@things-factory/auth-base 5.0.7 → 6.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/client/actions/auth.ts +23 -0
- package/client/{auth.js → auth.ts} +66 -59
- package/client/{bootstrap.js → bootstrap.ts} +5 -4
- package/client/index.ts +1 -0
- package/client/reducers/{auth.js → auth.ts} +1 -1
- package/config/config.development.js +2 -1
- package/dist-client/actions/auth.d.ts +8 -0
- package/dist-client/actions/auth.js +15 -0
- package/dist-client/actions/auth.js.map +1 -0
- package/dist-client/auth.d.ts +34 -0
- package/dist-client/auth.js +209 -0
- package/dist-client/auth.js.map +1 -0
- package/dist-client/bootstrap.d.ts +1 -0
- package/dist-client/bootstrap.js +34 -0
- package/dist-client/bootstrap.js.map +1 -0
- package/dist-client/index.d.ts +1 -0
- package/dist-client/index.js +2 -0
- package/dist-client/index.js.map +1 -0
- package/dist-client/reducers/auth.d.ts +14 -0
- package/dist-client/reducers/auth.js +19 -0
- package/dist-client/reducers/auth.js.map +1 -0
- package/dist-client/tsconfig.tsbuildinfo +1 -0
- package/dist-server/constants/error-code.d.ts +17 -0
- package/dist-server/constants/error-code.js.map +1 -1
- package/dist-server/constants/error-message.d.ts +0 -0
- package/dist-server/constants/error-message.js.map +1 -1
- package/dist-server/constants/max-age.d.ts +1 -0
- package/dist-server/constants/max-age.js.map +1 -1
- package/dist-server/controllers/auth.d.ts +5 -0
- package/dist-server/controllers/auth.js +6 -18
- package/dist-server/controllers/auth.js.map +1 -1
- package/dist-server/controllers/change-pwd.d.ts +1 -0
- package/dist-server/controllers/change-pwd.js +11 -12
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.d.ts +4 -0
- package/dist-server/controllers/checkin.js +3 -3
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.d.ts +3 -0
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.d.ts +11 -0
- package/dist-server/controllers/invitation.js +14 -20
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.d.ts +26 -0
- package/dist-server/controllers/profile.js +4 -4
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.d.ts +5 -0
- package/dist-server/controllers/reset-password.js +14 -16
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.d.ts +6 -0
- package/dist-server/controllers/signin.js +4 -3
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.d.ts +8 -0
- package/dist-server/controllers/signup.js +13 -9
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.d.ts +5 -0
- package/dist-server/controllers/unlock-user.js +6 -6
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/utils/make-invitation-token.d.ts +1 -0
- package/dist-server/controllers/utils/make-invitation-token.js +2 -4
- package/dist-server/controllers/utils/make-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/make-verification-token.d.ts +1 -0
- package/dist-server/controllers/utils/make-verification-token.js +2 -4
- package/dist-server/controllers/utils/make-verification-token.js.map +1 -1
- package/dist-server/controllers/utils/password-rule.d.ts +14 -0
- package/dist-server/controllers/utils/password-rule.js +2 -5
- package/dist-server/controllers/utils/password-rule.js.map +1 -1
- package/dist-server/controllers/utils/save-invitation-token.d.ts +5 -0
- package/dist-server/controllers/utils/save-invitation-token.js +2 -2
- package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/save-verification-token.d.ts +6 -0
- package/dist-server/controllers/utils/save-verification-token.js +2 -2
- package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
- package/dist-server/controllers/verification.d.ts +6 -0
- package/dist-server/controllers/verification.js +8 -8
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/errors/auth-error.d.ts +11 -0
- package/dist-server/errors/auth-error.js +2 -24
- package/dist-server/errors/auth-error.js.map +1 -1
- package/dist-server/errors/index.d.ts +2 -0
- package/dist-server/errors/index.js +3 -16
- package/dist-server/errors/index.js.map +1 -1
- package/dist-server/errors/user-domain-not-match-error.d.ts +9 -0
- package/dist-server/errors/user-domain-not-match-error.js.map +1 -1
- package/dist-server/index.d.ts +13 -0
- package/dist-server/index.js +13 -25
- package/dist-server/index.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.d.ts +1 -0
- package/dist-server/middlewares/authenticate-401-middleware.js +12 -20
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.d.ts +11 -0
- package/dist-server/middlewares/domain-authenticate-middleware.js +8 -8
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/graphql-authenticate-middleware.d.ts +1 -0
- package/dist-server/middlewares/graphql-authenticate-middleware.js +1 -3
- package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.d.ts +5 -0
- package/dist-server/middlewares/index.js +6 -24
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.d.ts +1 -0
- package/dist-server/middlewares/jwt-authenticate-middleware.js +5 -11
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.d.ts +1 -0
- package/dist-server/middlewares/signin-middleware.js +2 -6
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.d.ts +5 -0
- package/dist-server/migrations/1548206416130-SeedUser.js +4 -5
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/migrations/1566805283882-SeedPrivilege.d.ts +5 -0
- package/dist-server/migrations/1566805283882-SeedPrivilege.js +2 -2
- package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
- package/dist-server/migrations/index.d.ts +1 -0
- package/dist-server/migrations/index.js.map +1 -1
- package/dist-server/router/auth-checkin-router.d.ts +1 -0
- package/dist-server/router/auth-checkin-router.js +3 -8
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.d.ts +1 -0
- package/dist-server/router/auth-private-process-router.js +16 -21
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.d.ts +1 -0
- package/dist-server/router/auth-public-process-router.js +6 -25
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.d.ts +1 -0
- package/dist-server/router/auth-signin-router.js +2 -7
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.d.ts +1 -0
- package/dist-server/router/auth-signup-router.js +34 -40
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/index.d.ts +8 -0
- package/dist-server/router/index.js +9 -22
- package/dist-server/router/index.js.map +1 -1
- package/dist-server/router/oauth2/index.d.ts +2 -0
- package/dist-server/router/oauth2/index.js +3 -16
- package/dist-server/router/oauth2/index.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.d.ts +1 -0
- package/dist-server/router/oauth2/oauth2-authorize-router.js +4 -11
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.d.ts +9 -0
- package/dist-server/router/oauth2/oauth2-router.js +11 -17
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.d.ts +5 -0
- package/dist-server/router/oauth2/oauth2-server.js +25 -35
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/oauth2/passport-oauth2-client-password.d.ts +7 -0
- package/dist-server/router/oauth2/passport-oauth2-client-password.js +3 -5
- package/dist-server/router/oauth2/passport-oauth2-client-password.js.map +1 -1
- package/dist-server/router/oauth2/passport-refresh-token.d.ts +7 -0
- package/dist-server/router/oauth2/passport-refresh-token.js +3 -5
- package/dist-server/router/oauth2/passport-refresh-token.js.map +1 -1
- package/dist-server/router/path-base-domain-router.d.ts +1 -0
- package/dist-server/router/path-base-domain-router.js +2 -6
- package/dist-server/router/path-base-domain-router.js.map +1 -1
- package/dist-server/router/site-root-router.d.ts +1 -0
- package/dist-server/router/site-root-router.js +4 -13
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/routes.d.ts +1 -0
- package/dist-server/routes.js +2 -9
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-mutation.d.ts +3 -0
- package/dist-server/service/app-binding/app-binding-mutation.js +11 -24
- package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-query.d.ts +14 -0
- package/dist-server/service/app-binding/app-binding-query.js +51 -60
- package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.d.ts +5 -0
- package/dist-server/service/app-binding/app-binding-types.js +6 -14
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.d.ts +7 -0
- package/dist-server/service/app-binding/app-binding.js +8 -16
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/app-binding/index.d.ts +3 -0
- package/dist-server/service/app-binding/index.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.d.ts +8 -0
- package/dist-server/service/appliance/appliance-mutation.js +40 -53
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-query.d.ts +11 -0
- package/dist-server/service/appliance/appliance-query.js +35 -48
- package/dist-server/service/appliance/appliance-query.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.d.ts +22 -0
- package/dist-server/service/appliance/appliance-types.js +34 -42
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.d.ts +22 -0
- package/dist-server/service/appliance/appliance.js +35 -47
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/appliance/index.d.ts +5 -0
- package/dist-server/service/appliance/index.js.map +1 -1
- package/dist-server/service/application/application-mutation.d.ts +66 -0
- package/dist-server/service/application/application-mutation.js +47 -61
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-query.d.ts +16 -0
- package/dist-server/service/application/application-query.js +54 -67
- package/dist-server/service/application/application-query.js.map +1 -1
- package/dist-server/service/application/application-types.d.ts +27 -0
- package/dist-server/service/application/application-types.js +41 -49
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.d.ts +35 -0
- package/dist-server/service/application/application.js +42 -54
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/application/index.d.ts +5 -0
- package/dist-server/service/application/index.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.d.ts +6 -0
- package/dist-server/service/domain-generator/domain-generator-mutation.js +21 -32
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.d.ts +19 -0
- package/dist-server/service/domain-generator/domain-generator-types.js +26 -35
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/domain-generator/index.d.ts +2 -0
- package/dist-server/service/domain-generator/index.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-mutation.d.ts +11 -0
- package/dist-server/service/granted-role/granted-role-mutation.js +23 -29
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-query.d.ts +16 -0
- package/dist-server/service/granted-role/granted-role-query.js +31 -43
- package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.d.ts +9 -0
- package/dist-server/service/granted-role/granted-role.js +12 -21
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/granted-role/index.d.ts +5 -0
- package/dist-server/service/granted-role/index.js.map +1 -1
- package/dist-server/service/index.d.ts +31 -0
- package/dist-server/service/index.js +22 -35
- package/dist-server/service/index.js.map +1 -1
- package/dist-server/service/invitation/index.d.ts +5 -0
- package/dist-server/service/invitation/index.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.d.ts +17 -0
- package/dist-server/service/invitation/invitation-mutation.js +26 -37
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-query.d.ts +8 -0
- package/dist-server/service/invitation/invitation-query.js +19 -30
- package/dist-server/service/invitation/invitation-query.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.d.ts +5 -0
- package/dist-server/service/invitation/invitation-types.js +6 -14
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.d.ts +14 -0
- package/dist-server/service/invitation/invitation.js +24 -32
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/index.d.ts +4 -0
- package/dist-server/service/login-history/index.js.map +1 -1
- package/dist-server/service/login-history/login-history-query.d.ts +8 -0
- package/dist-server/service/login-history/login-history-query.js +27 -40
- package/dist-server/service/login-history/login-history-query.js.map +1 -1
- package/dist-server/service/login-history/login-history.d.ts +12 -0
- package/dist-server/service/login-history/login-history.js +29 -38
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/index.d.ts +5 -0
- package/dist-server/service/partner/index.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.d.ts +4 -0
- package/dist-server/service/partner/partner-mutation.js +20 -32
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-query.d.ts +14 -0
- package/dist-server/service/partner/partner-query.js +53 -66
- package/dist-server/service/partner/partner-query.js.map +1 -1
- package/dist-server/service/partner/partner-types.d.ts +5 -0
- package/dist-server/service/partner/partner-types.js +6 -14
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.d.ts +15 -0
- package/dist-server/service/partner/partner.js +24 -33
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/index.d.ts +2 -0
- package/dist-server/service/password-history/index.js.map +1 -1
- package/dist-server/service/password-history/password-history.d.ts +4 -0
- package/dist-server/service/password-history/password-history.js +6 -14
- package/dist-server/service/password-history/password-history.js.map +1 -1
- package/dist-server/service/privilege/index.d.ts +5 -0
- package/dist-server/service/privilege/index.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.d.ts +3 -0
- package/dist-server/service/privilege/privilege-directive.js +4 -7
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.d.ts +7 -0
- package/dist-server/service/privilege/privilege-mutation.js +32 -42
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +13 -0
- package/dist-server/service/privilege/privilege-query.js +41 -53
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege-types.d.ts +25 -0
- package/dist-server/service/privilege/privilege-types.js +35 -43
- package/dist-server/service/privilege/privilege-types.js.map +1 -1
- package/dist-server/service/privilege/privilege.d.ts +15 -0
- package/dist-server/service/privilege/privilege.js +24 -32
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/index.d.ts +5 -0
- package/dist-server/service/role/index.js.map +1 -1
- package/dist-server/service/role/role-mutation.d.ts +8 -0
- package/dist-server/service/role/role-mutation.js +40 -49
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.d.ts +18 -0
- package/dist-server/service/role/role-query.js +73 -84
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.d.ts +33 -0
- package/dist-server/service/role/role-types.js +48 -56
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.d.ts +18 -0
- package/dist-server/service/role/role.js +28 -37
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/index.d.ts +5 -0
- package/dist-server/service/user/index.js.map +1 -1
- package/dist-server/service/user/user-mutation.d.ts +28 -0
- package/dist-server/service/user/user-mutation.js +89 -93
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.d.ts +16 -0
- package/dist-server/service/user/user-query.js +73 -82
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.d.ts +26 -0
- package/dist-server/service/user/user-types.js +40 -48
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +39 -0
- package/dist-server/service/user/user.js +53 -63
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/verification-token/index.d.ts +2 -0
- package/dist-server/service/verification-token/index.js.map +1 -1
- package/dist-server/service/verification-token/verification-token.d.ts +14 -0
- package/dist-server/service/verification-token/verification-token.js +14 -22
- package/dist-server/service/verification-token/verification-token.js.map +1 -1
- package/dist-server/templates/account-unlock-email.d.ts +4 -0
- package/dist-server/templates/account-unlock-email.js.map +1 -1
- package/dist-server/templates/invitation-email.d.ts +4 -0
- package/dist-server/templates/invitation-email.js.map +1 -1
- package/dist-server/templates/reset-password-email.d.ts +4 -0
- package/dist-server/templates/reset-password-email.js.map +1 -1
- package/dist-server/templates/verification-email.d.ts +4 -0
- package/dist-server/templates/verification-email.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -0
- package/dist-server/types.d.ts +17 -0
- package/dist-server/types.js +3 -0
- package/dist-server/types.js.map +1 -0
- package/dist-server/utils/accepts.d.ts +1 -0
- package/dist-server/utils/accepts.js.map +1 -1
- package/dist-server/utils/access-token-cookie.d.ts +3 -0
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.d.ts +10 -0
- package/dist-server/utils/check-user-belongs-domain.js +2 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/get-domain-from-hostname.d.ts +1 -0
- package/dist-server/utils/get-domain-from-hostname.js.map +1 -1
- package/dist-server/utils/get-domain-users.d.ts +5 -0
- package/dist-server/utils/get-domain-users.js +2 -3
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-secret.d.ts +1 -0
- package/dist-server/utils/get-secret.js.map +1 -1
- package/dist-server/utils/get-user-domains.d.ts +5 -0
- package/dist-server/utils/get-user-domains.js +7 -5
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/package.json +15 -13
- package/server/controllers/auth.ts +1 -0
- package/server/controllers/change-pwd.ts +12 -15
- package/server/controllers/checkin.ts +3 -3
- package/server/controllers/invitation.ts +10 -16
- package/server/controllers/profile.ts +4 -3
- package/server/controllers/reset-password.ts +13 -14
- package/server/controllers/signin.ts +4 -2
- package/server/controllers/signup.ts +13 -8
- package/server/controllers/unlock-user.ts +5 -3
- package/server/controllers/utils/password-rule.ts +0 -1
- package/server/controllers/utils/save-invitation-token.ts +2 -1
- package/server/controllers/utils/save-verification-token.ts +2 -1
- package/server/controllers/verification.ts +6 -4
- package/server/errors/auth-error.ts +3 -0
- package/server/errors/user-domain-not-match-error.ts +3 -0
- package/server/index.ts +3 -1
- package/server/middlewares/authenticate-401-middleware.ts +15 -11
- package/server/middlewares/domain-authenticate-middleware.ts +11 -12
- package/server/middlewares/graphql-authenticate-middleware.ts +1 -5
- package/server/middlewares/index.ts +0 -4
- package/server/middlewares/jwt-authenticate-middleware.ts +4 -9
- package/server/middlewares/signin-middleware.ts +6 -5
- package/server/migrations/1548206416130-SeedUser.ts +3 -3
- package/server/migrations/1566805283882-SeedPrivilege.ts +2 -1
- package/server/router/auth-checkin-router.ts +5 -7
- package/server/router/auth-private-process-router.ts +16 -18
- package/server/router/auth-public-process-router.ts +6 -37
- package/server/router/auth-signin-router.ts +1 -5
- package/server/router/auth-signup-router.ts +40 -47
- package/server/router/oauth2/oauth2-authorize-router.ts +4 -10
- package/server/router/oauth2/oauth2-router.ts +4 -11
- package/server/router/oauth2/oauth2-server.ts +19 -34
- package/server/router/path-base-domain-router.ts +0 -4
- package/server/router/site-root-router.ts +4 -11
- package/server/routes.ts +8 -13
- package/server/service/app-binding/app-binding-mutation.ts +6 -8
- package/server/service/app-binding/app-binding-query.ts +15 -14
- package/server/service/appliance/appliance-mutation.ts +14 -13
- package/server/service/appliance/appliance-query.ts +11 -10
- package/server/service/application/application-mutation.ts +24 -18
- package/server/service/application/application-query.ts +20 -17
- package/server/service/domain-generator/domain-generator-mutation.ts +15 -10
- package/server/service/granted-role/granted-role-mutation.ts +15 -13
- package/server/service/granted-role/granted-role-query.ts +12 -10
- package/server/service/invitation/invitation-mutation.ts +7 -5
- package/server/service/invitation/invitation-query.ts +6 -4
- package/server/service/login-history/login-history-query.ts +13 -11
- package/server/service/login-history/login-history.ts +5 -4
- package/server/service/partner/partner-mutation.ts +10 -9
- package/server/service/partner/partner-query.ts +10 -10
- package/server/service/privilege/privilege-directive.ts +1 -3
- package/server/service/privilege/privilege-mutation.ts +15 -9
- package/server/service/privilege/privilege-query.ts +7 -7
- package/server/service/role/role-mutation.ts +18 -11
- package/server/service/role/role-query.ts +18 -16
- package/server/service/user/user-mutation.ts +39 -34
- package/server/service/user/user-query.ts +29 -21
- package/server/service/user/user.ts +12 -10
- package/server/types.ts +21 -0
- package/server/utils/check-user-belongs-domain.ts +2 -2
- package/server/utils/get-domain-users.ts +4 -2
- package/server/utils/get-user-domains.ts +8 -5
- package/things-factory.config.js +1 -1
- package/translations/en.json +2 -5
- package/translations/ko.json +5 -8
- package/translations/ms.json +2 -5
- package/translations/zh.json +2 -5
- package/client/actions/auth.js +0 -16
- package/client/index.js +0 -2
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const oauth2AuthorizeRouter: any;
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.oauth2AuthorizeRouter = void 0;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const koa_router_1 = tslib_1.__importDefault(require("koa-router"));
|
|
6
|
+
const shell_1 = require("@things-factory/shell");
|
|
9
7
|
const application_1 = require("../../service/application/application");
|
|
10
8
|
const oauth2_server_1 = require("./oauth2-server");
|
|
11
|
-
const debug = require('debug')('things-factory:auth-base:oauth2-authorize-router');
|
|
12
9
|
exports.oauth2AuthorizeRouter = new koa_router_1.default();
|
|
13
10
|
// user authorization endpoint
|
|
14
11
|
//
|
|
@@ -26,25 +23,22 @@ exports.oauth2AuthorizeRouter = new koa_router_1.default();
|
|
|
26
23
|
// authorization). We accomplish that here by routing through `ensureLoggedIn()`
|
|
27
24
|
// first, and rendering the `dialog` view.
|
|
28
25
|
exports.oauth2AuthorizeRouter.get('/authorize', oauth2_server_1.server.authorize(async function (clientID, redirectURI) {
|
|
29
|
-
const client = await (0,
|
|
26
|
+
const client = await (0, shell_1.getRepository)(application_1.Application).findOneBy({
|
|
30
27
|
appKey: clientID
|
|
31
28
|
});
|
|
32
29
|
// CONFIRM-ME redirectUrl 의 허용 범위는 ?
|
|
33
30
|
// if (!client.redirectUrl != redirectURI) {
|
|
34
31
|
// return false
|
|
35
32
|
// }
|
|
36
|
-
debug('authorize fetch client', clientID, redirectURI, client);
|
|
37
33
|
return [client || oauth2_server_1.NonClient, redirectURI];
|
|
38
34
|
}), async function (context, next) {
|
|
39
35
|
const { oauth2, user, domain } = context.state;
|
|
40
36
|
let pageElement = 'oauth2-decision';
|
|
41
37
|
let elementScript = '/oauth2/oauth2-decision-page.js';
|
|
42
38
|
if (oauth2.client.id === oauth2_server_1.NonClient.id) {
|
|
43
|
-
debug('authorize client not found : will render not found error in the decision page');
|
|
44
39
|
pageElement = 'oauth2-decision-error';
|
|
45
40
|
elementScript = '/oauth2/oauth2-decision-error-page.js';
|
|
46
41
|
}
|
|
47
|
-
debug('authorize render page', oauth2);
|
|
48
42
|
try {
|
|
49
43
|
await context.render('oauth2-page', {
|
|
50
44
|
pageElement,
|
|
@@ -65,7 +59,6 @@ exports.oauth2AuthorizeRouter.get('/authorize', oauth2_server_1.server.authorize
|
|
|
65
59
|
// })
|
|
66
60
|
}
|
|
67
61
|
catch (e) {
|
|
68
|
-
debug('render decision page error', e);
|
|
69
62
|
throw e;
|
|
70
63
|
}
|
|
71
64
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AAErD,uEAAmE;AACnE,mDAAwE;AAE3D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,sBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,yBAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,yBAAS,CAAC,EAAE,EAAE;QACrC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;KACxD;IAED,IAAI;QACF,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,kCACD,MAAM,KACT,IAAI,EAAE;wBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;wBACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;qBACzB,GACF;aACF;SACF,CAAC,CAAA;QACF,uCAAuC;QACvC,oBAAoB;QACpB,2HAA2H;QAC3H,oBAAoB;QACpB,KAAK;KACN;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { Application } from '../../service/application/application'\nimport { NonClient, server as oauth2orizeServer } from './oauth2-server'\n\nexport const oauth2AuthorizeRouter = new Router()\n\n// user authorization endpoint\n//\n// `authorization` middleware accepts a `validate` callback which is\n// responsible for validating the client making the authorization request. In\n// doing so, is recommended that the `redirectURI` be checked against a\n// registered value, although security requirements may vary accross\n// implementations. Once validated, the `done` callback must be invoked with\n// a `client` instance, as well as the `redirectURI` to which the user will be\n// redirected after an authorization decision is obtained.\n//\n// This middleware simply initializes a new authorization transaction. It is\n// the application's responsibility to authenticate the user and render a dialog\n// to obtain their approval (displaying details about the client requesting\n// authorization). We accomplish that here by routing through `ensureLoggedIn()`\n// first, and rendering the `dialog` view.\n\noauth2AuthorizeRouter.get(\n '/authorize',\n oauth2orizeServer.authorize(async function (clientID, redirectURI) {\n const client = await getRepository(Application).findOneBy({\n appKey: clientID\n })\n // CONFIRM-ME redirectUrl 의 허용 범위는 ?\n // if (!client.redirectUrl != redirectURI) {\n // return false\n // }\n\n return [client || NonClient, redirectURI]\n }),\n async function (context, next) {\n const { oauth2, user, domain } = context.state\n\n let pageElement: string = 'oauth2-decision'\n let elementScript: string = '/oauth2/oauth2-decision-page.js'\n\n if (oauth2.client.id === NonClient.id) {\n pageElement = 'oauth2-decision-error'\n elementScript = '/oauth2/oauth2-decision-error-page.js'\n }\n\n try {\n await context.render('oauth2-page', {\n pageElement,\n elementScript,\n data: {\n domain,\n oauth2: {\n ...oauth2,\n user: {\n id: oauth2.user.id,\n name: oauth2.user.name,\n email: oauth2.user.email\n }\n }\n }\n })\n // await context.render(decisionPage, {\n // domain: domain,\n // ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals\n // availableScopes\n // })\n } catch (e) {\n throw e\n }\n }\n)\n"]}
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.oauth2Router = void 0;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
9
|
-
const
|
|
10
|
-
const
|
|
11
|
-
const
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const jsonwebtoken_1 = tslib_1.__importDefault(require("jsonwebtoken"));
|
|
6
|
+
const koa_compose_1 = tslib_1.__importDefault(require("koa-compose"));
|
|
7
|
+
const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
|
|
8
|
+
const koa_router_1 = tslib_1.__importDefault(require("koa-router"));
|
|
12
9
|
const shell_1 = require("@things-factory/shell");
|
|
13
10
|
const middlewares_1 = require("../../middlewares");
|
|
14
11
|
const application_1 = require("../../service/application/application");
|
|
@@ -17,12 +14,10 @@ const access_token_cookie_1 = require("../../utils/access-token-cookie");
|
|
|
17
14
|
const get_secret_1 = require("../../utils/get-secret");
|
|
18
15
|
const oauth2_server_1 = require("./oauth2-server");
|
|
19
16
|
const passport_oauth2_client_password_1 = require("./passport-oauth2-client-password");
|
|
20
|
-
const debug = require('debug')('things-factory:auth-base:oauth2-router');
|
|
21
17
|
exports.oauth2Router = new koa_router_1.default();
|
|
22
18
|
koa_passport_1.default.use('oauth2-client-password', new passport_oauth2_client_password_1.Strategy({}, (clientId, clientSecret, done) => {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
.findOne({
|
|
19
|
+
(0, shell_1.getRepository)(application_1.Application)
|
|
20
|
+
.findOneBy({
|
|
26
21
|
appKey: clientId
|
|
27
22
|
})
|
|
28
23
|
.then(client => {
|
|
@@ -56,7 +51,7 @@ exports.oauth2Router.post('/refresh-token', async (context, next) => {
|
|
|
56
51
|
const refreshToken = (_b = (_a = context.request) === null || _a === void 0 ? void 0 : _a.body) === null || _b === void 0 ? void 0 : _b.refreshToken;
|
|
57
52
|
if (!refreshToken)
|
|
58
53
|
throw new Error('Missing refresh token');
|
|
59
|
-
const appUser = await (0,
|
|
54
|
+
const appUser = await (0, shell_1.getRepository)(user_1.User).findOneBy({
|
|
60
55
|
password: refreshToken
|
|
61
56
|
});
|
|
62
57
|
if (!appUser)
|
|
@@ -65,7 +60,7 @@ exports.oauth2Router.post('/refresh-token', async (context, next) => {
|
|
|
65
60
|
jsonwebtoken_1.default.verify(refreshToken, get_secret_1.SECRET);
|
|
66
61
|
const decoded = jsonwebtoken_1.default.decode(refreshToken);
|
|
67
62
|
const subdomain = decoded.domain.subdomain;
|
|
68
|
-
const domain = await (0,
|
|
63
|
+
const domain = await (0, shell_1.getRepository)(shell_1.Domain).findOne({
|
|
69
64
|
where: { subdomain }
|
|
70
65
|
});
|
|
71
66
|
if (!domain)
|
|
@@ -75,7 +70,7 @@ exports.oauth2Router.post('/refresh-token', async (context, next) => {
|
|
|
75
70
|
const newAccessToken = application_1.Application.generateAccessToken(domain, appUser, appKey, scopes);
|
|
76
71
|
const newRefreshToken = application_1.Application.generateRefreshToken(domain, appUser, appKey, scopes);
|
|
77
72
|
appUser.password = newRefreshToken;
|
|
78
|
-
await (0,
|
|
73
|
+
await (0, shell_1.getRepository)(user_1.User).save(appUser);
|
|
79
74
|
(0, access_token_cookie_1.setAccessTokenCookie)(context, newAccessToken);
|
|
80
75
|
context.body = {
|
|
81
76
|
accessToken: newAccessToken,
|
|
@@ -89,7 +84,6 @@ exports.oauth2Router.post('/refresh-token', async (context, next) => {
|
|
|
89
84
|
});
|
|
90
85
|
exports.oauth2Router.get('/profile', middlewares_1.jwtAuthenticateMiddleware, async (context, next) => {
|
|
91
86
|
const { user, domain } = context.state;
|
|
92
|
-
debug('getting user/application profile', user, domain);
|
|
93
87
|
const { name, description, email, userType: type, locale } = user;
|
|
94
88
|
const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {};
|
|
95
89
|
var application = {};
|
|
@@ -125,7 +119,7 @@ exports.oauth2Router.post('/disconnect', middlewares_1.jwtAuthenticateMiddleware
|
|
|
125
119
|
user.domains = [];
|
|
126
120
|
user.roles = [];
|
|
127
121
|
user.status = user_1.UserStatus.DELETED;
|
|
128
|
-
await (0,
|
|
122
|
+
await (0, shell_1.getRepository)(user_1.User).save(user);
|
|
129
123
|
}
|
|
130
124
|
context.status = 200;
|
|
131
125
|
context.body = 'ok';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,mDAA6D;AAC7D,uEAAmE;AACnE,kDAA0D;AAC1D,yEAAsE;AACtE,uDAA+C;AAC/C,mDAA6D;AAC7D,uFAAsF;AAUzE,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,0CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,yBAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE;YAC/C,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;SACP;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,uCAAyB,EACzB,IAAA,qBAAO,EACL,sBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,sBAAiB,CAAC,KAAK,EAAE,EACzB,sBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;;IAC1D,MAAM,YAAY,GAAuB,MAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,0CAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACpE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI;QACF,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,0CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;KACzB;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE;QACzB,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;KAChE;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI;QACF,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE5B,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE;YACjD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;SACpC;aAAM;YACL,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,iBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACrC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CAAC,CAAA","sourcesContent":["import jwt from 'jsonwebtoken'\nimport compose from 'koa-compose'\nimport passport from 'koa-passport'\nimport Router from 'koa-router'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { jwtAuthenticateMiddleware } from '../../middlewares'\nimport { Application } from '../../service/application/application'\nimport { User, UserStatus } from '../../service/user/user'\nimport { setAccessTokenCookie } from '../../utils/access-token-cookie'\nimport { SECRET } from '../../utils/get-secret'\nimport { server as oauth2orizeServer } from './oauth2-server'\nimport { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password'\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n oauthDisconnect: (user: User) => Promise<void>\n }\n }\n}\n\nexport const oauth2Router = new Router()\n\npassport.use(\n 'oauth2-client-password',\n new ClientPasswordStrategy({}, (clientId, clientSecret, done) => {\n getRepository(Application)\n .findOneBy({\n appKey: clientId\n })\n .then(client => {\n if (!client || client.appSecret != clientSecret) {\n done(null, false)\n return\n }\n\n done(null, client)\n })\n .catch(err => done(err))\n })\n)\n\n// user decision endpoint\n//\n// `decision` middleware processes a user's decision to allow or deny access\n// requested by a client application. Based on the grant type requested by the\n// client, the above grant middleware configured above will be invoked to send\n// a response.\n\noauth2Router.post(\n '/decision',\n jwtAuthenticateMiddleware,\n compose(\n oauth2orizeServer.decision(async function (context) {\n const { request } = context\n\n return request.body\n })\n )\n)\n\n// token endpoint\n//\n// `token` middleware handles client requests to exchange authorization grants\n// for access tokens. Based on the grant type being exchanged, the above\n// exchange middleware will be invoked to handle the request. Clients must\n// authenticate when making requests to this endpoint.\n\noauth2Router.post(\n '/access-token',\n passport.authenticate('oauth2-client-password', { session: false }),\n oauth2orizeServer.token(),\n oauth2orizeServer.errorHandler()\n)\n\noauth2Router.post('/refresh-token', async (context, next) => {\n const refreshToken: string | undefined = context.request?.body?.refreshToken\n if (!refreshToken) throw new Error('Missing refresh token')\n\n const appUser: User | undefined = await getRepository(User).findOneBy({\n password: refreshToken\n })\n\n if (!appUser) throw new Error('App user is not found')\n\n try {\n jwt.verify(refreshToken, SECRET)\n const decoded = jwt.decode(refreshToken) as any\n const subdomain: string = decoded.domain.subdomain\n const domain: Domain | undefined = await getRepository(Domain).findOne({\n where: { subdomain }\n })\n if (!domain) throw new Error('Domain is not found')\n const appKey: string = decoded.application.appKey\n const scopes: any[] = decoded.scope\n\n const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)\n const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)\n\n appUser.password = newRefreshToken\n await getRepository(User).save(appUser)\n\n setAccessTokenCookie(context, newAccessToken)\n\n context.body = {\n accessToken: newAccessToken,\n refreshToken: newRefreshToken\n }\n } catch (e) {\n context.status = 401\n context.body = e.message\n }\n})\n\noauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const { name, description, email, userType: type, locale } = user\n const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {}\n\n var application = {}\n if (type == 'application') {\n /* user entity에 reference 필드가 추가되기 전까지, appKey취득 방법임. */\n application['appKey'] = email.substr(0, email.lastIndexOf('@'))\n }\n\n context.body = {\n profile: {\n name,\n description,\n email,\n type /* (admin|user|application|appliance) */,\n domain: {\n name: domainName,\n subdomain,\n brandName,\n brandImage,\n contentImage,\n timezone\n },\n application\n }\n }\n})\n\noauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next) => {\n try {\n let { user } = context.state\n\n if (typeof process.oauthDisconnect === 'function') {\n await process.oauthDisconnect(user)\n } else {\n user.domains = []\n user.roles = []\n user.status = UserStatus.DELETED\n await getRepository(User).save(user)\n }\n context.status = 200\n context.body = 'ok'\n } catch (e) {\n throw e\n }\n})\n"]}
|
|
@@ -1,10 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.server = exports.NonClient = exports.NOTFOUND = void 0;
|
|
7
|
-
const
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const oauth2orize_koa_1 = tslib_1.__importDefault(require("oauth2orize-koa"));
|
|
8
6
|
const typeorm_1 = require("typeorm");
|
|
9
7
|
const env_1 = require("@things-factory/env");
|
|
10
8
|
const shell_1 = require("@things-factory/shell");
|
|
@@ -12,7 +10,6 @@ const application_1 = require("../../service/application/application");
|
|
|
12
10
|
const role_1 = require("../../service/role/role");
|
|
13
11
|
const user_1 = require("../../service/user/user");
|
|
14
12
|
const crypto = require('crypto');
|
|
15
|
-
const debug = require('debug')('things-factory:auth-base:oauth2-server');
|
|
16
13
|
exports.NOTFOUND = 'NOTFOUND';
|
|
17
14
|
exports.NonClient = {
|
|
18
15
|
id: exports.NOTFOUND
|
|
@@ -32,16 +29,13 @@ exports.server = oauth2orize_koa_1.default.createServer();
|
|
|
32
29
|
// simple matter of serializing the client's ID, and deserializing by finding
|
|
33
30
|
// the client by ID from the database.
|
|
34
31
|
exports.server.serializeClient(async function (client) {
|
|
35
|
-
debug('serialze', client);
|
|
36
32
|
return client.id;
|
|
37
33
|
});
|
|
38
34
|
exports.server.deserializeClient(async function (id) {
|
|
39
35
|
if (id == exports.NOTFOUND) {
|
|
40
|
-
debug('deserialize - not found');
|
|
41
36
|
return {};
|
|
42
37
|
}
|
|
43
|
-
const application = await (0,
|
|
44
|
-
debug('deserialize', id, application);
|
|
38
|
+
const application = await (0, shell_1.getRepository)(application_1.Application).findOneBy({ id });
|
|
45
39
|
return application;
|
|
46
40
|
});
|
|
47
41
|
// Register supported grant types.
|
|
@@ -69,21 +63,17 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.code(async (client, c
|
|
|
69
63
|
try {
|
|
70
64
|
/* authorization code */
|
|
71
65
|
var decoded = application_1.Application.verifyAuthCode(code);
|
|
72
|
-
debug('exchange code - decoded', decoded);
|
|
73
66
|
}
|
|
74
67
|
catch (e) {
|
|
75
|
-
debug('exchange code', e);
|
|
76
68
|
return false;
|
|
77
69
|
}
|
|
78
70
|
let { email, appKey, subdomain, scopes } = decoded;
|
|
79
|
-
const application = await (0,
|
|
71
|
+
const application = await (0, shell_1.getRepository)(application_1.Application).findOneBy({
|
|
80
72
|
appKey
|
|
81
73
|
});
|
|
82
74
|
if (!application) {
|
|
83
|
-
debug('exchange code', 'application is not exist');
|
|
84
75
|
return false;
|
|
85
76
|
}
|
|
86
|
-
debug('exchange code - application', application);
|
|
87
77
|
/* DONT-FORGET uncomment after test */
|
|
88
78
|
// if (redirectUrl !== application.redirectUrl && redirectUrl.indexOf(application.redirectUrl) != 0) {
|
|
89
79
|
// logger.error(
|
|
@@ -96,19 +86,20 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.code(async (client, c
|
|
|
96
86
|
// `oauth2 exchange error - redirectUrl should begins with the application setting : '${redirectUrl}':'${application.redirectUrl}'`
|
|
97
87
|
// )
|
|
98
88
|
// }
|
|
99
|
-
const domain = await (0,
|
|
89
|
+
const domain = await (0, shell_1.getRepository)(shell_1.Domain).findOneBy({
|
|
100
90
|
subdomain
|
|
101
91
|
});
|
|
102
|
-
const creator = await (0,
|
|
92
|
+
const creator = await (0, shell_1.getRepository)(user_1.User).findOneBy({ email });
|
|
103
93
|
const appuserEmail = `${crypto.randomUUID()}@${subdomain}`;
|
|
104
|
-
var appuser = await (0,
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
94
|
+
var appuser = await (0, shell_1.getRepository)(user_1.User).findOne({
|
|
95
|
+
where: {
|
|
96
|
+
email: appuserEmail,
|
|
97
|
+
reference: application.id,
|
|
98
|
+
userType: 'application'
|
|
99
|
+
},
|
|
109
100
|
relations: ['domains', 'creator', 'updater']
|
|
110
101
|
});
|
|
111
|
-
appuser = await (0,
|
|
102
|
+
appuser = await (0, shell_1.getRepository)(user_1.User).save(Object.assign(Object.assign({}, (appuser || {})), { email: appuserEmail, name: application.name, userType: 'application', reference: application.id, domains: [domain], roles: scopes, status: user_1.UserStatus.ACTIVATED, updater: creator, creator }));
|
|
112
103
|
// appuser = await getRepository(User).findOne({
|
|
113
104
|
// where: { email: appuserEmail },
|
|
114
105
|
// relations: ['domains']
|
|
@@ -119,7 +110,7 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.code(async (client, c
|
|
|
119
110
|
// Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.
|
|
120
111
|
var accessToken = application_1.Application.generateAccessToken(domain, appuser, appKey, scopes);
|
|
121
112
|
var refreshToken = application_1.Application.generateRefreshToken(domain, appuser, appKey, scopes);
|
|
122
|
-
await (0,
|
|
113
|
+
await (0, shell_1.getRepository)(user_1.User).save(Object.assign(Object.assign({}, appuser), { password: refreshToken }));
|
|
123
114
|
return [
|
|
124
115
|
accessToken,
|
|
125
116
|
refreshToken,
|
|
@@ -134,38 +125,37 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.refreshToken(async (c
|
|
|
134
125
|
try {
|
|
135
126
|
/* refresh token */
|
|
136
127
|
var decoded = application_1.Application.verifyAuthCode(refreshToken);
|
|
137
|
-
debug('exchange refresh-token - decoded', decoded);
|
|
138
128
|
}
|
|
139
129
|
catch (e) {
|
|
140
130
|
env_1.logger.error(e);
|
|
141
131
|
return false;
|
|
142
132
|
}
|
|
143
133
|
const { id, userType, email, application: { appKey }, domain: { subdomain }, scope: originalScope, exp: expires_in } = decoded;
|
|
144
|
-
const application = await (0,
|
|
134
|
+
const application = await (0, shell_1.getRepository)(application_1.Application).findOneBy({
|
|
145
135
|
appKey
|
|
146
136
|
});
|
|
147
137
|
if (!application) {
|
|
148
138
|
env_1.logger.error('application is not exist');
|
|
149
139
|
return false;
|
|
150
140
|
}
|
|
151
|
-
debug('exchange refresh-token - application', application === null || application === void 0 ? void 0 : application.name);
|
|
152
141
|
if (Date.now() > expires_in * 1000) {
|
|
153
142
|
env_1.logger.error('refresh token is expired');
|
|
154
143
|
return false;
|
|
155
144
|
}
|
|
156
|
-
const domain = await (0,
|
|
145
|
+
const domain = await (0, shell_1.getRepository)(shell_1.Domain).findOneBy({
|
|
157
146
|
subdomain
|
|
158
147
|
});
|
|
159
|
-
const creator = await (0,
|
|
148
|
+
const creator = await (0, shell_1.getRepository)(user_1.User).findOneBy({
|
|
160
149
|
id,
|
|
161
150
|
userType
|
|
162
151
|
});
|
|
163
152
|
const appuserEmail = `${appKey}@${subdomain}`;
|
|
164
|
-
var appuser = await (0,
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
153
|
+
var appuser = await (0, shell_1.getRepository)(user_1.User).findOne({
|
|
154
|
+
where: {
|
|
155
|
+
email: appuserEmail,
|
|
156
|
+
reference: application.id,
|
|
157
|
+
userType: 'application'
|
|
158
|
+
},
|
|
169
159
|
relations: ['domain', 'creator', 'updater']
|
|
170
160
|
});
|
|
171
161
|
if (!appuser) {
|
|
@@ -183,13 +173,13 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.refreshToken(async (c
|
|
|
183
173
|
env_1.logger.error(`additional scope(${additionalScope}) required`);
|
|
184
174
|
return false;
|
|
185
175
|
}
|
|
186
|
-
const roles = await (0,
|
|
176
|
+
const roles = await (0, shell_1.getRepository)(role_1.Role).findBy({
|
|
187
177
|
name: (0, typeorm_1.In)(scopes),
|
|
188
178
|
domain
|
|
189
179
|
});
|
|
190
180
|
var accessToken = application_1.Application.generateAccessToken(domain, appuser, appKey, scope);
|
|
191
181
|
var refreshToken = application_1.Application.generateRefreshToken(domain, appuser, appKey, scope);
|
|
192
|
-
await (0,
|
|
182
|
+
await (0, shell_1.getRepository)(user_1.User).save(Object.assign(Object.assign({}, appuser), { roles, password: refreshToken }));
|
|
193
183
|
return [
|
|
194
184
|
accessToken,
|
|
195
185
|
refreshToken,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-server.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-server.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAyC;AACzC,qCAA2C;AAE3C,6CAA4C;AAC5C,iDAA8C;AAE9C,uEAAmE;AACnE,kDAA8C;AAC9C,kDAA0D;AAE1D,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAChC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,wCAAwC,CAAC,CAAA;AAE3D,QAAA,QAAQ,GAAG,UAAU,CAAA;AACrB,QAAA,SAAS,GAAG;IACvB,EAAE,EAAE,gBAAQ;CACb,CAAA;AAED,0BAA0B;AACb,QAAA,MAAM,GAAG,yBAAW,CAAC,YAAY,EAAE,CAAA;AAEhD,2DAA2D;AAC3D,EAAE;AACF,oEAAoE;AACpE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,sCAAsC;AAEtC,cAAM,CAAC,eAAe,CAAC,KAAK,WAAW,MAAM;IAC3C,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;IACzB,OAAO,MAAM,CAAC,EAAE,CAAA;AAClB,CAAC,CAAC,CAAA;AAEF,cAAM,CAAC,iBAAiB,CAAC,KAAK,WAAW,EAAE;IACzC,IAAI,EAAE,IAAI,gBAAQ,EAAE;QAClB,KAAK,CAAC,yBAAyB,CAAC,CAAA;QAChC,OAAO,EAAE,CAAA;KACV;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,uBAAa,EAAC,yBAAW,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAChE,KAAK,CAAC,aAAa,EAAE,EAAE,EAAE,WAAW,CAAC,CAAA;IACrC,OAAO,WAAW,CAAA;AACpB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,iCAAiC;AAEjC,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,6EAA6E;AAC7E,2EAA2E;AAC3E,qDAAqD;AAErD,cAAM,CAAC,KAAK,CACV,yBAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;IAExD,OAAO,yBAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;AAC9E,CAAC,CAAC,CACH,CAAA;AAED,4EAA4E;AAC5E,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,QAAQ;AAER,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE;IAC5D,IAAI;QACF,wBAAwB;QACxB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACnD,KAAK,CAAC,yBAAyB,EAAE,OAAO,CAAC,CAAA;KAC1C;IAAC,OAAO,CAAC,EAAE;QACV,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC,CAAA;QACzB,OAAO,KAAK,CAAA;KACb;IACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAElD,MAAM,WAAW,GAAgB,MAAM,IAAA,uBAAa,EAAC,yBAAW,CAAC,CAAC,OAAO,CAAC;QACxE,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,KAAK,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAA;QAClD,OAAO,KAAK,CAAA;KACb;IAED,KAAK,CAAC,6BAA6B,EAAE,WAAW,CAAC,CAAA;IAEjD,sCAAsC;IACtC,sGAAsG;IACtG,kBAAkB;IAClB,wFAAwF;IACxF,mBAAmB;IACnB,8BAA8B;IAC9B,MAAM;IACN,oBAAoB;IACpB,yBAAyB;IACzB,uIAAuI;IACvI,MAAM;IACN,IAAI;IAEJ,MAAM,MAAM,GAAW,MAAM,IAAA,uBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;QACzD,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;IAElE,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,IAAI,SAAS,EAAE,CAAA;IAE1D,IAAI,OAAO,GAAS,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CACnD;QACE,KAAK,EAAE,YAAY;QACnB,SAAS,EAAE,WAAW,CAAC,EAAE;QACzB,QAAQ,EAAE,aAAa;KACxB,EACD;QACE,SAAS,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC7C,CACF,CAAA;IAED,OAAO,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACnC,CAAC,OAAO,IAAI,EAAE,CAAC,KAClB,KAAK,EAAE,YAAY,EACnB,IAAI,EAAE,WAAW,CAAC,IAAI,EACtB,QAAQ,EAAE,aAAa,EACvB,SAAS,EAAE,WAAW,CAAC,EAAE,EACzB,OAAO,EAAE,CAAC,MAAM,CAAC,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,iBAAU,CAAC,SAAS,EAC5B,OAAO,EAAE,OAAO,EAChB,OAAO,IACP,CAAA;IAEF,gDAAgD;IAChD,oCAAoC;IACpC,2BAA2B;IAC3B,KAAK;IAEL,8CAA8C;IAC9C,0CAA0C;IAC1C,yEAAyE;IACzE,qEAAqE;IAErE,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAClF,IAAI,YAAY,GAAG,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAEpF,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;SACpB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA;AAED,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE;IACtE,IAAI;QACF,mBAAmB;QACnB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;QAC3D,KAAK,CAAC,kCAAkC,EAAE,OAAO,CAAC,CAAA;KACnD;IAAC,OAAO,CAAC,EAAE;QACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,OAAO,KAAK,CAAA;KACb;IACD,MAAM,EACJ,EAAE,EACF,QAAQ,EACR,KAAK,EACL,WAAW,EAAE,EAAE,MAAM,EAAE,EACvB,MAAM,EAAE,EAAE,SAAS,EAAE,EACrB,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,UAAU,EAChB,GAAG,OAAO,CAAA;IAEX,MAAM,WAAW,GAAgB,MAAM,IAAA,uBAAa,EAAC,yBAAW,CAAC,CAAC,OAAO,CAAC;QACxE,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED,KAAK,CAAC,sCAAsC,EAAE,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,CAAC,CAAA;IAEhE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,EAAE;QAClC,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED,MAAM,MAAM,GAAW,MAAM,IAAA,uBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;QACzD,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACtD,EAAE;QACF,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAE7C,IAAI,OAAO,GAAS,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CACnD;QACE,KAAK,EAAE,YAAY;QACnB,SAAS,EAAE,WAAW,CAAC,EAAE;QACzB,QAAQ,EAAE,aAAa;KACxB,EACD;QACE,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;KAC5C,CACF,CAAA;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED;;OAEG;IAEH,KAAK,GAAG,KAAK,IAAI,aAAa,CAAA;IAE9B,MAAM,MAAM,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,cAAc,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,eAAe,EAAE;QACnB,YAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,YAAY,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAA;KACb;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC;QAC3C,IAAI,EAAE,IAAA,YAAE,EAAC,MAAM,CAAC;QAChB,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IACjF,IAAI,YAAY,GAAQ,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IAExF,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,KAAK,EACL,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;SACrB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth2-server.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-server.ts"],"names":[],"mappings":";;;;AAAA,8EAAyC;AACzC,qCAA4B;AAE5B,6CAA4C;AAC5C,iDAA6D;AAE7D,uEAAmE;AACnE,kDAA8C;AAC9C,kDAA0D;AAE1D,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEnB,QAAA,QAAQ,GAAG,UAAU,CAAA;AACrB,QAAA,SAAS,GAAG;IACvB,EAAE,EAAE,gBAAQ;CACb,CAAA;AAED,0BAA0B;AACb,QAAA,MAAM,GAAG,yBAAW,CAAC,YAAY,EAAE,CAAA;AAEhD,2DAA2D;AAC3D,EAAE;AACF,oEAAoE;AACpE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,sCAAsC;AAEtC,cAAM,CAAC,eAAe,CAAC,KAAK,WAAW,MAAM;IAC3C,OAAO,MAAM,CAAC,EAAE,CAAA;AAClB,CAAC,CAAC,CAAA;AAEF,cAAM,CAAC,iBAAiB,CAAC,KAAK,WAAW,EAAE;IACzC,IAAI,EAAE,IAAI,gBAAQ,EAAE;QAClB,OAAO,EAAE,CAAA;KACV;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IACtE,OAAO,WAAW,CAAA;AACpB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,iCAAiC;AAEjC,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,6EAA6E;AAC7E,2EAA2E;AAC3E,qDAAqD;AAErD,cAAM,CAAC,KAAK,CACV,yBAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;IAExD,OAAO,yBAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;AAC9E,CAAC,CAAC,CACH,CAAA;AAED,4EAA4E;AAC5E,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,QAAQ;AAER,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE;IAC5D,IAAI;QACF,wBAAwB;QACxB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;KACpD;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,KAAK,CAAA;KACb;IACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAElD,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,OAAO,KAAK,CAAA;KACb;IAED,sCAAsC;IACtC,sGAAsG;IACtG,kBAAkB;IAClB,wFAAwF;IACxF,mBAAmB;IACnB,8BAA8B;IAC9B,MAAM;IACN,oBAAoB;IACpB,yBAAyB;IACzB,uIAAuI;IACvI,MAAM;IACN,IAAI;IAEJ,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;IAEpE,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,IAAI,SAAS,EAAE,CAAA;IAE1D,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QAED,SAAS,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACnC,CAAC,OAAO,IAAI,EAAE,CAAC,KAClB,KAAK,EAAE,YAAY,EACnB,IAAI,EAAE,WAAW,CAAC,IAAI,EACtB,QAAQ,EAAE,aAAa,EACvB,SAAS,EAAE,WAAW,CAAC,EAAE,EACzB,OAAO,EAAE,CAAC,MAAM,CAAC,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,iBAAU,CAAC,SAAS,EAC5B,OAAO,EAAE,OAAO,EAChB,OAAO,IACP,CAAA;IAEF,gDAAgD;IAChD,oCAAoC;IACpC,2BAA2B;IAC3B,KAAK;IAEL,8CAA8C;IAC9C,0CAA0C;IAC1C,yEAAyE;IACzE,qEAAqE;IAErE,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAClF,IAAI,YAAY,GAAG,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAEpF,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;SACpB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA;AAED,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE;IACtE,IAAI;QACF,mBAAmB;QACnB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;KAC5D;IAAC,OAAO,CAAC,EAAE;QACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,OAAO,KAAK,CAAA;KACb;IACD,MAAM,EACJ,EAAE,EACF,QAAQ,EACR,KAAK,EACL,WAAW,EAAE,EAAE,MAAM,EAAE,EACvB,MAAM,EAAE,EAAE,SAAS,EAAE,EACrB,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,UAAU,EAChB,GAAG,OAAO,CAAA;IAEX,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,EAAE;QAClC,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACxD,EAAE;QACF,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAE7C,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QACD,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;KAC5C,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE;QACZ,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED;;OAEG;IAEH,KAAK,GAAG,KAAK,IAAI,aAAa,CAAA;IAE9B,MAAM,MAAM,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,cAAc,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,eAAe,EAAE;QACnB,YAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,YAAY,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAA;KACb;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,MAAM,CAAC;QAC7C,IAAI,EAAE,IAAA,YAAE,EAAC,MAAM,CAAC;QAChB,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IACjF,IAAI,YAAY,GAAQ,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IAExF,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,KAAK,EACL,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;SACrB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA","sourcesContent":["import oauth2orize from 'oauth2orize-koa'\nimport { In } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { Application } from '../../service/application/application'\nimport { Role } from '../../service/role/role'\nimport { User, UserStatus } from '../../service/user/user'\n\nconst crypto = require('crypto')\n\nexport const NOTFOUND = 'NOTFOUND'\nexport const NonClient = {\n id: NOTFOUND\n}\n\n// create OAuth 2.0 server\nexport const server = oauth2orize.createServer()\n\n// Register serialialization and deserialization functions.\n//\n// When a client redirects a user to user authorization endpoint, an\n// authorization transaction is initiated. To complete the transaction, the\n// user must authenticate and approve the authorization request. Because this\n// may involve multiple HTTP request/response exchanges, the transaction is\n// stored in the session.\n//\n// An application must supply serialization functions, which determine how the\n// client object is serialized into the session. Typically this will be a\n// simple matter of serializing the client's ID, and deserializing by finding\n// the client by ID from the database.\n\nserver.serializeClient(async function (client) {\n return client.id\n})\n\nserver.deserializeClient(async function (id) {\n if (id == NOTFOUND) {\n return {}\n }\n\n const application = await getRepository(Application).findOneBy({ id })\n return application\n})\n\n// Register supported grant types.\n//\n// OAuth 2.0 specifies a framework that allows users to grant client\n// applications limited access to their protected resources. It does this\n// through a process of the user granting access, and the client exchanging\n// the grant for an access token.\n\n// Grant authorization codes. The callback takes the `client` requesting\n// authorization, the `redirectURI` (which is used as a verifier in the\n// subsequent exchange), the authenticated `user` granting access, and\n// their response, which contains approved scope, duration, etc. as parsed by\n// the application. The application issues a code, which is bound to these\n// values, and will be exchanged for an access token.\n\nserver.grant(\n oauth2orize.grant.code(async (client, redirectUrl, user, ares, areq) => {\n const { email, appKey, subdomain, scopes, state } = ares\n\n return Application.generateAuthCode(email, appKey, subdomain, scopes, state)\n })\n)\n\n// Exchange authorization codes for access tokens. The callback accepts the\n// `client`, which is exchanging `code` and any `redirectURI` from the\n// authorization request for verification. If these values are validated, the\n// application issues an access token on behalf of the user who authorized the\n// code.\n\nserver.exchange(\n oauth2orize.exchange.code(async (client, code, redirectUrl) => {\n try {\n /* authorization code */\n var decoded: any = Application.verifyAuthCode(code)\n } catch (e) {\n return false\n }\n let { email, appKey, subdomain, scopes } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n return false\n }\n\n /* DONT-FORGET uncomment after test */\n // if (redirectUrl !== application.redirectUrl && redirectUrl.indexOf(application.redirectUrl) != 0) {\n // logger.error(\n // 'oauth2 exchange error - redirectUrl should begins with the application setting',\n // redirectUrl,\n // application.redirectUrl\n // )\n // // return false\n // throw new TypeError(\n // `oauth2 exchange error - redirectUrl should begins with the application setting : '${redirectUrl}':'${application.redirectUrl}'`\n // )\n // }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({ email })\n\n const appuserEmail = `${crypto.randomUUID()}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n\n relations: ['domains', 'creator', 'updater']\n })\n\n appuser = await getRepository(User).save({\n ...(appuser || {}),\n email: appuserEmail,\n name: application.name,\n userType: 'application',\n reference: application.id,\n domains: [domain],\n roles: scopes,\n status: UserStatus.ACTIVATED,\n updater: creator,\n creator\n })\n\n // appuser = await getRepository(User).findOne({\n // where: { email: appuserEmail },\n // relations: ['domains']\n // })\n\n // appuser.domains = Promise.resolve([domain])\n // await getRepository(User).save(appuser)\n // Lazy relation 필드들(domain, domains)들에 대한 업데이트. 이상의 방법으로 업데이트 해야하는 것 같다.\n // Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scopes)\n var refreshToken = Application.generateRefreshToken(domain, appuser, appKey, scopes)\n\n await getRepository(User).save({\n ...(appuser as any),\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer',\n centerId: subdomain\n }\n ]\n })\n)\n\nserver.exchange(\n oauth2orize.exchange.refreshToken(async (client, refreshToken, scope) => {\n try {\n /* refresh token */\n var decoded: any = Application.verifyAuthCode(refreshToken)\n } catch (e) {\n logger.error(e)\n return false\n }\n const {\n id,\n userType,\n email,\n application: { appKey },\n domain: { subdomain },\n scope: originalScope,\n exp: expires_in\n } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n logger.error('application is not exist')\n return false\n }\n\n if (Date.now() > expires_in * 1000) {\n logger.error('refresh token is expired')\n return false\n }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({\n id,\n userType\n })\n\n const appuserEmail = `${appKey}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n relations: ['domain', 'creator', 'updater']\n })\n\n if (!appuser) {\n logger.error('application is not bound')\n return false\n }\n\n /*\n * `scope` is the scope of access requested by the client, which must not include any scope not originally granted.\n */\n\n scope = scope || originalScope\n\n const scopes: string[] = scope.split(',')\n const originalScopes = (originalScope || '').split(',')\n const additionalScope = scopes.find(scope => originalScopes.indexOf(scope) === -1)\n if (additionalScope) {\n logger.error(`additional scope(${additionalScope}) required`)\n return false\n }\n\n const roles = await getRepository(Role).findBy({\n name: In(scopes),\n domain\n })\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scope)\n var refreshToken: any = Application.generateRefreshToken(domain, appuser, appKey, scope)\n\n await getRepository(User).save({\n ...(appuser as any),\n roles,\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer'\n }\n ]\n })\n)\n"]}
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.Strategy = void 0;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const passport_1 = tslib_1.__importDefault(require("passport"));
|
|
6
|
+
const util_1 = tslib_1.__importDefault(require("util"));
|
|
9
7
|
/**
|
|
10
8
|
* `Oauth2ClientPasswordStrategy` constructor.
|
|
11
9
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"passport-oauth2-client-password.js","sourceRoot":"","sources":["../../../server/router/oauth2/passport-oauth2-client-password.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"passport-oauth2-client-password.js","sourceRoot":"","sources":["../../../server/router/oauth2/passport-oauth2-client-password.ts"],"names":[],"mappings":";;;;AAAA,gEAA+B;AAC/B,wDAAuB;AAEvB;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM;IACtC,IAAI,OAAO,OAAO,IAAI,UAAU,EAAE;QAChC,MAAM,GAAG,OAAO,CAAA;QAChB,OAAO,GAAG,EAAE,CAAA;KACb;IACD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;IAE7F,kBAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC5B,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAA;IACpC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAA;AACrD,CAAC;AAXD,4BAWC;AAED;;GAEG;AACH,cAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,kBAAQ,CAAC,QAAQ,CAAC,CAAA;AAE1C,SAAS,oBAAoB,CAAC,aAAa,GAAG,EAAE;IAC9C,IAAI,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACpB,OAAM;KACP;IAED,IAAI,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACrB,IAAI,WAAW,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEtE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QAC1B,OAAM;KACP;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC1B,OAAM;KACP;IAED,IAAI,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;QAC9B,OAAM;KACP;IAED,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;AACjC,CAAC;AAED;;;;;GAKG;AACH,QAAQ,CAAC,SAAS,CAAC,YAAY,GAAG,UAAU,GAAG;IAC7C,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAA;IACvF,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YACrE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;SACnB;QAED,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAChC,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;KACzC;IAED,IAAI,IAAI,GAAG,IAAI,CAAA;IAEf,SAAS,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI;QACjC,IAAI,GAAG,EAAE;YACP,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;SACvB;QACD,IAAI,CAAC,MAAM,EAAE;YACX,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;SACnB;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC5B,CAAC;IAED,IAAI,IAAI,CAAC,kBAAkB,EAAE;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;KACpD;SAAM;QACL,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;KAC/C;AACH,CAAC,CAAA","sourcesContent":["import passport from 'passport'\nimport util from 'util'\n\n/**\n * `Oauth2ClientPasswordStrategy` constructor.\n *\n * @api protected\n * Basic Authorization Header와 Body 형식을 모두 지원한다.\n */\nexport function Strategy(options, verify) {\n if (typeof options == 'function') {\n verify = options\n options = {}\n }\n if (!verify) throw new Error('OAuth 2.0 client password strategy requires a verify function')\n\n passport.Strategy.call(this)\n this.name = 'oauth2-client-password'\n this._verify = verify\n this._passReqToCallback = options.passReqToCallback\n}\n\n/**\n * Inherit from `passport.Strategy`.\n */\nutil.inherits(Strategy, passport.Strategy)\n\nfunction fetchBasicCredential(authorization = '') {\n var parts = authorization.split(' ')\n if (parts.length < 2) {\n return\n }\n\n var scheme = parts[0]\n var credentials = new Buffer(parts[1], 'base64').toString().split(':')\n\n if (!/Basic/i.test(scheme)) {\n return\n }\n if (credentials.length < 2) {\n return\n }\n\n var clientId = credentials[0]\n var clientSecret = credentials[1]\n if (!clientId || !clientSecret) {\n return\n }\n\n return [clientId, clientSecret]\n}\n\n/**\n * Authenticate request based on client credentials in the request body.\n *\n * @param {Object} req\n * @api protected\n */\nStrategy.prototype.authenticate = function (req) {\n var [clientId, clientSecret] = fetchBasicCredential(req.headers['authorization']) || []\n if (!clientId) {\n if (!req.body || !req.body['client_id'] || !req.body['client_secret']) {\n return this.fail()\n }\n\n clientId = req.body['client_id']\n clientSecret = req.body['client_secret']\n }\n\n var self = this\n\n function verified(err, client, info) {\n if (err) {\n return self.error(err)\n }\n if (!client) {\n return self.fail()\n }\n self.success(client, info)\n }\n\n if (self._passReqToCallback) {\n this._verify(req, clientId, clientSecret, verified)\n } else {\n this._verify(clientId, clientSecret, verified)\n }\n}\n"]}
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.Strategy = void 0;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const passport_1 = tslib_1.__importDefault(require("passport"));
|
|
6
|
+
const util_1 = tslib_1.__importDefault(require("util"));
|
|
9
7
|
/**
|
|
10
8
|
* `PassportRefreshTokenStrategy` constructor.
|
|
11
9
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"passport-refresh-token.js","sourceRoot":"","sources":["../../../server/router/oauth2/passport-refresh-token.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"passport-refresh-token.js","sourceRoot":"","sources":["../../../server/router/oauth2/passport-refresh-token.ts"],"names":[],"mappings":";;;;AAAA,gEAA+B;AAC/B,wDAAuB;AAEvB;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM;IACtC,IAAI,OAAO,OAAO,IAAI,UAAU,EAAE;QAChC,MAAM,GAAG,OAAO,CAAA;QAChB,OAAO,GAAG,EAAE,CAAA;KACb;IACD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAA;IAE3F,kBAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC5B,IAAI,CAAC,IAAI,GAAG,eAAe,CAAA;IAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAA;AACrD,CAAC;AAXD,4BAWC;AAED;;GAEG;AACH,cAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,kBAAQ,CAAC,QAAQ,CAAC,CAAA;AAE1C,SAAS,oBAAoB,CAAC,aAAa,GAAG,EAAE;IAC9C,IAAI,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACpB,OAAM;KACP;IAED,IAAI,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACrB,IAAI,WAAW,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEtE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QAC1B,OAAM;KACP;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC1B,OAAM;KACP;IAED,IAAI,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;QAC9B,OAAM;KACP;IAED,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;AACjC,CAAC;AAED;;;;;GAKG;AACH,QAAQ,CAAC,SAAS,CAAC,YAAY,GAAG,UAAU,GAAG;IAC7C,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAA;IACvF,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YACrE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;SACnB;QAED,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAChC,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;KACzC;IAED,IAAI,IAAI,GAAG,IAAI,CAAA;IAEf,SAAS,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI;QACjC,IAAI,GAAG,EAAE;YACP,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;SACvB;QACD,IAAI,CAAC,MAAM,EAAE;YACX,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;SACnB;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC5B,CAAC;IAED,IAAI,IAAI,CAAC,kBAAkB,EAAE;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;KACpD;SAAM;QACL,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;KAC/C;AACH,CAAC,CAAA","sourcesContent":["import passport from 'passport'\nimport util from 'util'\n\n/**\n * `PassportRefreshTokenStrategy` constructor.\n *\n * @api protected\n * Basic Authorization Header와 Body 형식을 모두 지원한다.\n */\nexport function Strategy(options, verify) {\n if (typeof options == 'function') {\n verify = options\n options = {}\n }\n if (!verify) throw new Error('OAuth 2.0 refresh-token strategy requires a verify function')\n\n passport.Strategy.call(this)\n this.name = 'refresh-token'\n this._verify = verify\n this._passReqToCallback = options.passReqToCallback\n}\n\n/**\n * Inherit from `passport.Strategy`.\n */\nutil.inherits(Strategy, passport.Strategy)\n\nfunction fetchBasicCredential(authorization = '') {\n var parts = authorization.split(' ')\n if (parts.length < 2) {\n return\n }\n\n var scheme = parts[0]\n var credentials = new Buffer(parts[1], 'base64').toString().split(':')\n\n if (!/Basic/i.test(scheme)) {\n return\n }\n if (credentials.length < 2) {\n return\n }\n\n var clientId = credentials[0]\n var clientSecret = credentials[1]\n if (!clientId || !clientSecret) {\n return\n }\n\n return [clientId, clientSecret]\n}\n\n/**\n * Authenticate request based on client credentials in the request body.\n *\n * @param {Object} req\n * @api protected\n */\nStrategy.prototype.authenticate = function (req) {\n var [clientId, clientSecret] = fetchBasicCredential(req.headers['authorization']) || []\n if (!clientId) {\n if (!req.body || !req.body['client_id'] || !req.body['client_secret']) {\n return this.fail()\n }\n\n clientId = req.body['client_id']\n clientSecret = req.body['client_secret']\n }\n\n var self = this\n\n function verified(err, client, info) {\n if (err) {\n return self.error(err)\n }\n if (!client) {\n return self.fail()\n }\n self.success(client, info)\n }\n\n if (self._passReqToCallback) {\n this._verify(req, clientId, clientSecret, verified)\n } else {\n this._verify(clientId, clientSecret, verified)\n }\n}\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const pathBaseDomainRouter: any;
|
|
@@ -1,15 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.pathBaseDomainRouter = void 0;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const koa_router_1 = tslib_1.__importDefault(require("koa-router"));
|
|
9
6
|
exports.pathBaseDomainRouter = new koa_router_1.default();
|
|
10
7
|
/* browser history fallback 을 위한 라우터. */
|
|
11
8
|
exports.pathBaseDomainRouter.get('/(.*)', async (context, next) => {
|
|
12
|
-
debug('get:/(.*)', context.path);
|
|
13
9
|
await next();
|
|
14
10
|
});
|
|
15
11
|
//# sourceMappingURL=path-base-domain-router.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path-base-domain-router.js","sourceRoot":"","sources":["../../server/router/path-base-domain-router.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"path-base-domain-router.js","sourceRoot":"","sources":["../../server/router/path-base-domain-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAElB,QAAA,oBAAoB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEhD,wCAAwC;AACxC,4BAAoB,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACxD,MAAM,IAAI,EAAE,CAAA;AACd,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nexport const pathBaseDomainRouter = new Router()\n\n/* browser history fallback 을 위한 라우터. */\npathBaseDomainRouter.get('/(.*)', async (context, next) => {\n await next()\n})\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const siteRootRouter: any;
|
|
@@ -1,15 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.siteRootRouter = void 0;
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const koa_router_1 = tslib_1.__importDefault(require("koa-router"));
|
|
6
|
+
const passport_1 = tslib_1.__importDefault(require("passport"));
|
|
7
7
|
const shell_1 = require("@things-factory/shell");
|
|
8
|
-
const koa_router_1 = __importDefault(require("koa-router"));
|
|
9
|
-
const passport_1 = __importDefault(require("passport"));
|
|
10
8
|
const user_1 = require("../service/user/user");
|
|
11
9
|
const get_user_domains_1 = require("../utils/get-user-domains");
|
|
12
|
-
const debug = require('debug')('things-factory:auth-base:site-root-router');
|
|
13
10
|
exports.siteRootRouter = new koa_router_1.default();
|
|
14
11
|
async function findAuth(context, next) {
|
|
15
12
|
return await passport_1.default.authenticate('jwt', { session: false }, async (err, decoded, info) => {
|
|
@@ -18,28 +15,22 @@ async function findAuth(context, next) {
|
|
|
18
15
|
const user = await user_1.User.checkAuth(decoded);
|
|
19
16
|
context.state.user = user;
|
|
20
17
|
}
|
|
21
|
-
catch (e) {
|
|
22
|
-
debug('not signed in', e);
|
|
23
|
-
}
|
|
18
|
+
catch (e) { }
|
|
24
19
|
}
|
|
25
20
|
await next();
|
|
26
21
|
})(context, next);
|
|
27
22
|
}
|
|
28
23
|
exports.siteRootRouter.get('/', findAuth, shell_1.domainMiddleware, async (context, next) => {
|
|
29
24
|
const { user, domain } = context.state;
|
|
30
|
-
debug('get:/', user === null || user === void 0 ? void 0 : user.email, domain === null || domain === void 0 ? void 0 : domain.subdomain);
|
|
31
25
|
const subdomain = domain === null || domain === void 0 ? void 0 : domain.subdomain;
|
|
32
26
|
if (user && subdomain) {
|
|
33
27
|
const userDomains = await (0, get_user_domains_1.getUserDomains)(user);
|
|
34
28
|
if (userDomains.find(userDomain => userDomain.subdomain == subdomain)) {
|
|
35
|
-
debug('get:/', user.email, subdomain, 'user have access right to the subdomain. so, redirect to business-home');
|
|
36
29
|
return await next();
|
|
37
30
|
}
|
|
38
|
-
debug('get:/', user.email, subdomain, "user doesn't have access right to the subdomain. so, redirect to checkin");
|
|
39
31
|
return context.redirect(`/auth/checkin/${subdomain}`);
|
|
40
32
|
}
|
|
41
33
|
if (user && !subdomain) {
|
|
42
|
-
debug('get:/', user === null || user === void 0 ? void 0 : user.email, 'redirect to checkin');
|
|
43
34
|
context.redirect('/auth/checkin');
|
|
44
35
|
return;
|
|
45
36
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"site-root-router.js","sourceRoot":"","sources":["../../server/router/site-root-router.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"site-root-router.js","sourceRoot":"","sources":["../../server/router/site-root-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAC/B,gEAA+B;AAE/B,iDAAgE;AAEhE,+CAA2C;AAC3C,gEAA0D;AAE7C,QAAA,cAAc,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE1C,KAAK,UAAU,QAAQ,CAAC,OAAO,EAAE,IAAI;IACnC,OAAO,MAAM,kBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,OAAO,EAAE;YACX,IAAI;gBACF,MAAM,IAAI,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;gBAC1C,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;aAC1B;YAAC,OAAO,CAAC,EAAE,GAAE;SACf;QAED,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAED,sBAAc,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,EAAE,wBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC1E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,SAAS,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA;IAEnC,IAAI,IAAI,IAAI,SAAS,EAAE;QACrB,MAAM,WAAW,GAAa,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;QACxD,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE;YACrE,OAAO,MAAM,IAAI,EAAE,CAAA;SACpB;QAED,OAAO,OAAO,CAAC,QAAQ,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAA;KACtD;IAED,IAAI,IAAI,IAAI,CAAC,SAAS,EAAE;QACtB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;QAEjC,OAAM;KACP;IAED,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;AAClC,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\nimport passport from 'passport'\n\nimport { Domain, domainMiddleware } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nexport const siteRootRouter = new Router()\n\nasync function findAuth(context, next) {\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (decoded) {\n try {\n const user = await User.checkAuth(decoded)\n context.state.user = user\n } catch (e) {}\n }\n\n await next()\n })(context, next)\n}\n\nsiteRootRouter.get('/', findAuth, domainMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const subdomain = domain?.subdomain\n\n if (user && subdomain) {\n const userDomains: Domain[] = await getUserDomains(user)\n if (userDomains.find(userDomain => userDomain.subdomain == subdomain)) {\n return await next()\n }\n\n return context.redirect(`/auth/checkin/${subdomain}`)\n }\n\n if (user && !subdomain) {\n context.redirect('/auth/checkin')\n\n return\n }\n\n context.redirect('/public/home')\n})\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|