client_credentials`
-    })
-    const result = await tokenResponse.json()
-    const { access_token } = result
-    return access_token
-  } catch (error) {
-    console.error('Error fetching access token:', error)
-    return null
-  }
-}

package/server/controllers/subscribe-users-change.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import fetch from 'node-fetch'
-import { getAccessToken } from './get-access-token'
-import { AuthProvider } from '@things-factory/auth-base'
-var clientState
-export function getClientState() {
-  return clientState
-}
-export async function msgraphSubscriptions(authProvider: AuthProvider) {
-  const accessToken = await getAccessToken(authProvider)
-  const expirationDateTime = new Date(Date.now() + 3 * 24 * 60 * 60 * 1000)
-  clientState = `${authProvider.domainId}:${authProvider.id}` // TODO make secure
-  const response = await fetch('https://graph.microsoft.com/v1.0/subscriptions', {
-    method: 'POST',
-    headers: {
-      Authorization: `Bearer ${accessToken}`,
-      'Content-Type': 'application/json'
-    },
-    body: JSON.stringify({
-      changeType: 'created,updated',
-      notificationUrl: 'YOUR_WEBHOOK_ENDPOINT_BASE' + '/webhook/azure-ad-users',
-      resource: '/users',
-      expirationDateTime: expirationDateTime.toISOString() /* 최대 3일 이내, UTC 타임으로 설정 */,
-      clientState
-    })
-  })
-  const data = await response.json()
-}

package/server/controllers/sync-user-info.ts DELETED Viewed

@@ -1,129 +0,0 @@
-import fetch from 'node-fetch'
-import { AuthProvider, User, UserStatus, UsersAuthProviders } from '@things-factory/auth-base'
-import { getAccessToken } from './get-access-token'
-export async function syncAllUserInfo(authProvider: AuthProvider, context: ResolverContext) {
-  const accessToken = await getAccessToken(authProvider)
-  if (!accessToken) {
-    throw new Error('Failed to obtain access token')
-  }
-  const latestData = await fetch('https://graph.microsoft.com/v1.0/users', {
-    headers: {
-      Authorization: `Bearer ${accessToken}`
-    }
-  }).then(res => res.json())
-  for (const user of latestData.value) {
-    if (user.mail) {
-      await updateUserInfo(authProvider, user, context)
-    }
-  }
-}
-export async function updateUserInfo(authProvider: AuthProvider, userInfo, context: ResolverContext) {
-  const { tx, domain, user } = context.state
-  // {
-  //   "id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
-  //   "businessPhones": [
-  //     "+1 412 555 0109"
-  //   ],
-  //   "displayName": "John Doe",
-  //   "givenName": "John",
-  //   "jobTitle": "Developer",
-  //   "mail": "john.doe@contoso.com",
-  //   "mobilePhone": "+1 412 555 0109",
-  //   "officeLocation": "Floor 2",
-  //   "preferredLanguage": "en-US",
-  //   "surname": "Doe",
-  //   "userPrincipalName": "john.doe@contoso.com"
-  // }
-  const {
-    id,
-    businessPhones,
-    displayName,
-    givenName,
-    surname,
-    jobTitle,
-    mail,
-    mobilePhone,
-    officeLocation,
-    preferredLanguage,
-    userPricipalName
-  } = userInfo
-  const repository = tx.getRepository(User)
-  // 1. 사용자를 찾는다.(email 정보로)
-  const existingUser = await repository.findOne({
-    where: { email: mail },
-    relations: ['domains']
-  })
-  if (!existingUser) {
-    // 2. 사용자가 없다면, 생성한다.
-    const salt = User.generateSalt()
-    /* normally they don't login with this password. */
-    const password = salt
-    const createdUser = await repository.save({
-      id,
-      name: displayName,
-      email: mail,
-      creator: user,
-      updater: user,
-      domains: domain ? [domain] : [],
-      roles: [],
-      salt,
-      userType: 'user',
-      // ssoId: id,
-      locale: preferredLanguage,
-      status: UserStatus.ACTIVATED,
-      passwordUpdatedAt: new Date(),
-      password: User.encode(password, salt)
-    })
-    await tx.getRepository(UsersAuthProviders).save({
-      domain,
-      user: createdUser,
-      authProvider,
-      ssoId: id
-    })
-    return createdUser
-  } else {
-    // 3. 사용자가 있다면, 업데이트한다.
-    const { domains } = existingUser
-    if (!domains.find(existing => existing.id == domain.id)) {
-      domains.push(domain)
-    }
-    const updatedUser = await repository.save({
-      ...existingUser,
-      name: displayName,
-      // ssoId: id,
-      domains,
-      locale: preferredLanguage,
-      updater: user
-    })
-    const usersAuthProviders = await tx.getRepository(UsersAuthProviders).findOne({
-      where: { domain: { id: domain.id }, user: { id: updatedUser.id }, authProvider: { id: authProvider.id } }
-    })
-    await tx.getRepository(UsersAuthProviders).save({
-      ...usersAuthProviders,
-      domain,
-      user: updatedUser,
-      authProvider,
-      ssoId: id
-    })
-    return updatedUser
-  }
-}

package/server/index.ts DELETED Viewed

@@ -1,18 +0,0 @@
-export * from './middlewares'
-export * from './service'
-import './routes'
-import { AuthProvider } from '@things-factory/auth-base'
-import { syncAllUserInfo } from './controllers/sync-user-info'
-AuthProvider.register('azure', {
-  type: 'azure',
-  description: 'Authentication Provider for Azure Active Directory',
-  help: '',
-  parameterSpec: null,
-  async synchronizeUsers(authProvider: AuthProvider, context: ResolverContext): Promise<boolean> {
-    await syncAllUserInfo(authProvider, context)
-    return true
-  }
-})

package/server/middlewares/azure-ad-authenticate-middleware.ts DELETED Viewed

@@ -1,80 +0,0 @@
-import passport from 'koa-passport'
-import { OIDCStrategy } from 'passport-azure-ad'
-import { config } from '@things-factory/env'
-import { User } from '@things-factory/auth-base'
-const SSOAzureADConfig = config.get('sso/azure/config')
-if (SSOAzureADConfig) {
-  passport.use(
-    new OIDCStrategy(
-      {
-        allowHttpForRedirectUrl: true,
-        ...SSOAzureADConfig,
-        validateIssuer: false /* multi-tenant application 이므로 */,
-        passReqToCallback: true,
-        isB2C: false,
-        scope: ['openid', 'email', 'profile']
-      },
-      async (req, iss, sub, profile, accessToken, refreshToken, done) => {
-        if (!profile.oid || !profile._json?.email) {
-          return done(new Error('No oid or no email found'), null)
-        }
-        try {
-          const { email } = profile._json
-          const user = await User.checkAuthWithEmail({ email })
-          const { id, userType, status } = user
-          return done(null, {
-            id,
-            userType,
-            status
-          })
-        } catch (error) {
-          return done(error)
-        }
-      }
-    )
-  )
-}
-export async function azureADMiddleware(context, next) {
-  const { path } = context
-  const { user } = context.state
-  if (user) {
-    return await next()
-  }
-  await passport.authenticate('azuread-openidconnect', {
-    failureRedirect: '/auth/signin',
-    successRedirect: '/auth/checkin'
-  })(context, next)
-}
-export async function azureADSubscriptionMiddleware(context, next) {
-  const { path } = context
-  const { user } = context.state
-  if (user) {
-    return await next()
-  }
-  await passport.authenticate('azuread-openidconnect', {
-    failureRedirect: '/auth/signin',
-    successRedirect: '/auth/checkin'
-  })(context)
-  /* 다음은, websocket 에서 인증을 처리하기 위한 작업임. */
-  const passportObject = context.session?.passport
-  if (passportObject) {
-    const userEntity = await User.checkAuth(passportObject?.user)
-    context.state.user = userEntity
-  }
-  return await next()
-}

package/server/middlewares/index.ts DELETED Viewed

@@ -1,13 +0,0 @@
-import { config } from '@things-factory/env'
-const SSOAzureADConfig = config.get('sso/azure/config')
-import { azureADSubscriptionMiddleware } from './azure-ad-authenticate-middleware'
-if (SSOAzureADConfig) {
-  process.on('bootstrap-module-subscription' as any, (app, subscriptionMiddleware) => {
-    subscriptionMiddleware.unshift(azureADSubscriptionMiddleware)
-  })
-}
-export * from './azure-ad-authenticate-middleware'

package/server/router/auth-azure-ad-router.ts DELETED Viewed

@@ -1,11 +0,0 @@
-import Router from 'koa-router'
-import passport from 'koa-passport'
-import { azureADMiddleware } from '../middlewares'
-export const authAzureADRouter = new Router()
-authAzureADRouter.post(
-  '/auth/callback-azure-ad',
-  passport.authenticate('azuread-openidconnect', { failureRedirect: '/auth/signin', successRedirect: '/auth/checkin' })
-)

package/server/router/auth-azure-ad-webhook-router.ts DELETED Viewed

@@ -1,96 +0,0 @@
-import Router from 'koa-router'
-import fetch from 'node-fetch'
-import { getRepository, getDataSource } from '@things-factory/shell'
-import { updateUserInfo } from '../controllers/sync-user-info'
-import { getAccessToken } from '../controllers/get-access-token'
-import { AuthProvider } from '@things-factory/auth-base'
-export const authAzureADWebhookRouter = new Router()
-// Microsoft Graph에서 발송되는 알림을 처리하기 위한 타입 정의
-interface Notification {
-  resourceData: {
-    id: string
-  }
-}
-authAzureADWebhookRouter.post('/webhook/azure-ad-users', async context => {
-  const notifications: Notification[] = context.request.body.value
-  const clientState = context.request.body.clientState
-  const [domainId, authProviderId] = clientState?.split(':') || []
-  if (!domainId || !authProviderId) {
-    context.status = 401 // unauthorized
-    context.body = 'Invalid ClientState'
-    return
-  }
-  await getDataSource('tx').transaction(async tx => {
-    const wrap = context.app.createContext(context.req || {}, context.res || {})
-    wrap.state = {
-      ...context.state,
-      domain: null,
-      tx
-    }
-    wrap.t = context.t
-    const authProvider = await tx.getRepository(AuthProvider).findOne({
-      where: {
-        domain: { id: domainId },
-        id: authProviderId
-      }
-    })
-    if (!authProvider) {
-      context.status = 401 // unauthorized
-      context.body = 'Invalid ClientState'
-      return
-    }
-    const accessToken = await getAccessToken(authProvider)
-    for (const notification of notifications) {
-      const userId = notification.resourceData.id
-      try {
-        const userResponse = await fetch(`https://graph.microsoft.com/v1.0/users/${userId}`, {
-          headers: {
-            Authorization: `Bearer ${accessToken}`
-          }
-        })
-        if (!userResponse.ok) {
-          throw new Error(`Failed to fetch user data: ${userResponse.statusText}`)
-        }
-        const userInfo = await userResponse.json()
-        // {
-        //   "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
-        //   "businessPhones": ["+1 412 555 0109"],
-        //   "displayName": "Megan Bowen",
-        //   "givenName": "Megan",
-        //   "jobTitle": "Auditor",
-        //   "mail": "MeganB@M365x214355.onmicrosoft.com",
-        //   "mobilePhone": "+1 412 555 0109",
-        //   "officeLocation": "12/1110",
-        //   "preferredLanguage": "en-US",
-        //   "surname": "Bowen",
-        //   "userPrincipalName": "MeganB@M365x214355.onmicrosoft.com",
-        //   "id": "48d31887-5fad-4d73-a9f5-3c356e68a038"
-        // }
-        // webhook 호출로부터 호출한 tenant를 알 수 있다면, 매핑된 도메인 정보를 포함할 수 있을 것 같은데..
-        await updateUserInfo(authProvider, userInfo, wrap)
-      } catch (error) {
-        console.error('Error fetching user data from Microsoft Graph:', error)
-      }
-    }
-  })
-  context.status = 202
-})

package/server/router/index.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './auth-azure-ad-router'
2	- export * from './auth-azure-ad-webhook-router'

package/server/routes.ts DELETED Viewed

@@ -1,29 +0,0 @@
-import { config } from '@things-factory/env'
-import { setAccessTokenCookie } from '@things-factory/auth-base'
-const SSOAzureADConfig = config.get('sso/azure/config')
-import { azureADMiddleware } from './middlewares'
-import { authAzureADRouter, authAzureADWebhookRouter } from './router'
-if (SSOAzureADConfig) {
-  process.on('bootstrap-collect-sso-middleware' as any, (_, ssoMiddlewares) => {
-    ssoMiddlewares.push(azureADMiddleware)
-  })
-  process.on('bootstrap-module-domain-public-route' as any, (app, domainPublicRouter) => {
-    domainPublicRouter.use(authAzureADRouter.routes(), authAzureADRouter.allowedMethods())
-    domainPublicRouter.use(authAzureADWebhookRouter.routes(), authAzureADWebhookRouter.allowedMethods())
-  })
-  process.on('bootstrap-module-global-public-route' as any, (app, globalPublicRouter) => {
-    globalPublicRouter.get('/auth/signin-with-azure', azureADMiddleware, async context => {
-      const { user } = context.state
-      const token = await user.sign()
-      setAccessTokenCookie(context, token)
-      context.redirect('/auth/checkin')
-    })
-  })
-}

package/server/service/auth-azure-ad/auth-azure-ad-mutation.ts DELETED Viewed

@@ -1,24 +0,0 @@
-import { Resolver, Mutation, Arg, Ctx, Directive } from 'type-graphql'
-import { syncAllUserInfo } from '../../controllers/sync-user-info'
-@Resolver()
-export class AuthAzureAdMutation {
-  // @Directive('@transaction')
-  // @Directive('@privilege(superUserGranted:true)')
-  // @Mutation(returns => Boolean, { description: 'To synchronize azure active directory users' })
-  // async synchronizeAzureADUsers(@Ctx() context: ResolverContext): Promise<boolean> {
-  //   syncAllUserInfo(context)
-  //   return true
-  // }
-  @Directive('@transaction')
-  @Directive('@privilege(superUserGranted:true)')
-  @Mutation(returns => Boolean, { description: 'To subscribe azure active directory users' })
-  async subscribeAzureADUsers(@Ctx() context: ResolverContext): Promise<boolean> {
-    const { domain, user, tx } = context.state
-    return true
-  }
-}

package/server/service/auth-azure-ad/index.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import { AuthAzureAdMutation } from './auth-azure-ad-mutation'
-export const resolvers = [AuthAzureAdMutation]

package/server/service/index.ts DELETED Viewed

@@ -1,19 +0,0 @@
-/* EXPORT ENTITY TYPES */
-/* IMPORT ENTITIES AND RESOLVERS */
-import { resolvers as AuthAzureAdResolvers } from './auth-azure-ad'
-export const entities = [
-  /* ENTITIES */
-]
-export const subscribers = [
-  /* SUBSCRIBERS */
-]
-export const schema = {
-  resolverClasses: [
-    /* RESOLVER CLASSES */
-    ...AuthAzureAdResolvers
-  ]
-}

package/server/tsconfig.json DELETED Viewed

@@ -1,10 +0,0 @@
-{
-  "extends": "../../tsconfig-base.json",
-  "compilerOptions": {
-    "strict": false,
-    "module": "commonjs",
-    "outDir": "../dist-server",
-    "baseUrl": "./"
-  },
-  "include": ["./**/*"]
-}