@things-factory/auth-base 6.1.171 → 6.1.174
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config.production.js +3 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/middlewares/index.js +26 -11
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +3 -4
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +3 -3
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/router/oauth2/passport-oauth2-client-password.js +3 -3
- package/dist-server/router/oauth2/passport-oauth2-client-password.js.map +1 -1
- package/dist-server/router/oauth2/passport-refresh-token.js +3 -3
- package/dist-server/router/oauth2/passport-refresh-token.js.map +1 -1
- package/dist-server/router/site-root-router.js +2 -2
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/routes.js +10 -6
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/user/user.d.ts +1 -0
- package/dist-server/service/user/user.js +45 -0
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +9 -10
- package/server/middlewares/index.ts +38 -15
- package/server/middlewares/jwt-authenticate-middleware.ts +1 -2
- package/server/middlewares/signin-middleware.ts +1 -1
- package/server/router/oauth2/passport-oauth2-client-password.ts +1 -1
- package/server/router/oauth2/passport-refresh-token.ts +1 -1
- package/server/router/site-root-router.ts +1 -1
- package/server/routes.ts +15 -7
- package/server/service/user/user.ts +50 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "6.1.
|
|
3
|
+
"version": "6.1.174",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -30,18 +30,17 @@
|
|
|
30
30
|
"migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@things-factory/email-base": "^6.1.
|
|
34
|
-
"@things-factory/env": "^6.1.
|
|
35
|
-
"@things-factory/i18n-base": "^6.1.
|
|
36
|
-
"@things-factory/shell": "^6.1.
|
|
37
|
-
"@things-factory/utils": "^6.1.
|
|
33
|
+
"@things-factory/email-base": "^6.1.174",
|
|
34
|
+
"@things-factory/env": "^6.1.174",
|
|
35
|
+
"@things-factory/i18n-base": "^6.1.174",
|
|
36
|
+
"@things-factory/shell": "^6.1.174",
|
|
37
|
+
"@things-factory/utils": "^6.1.174",
|
|
38
38
|
"jsonwebtoken": "^9.0.0",
|
|
39
|
-
"koa-passport": "^
|
|
40
|
-
"koa-session": "^6.
|
|
39
|
+
"koa-passport": "^6.0.0",
|
|
40
|
+
"koa-session": "^6.4.0",
|
|
41
41
|
"oauth2orize-koa": "^1.3.2",
|
|
42
|
-
"passport": "^0.4.1",
|
|
43
42
|
"passport-jwt": "^4.0.0",
|
|
44
43
|
"passport-local": "^1.0.0"
|
|
45
44
|
},
|
|
46
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "582dea90062d7298e39e18d3634a7ac3c3a56310"
|
|
47
46
|
}
|
|
@@ -1,19 +1,56 @@
|
|
|
1
|
+
import session from 'koa-session'
|
|
1
2
|
import passport from 'koa-passport'
|
|
2
3
|
|
|
4
|
+
import { config } from '@things-factory/env'
|
|
5
|
+
import { SECRET } from '../utils/get-secret'
|
|
6
|
+
|
|
3
7
|
import { authenticate401Middleware } from './authenticate-401-middleware'
|
|
4
8
|
import { domainAuthenticateMiddleware } from './domain-authenticate-middleware'
|
|
5
9
|
import { graphqlAuthenticateMiddleware } from './graphql-authenticate-middleware'
|
|
6
10
|
import { jwtAuthenticateMiddleware } from './jwt-authenticate-middleware'
|
|
7
11
|
|
|
12
|
+
import { User } from '../service/user/user'
|
|
13
|
+
import { MAX_AGE } from '../constants/max-age'
|
|
14
|
+
|
|
15
|
+
const accessTokenCookieKey = config.get('accessTokenCookieKey', 'access_token')
|
|
16
|
+
|
|
8
17
|
export function initMiddlewares(app: any) {
|
|
18
|
+
/* oauth2orize-koa 에서 oauth 트랜잭션 관리를 위해서 session을 사용함. */
|
|
19
|
+
app.keys = [SECRET]
|
|
20
|
+
app.use(
|
|
21
|
+
session(
|
|
22
|
+
{
|
|
23
|
+
key: accessTokenCookieKey,
|
|
24
|
+
maxAge: MAX_AGE,
|
|
25
|
+
overwrite: true,
|
|
26
|
+
httpOnly: true,
|
|
27
|
+
signed: true,
|
|
28
|
+
rolling: false,
|
|
29
|
+
renew: false
|
|
30
|
+
},
|
|
31
|
+
app
|
|
32
|
+
)
|
|
33
|
+
)
|
|
34
|
+
|
|
35
|
+
passport.serializeUser((profile, done) => {
|
|
36
|
+
done(null, profile)
|
|
37
|
+
})
|
|
38
|
+
|
|
39
|
+
passport.deserializeUser(async (profile, done) => {
|
|
40
|
+
done(null, await User.checkAuth(profile))
|
|
41
|
+
})
|
|
42
|
+
|
|
9
43
|
/* passport initialize */
|
|
10
44
|
app.use(passport.initialize())
|
|
11
45
|
|
|
46
|
+
/* passport use session - for oauth transaction */
|
|
47
|
+
app.use(passport.session())
|
|
48
|
+
|
|
12
49
|
/* authentication error handling */
|
|
13
50
|
app.use(authenticate401Middleware)
|
|
14
51
|
|
|
15
52
|
/*
|
|
16
|
-
* post:graphql 에 대해서는
|
|
53
|
+
* post:graphql 에 대해서는 graphqlAuthenticationMiddleware를 적용한다.
|
|
17
54
|
* graphql app을 router에 적용하지 못하기 때문임.
|
|
18
55
|
*/
|
|
19
56
|
app.use(graphqlAuthenticateMiddleware)
|
|
@@ -21,20 +58,6 @@ export function initMiddlewares(app: any) {
|
|
|
21
58
|
|
|
22
59
|
process.on('bootstrap-module-subscription' as any, (app, subscriptionMiddleware) => {
|
|
23
60
|
subscriptionMiddleware.push(jwtAuthenticateMiddleware, domainAuthenticateMiddleware)
|
|
24
|
-
|
|
25
|
-
// subscriptionMiddleware.push(jwtAuthenticateMiddleware, async (context, next) => {
|
|
26
|
-
// const { domain, user } = context.state
|
|
27
|
-
|
|
28
|
-
// if (domain && !user.domains.find(d => d.subdomain === domain.subdomain)) {
|
|
29
|
-
// let message = `subdomain '${domain.subdomain}' is not allowed for the user`
|
|
30
|
-
// debug('subscription', message)
|
|
31
|
-
// context.throw(401, message)
|
|
32
|
-
// }
|
|
33
|
-
|
|
34
|
-
// debug('subscription', user.email, domain?.subdomain)
|
|
35
|
-
|
|
36
|
-
// await next()
|
|
37
|
-
// })
|
|
38
61
|
})
|
|
39
62
|
|
|
40
63
|
export * from './jwt-authenticate-middleware'
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import passport from 'passport'
|
|
1
|
+
import passport from 'koa-passport'
|
|
2
2
|
import { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'
|
|
3
3
|
|
|
4
4
|
import { makeVerificationToken } from '../controllers/utils/make-verification-token'
|
|
@@ -47,7 +47,6 @@ export async function jwtAuthenticateMiddleware(context, next) {
|
|
|
47
47
|
if (err || !decoded) {
|
|
48
48
|
const e = (context.state.error = err || info)
|
|
49
49
|
|
|
50
|
-
// TODO cookie 가 authenticate에 적용된 상황에서 오류가 발생한 경우만, 쿠키를 클리어한다.
|
|
51
50
|
clearAccessTokenCookie(context)
|
|
52
51
|
|
|
53
52
|
context.throw(401, e.message)
|
package/server/routes.ts
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import session from 'koa-session'
|
|
2
|
-
|
|
3
1
|
import { config } from '@things-factory/env'
|
|
4
2
|
|
|
5
3
|
import { domainAuthenticateMiddleware, jwtAuthenticateMiddleware } from './middlewares'
|
|
@@ -14,13 +12,27 @@ import {
|
|
|
14
12
|
pathBaseDomainRouter,
|
|
15
13
|
siteRootRouter
|
|
16
14
|
} from './router'
|
|
17
|
-
|
|
15
|
+
|
|
16
|
+
import { setAccessTokenCookie } from './utils/access-token-cookie'
|
|
17
|
+
import { User } from './service/user/user'
|
|
18
18
|
|
|
19
19
|
const isPathBaseDomain = !config.get('subdomain') && !config.get('useVirtualHostBasedDomain')
|
|
20
20
|
|
|
21
21
|
process.on('bootstrap-module-global-public-route' as any, (app, globalPublicRouter) => {
|
|
22
22
|
globalPublicRouter.use(siteRootRouter.routes(), siteRootRouter.allowedMethods())
|
|
23
23
|
globalPublicRouter.use(authPublicProcessRouter.routes(), authPublicProcessRouter.allowedMethods())
|
|
24
|
+
|
|
25
|
+
/* ssoMiddleware가 정의되어있다면, /auth/sso-signin 패스를 활성화한다. */
|
|
26
|
+
if (app.ssoMiddlewares.length > 0) {
|
|
27
|
+
authSigninRouter.get('/auth/sso-signin', app.ssoMiddlewares[0], async context => {
|
|
28
|
+
const { user } = context.state
|
|
29
|
+
|
|
30
|
+
const token = user.sign()
|
|
31
|
+
setAccessTokenCookie(context, token)
|
|
32
|
+
|
|
33
|
+
context.redirect('/auth/checkin')
|
|
34
|
+
})
|
|
35
|
+
}
|
|
24
36
|
})
|
|
25
37
|
|
|
26
38
|
process.on('bootstrap-module-global-private-route' as any, (app, globalPrivateRouter) => {
|
|
@@ -36,10 +48,6 @@ process.on('bootstrap-module-domain-public-route' as any, (app, domainPublicRout
|
|
|
36
48
|
domainPublicRouter.use(authSigninRouter.routes(), authSigninRouter.allowedMethods())
|
|
37
49
|
domainPublicRouter.use(authSignupRouter.routes(), authSignupRouter.allowedMethods())
|
|
38
50
|
|
|
39
|
-
/* oauth2orize-koa 에서 oauth 트랜잭션 관리를 위해서 session을 사용함. */
|
|
40
|
-
app.keys = [SECRET]
|
|
41
|
-
app.use(session(app))
|
|
42
|
-
|
|
43
51
|
/* path '/admin/oauth/...' is deprecated. should use path '/oauth/...' for oauth2 related routing */
|
|
44
52
|
domainPublicRouter.use('/oauth', oauth2Router.routes(), oauth2Router.allowedMethods()) // if i use context
|
|
45
53
|
})
|
|
@@ -205,7 +205,57 @@ export class User {
|
|
|
205
205
|
)
|
|
206
206
|
}
|
|
207
207
|
|
|
208
|
+
static async checkAuthWithEmail(decoded) {
|
|
209
|
+
if (!decoded?.email) {
|
|
210
|
+
throw new AuthError({
|
|
211
|
+
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
212
|
+
})
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
const repository = getRepository(User)
|
|
216
|
+
var user = await repository.findOne({
|
|
217
|
+
where: { email: decoded.email },
|
|
218
|
+
relations: ['domains'],
|
|
219
|
+
cache: true
|
|
220
|
+
})
|
|
221
|
+
|
|
222
|
+
if (!user)
|
|
223
|
+
throw new AuthError({
|
|
224
|
+
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
225
|
+
})
|
|
226
|
+
else {
|
|
227
|
+
switch (user.status) {
|
|
228
|
+
case UserStatus.INACTIVE:
|
|
229
|
+
throw new AuthError({
|
|
230
|
+
errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
|
|
231
|
+
detail: {
|
|
232
|
+
email: user.email
|
|
233
|
+
}
|
|
234
|
+
})
|
|
235
|
+
case UserStatus.LOCKED:
|
|
236
|
+
throw new AuthError({
|
|
237
|
+
errorCode: AuthError.ERROR_CODES.USER_LOCKED,
|
|
238
|
+
detail: {
|
|
239
|
+
email: user.email
|
|
240
|
+
}
|
|
241
|
+
})
|
|
242
|
+
case UserStatus.DELETED:
|
|
243
|
+
throw new AuthError({
|
|
244
|
+
errorCode: AuthError.ERROR_CODES.USER_DELETED
|
|
245
|
+
})
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
return user
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
|
|
208
252
|
static async checkAuth(decoded) {
|
|
253
|
+
if (decoded?.id === undefined) {
|
|
254
|
+
throw new AuthError({
|
|
255
|
+
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
256
|
+
})
|
|
257
|
+
}
|
|
258
|
+
|
|
209
259
|
const repository = getRepository(User)
|
|
210
260
|
var user = await repository.findOne({
|
|
211
261
|
where: { id: decoded.id },
|