npm - @things-factory/auth-base - Versions diffs - 6.1.186 → 6.1.191 - Mend

@things-factory/auth-base 6.1.186 → 6.1.191

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/dist-server/utils/encrypt-state.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare function encryptState(text: string): string;
2	+ export declare function decryptState(text: string): string;

package/dist-server/utils/encrypt-state.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decryptState = exports.encryptState = void 0;
+const tslib_1 = require("tslib");
+const crypto_1 = tslib_1.__importDefault(require("crypto"));
+/* only for short-term life state encryption */
+const KEY = crypto_1.default.randomBytes(32);
+function encryptState(text) {
+    const iv = crypto_1.default.randomBytes(16);
+    const cipher = crypto_1.default.createCipheriv('aes-256-cbc', Buffer.from(KEY), iv);
+    const encrypted = cipher.update(text);
+    return iv.toString('hex') + ':' + Buffer.concat([encrypted, cipher.final()]).toString('hex');
+}
+exports.encryptState = encryptState;
+function decryptState(text) {
+    const textParts = text.split(':');
+    const iv = Buffer.from(textParts.shift(), 'hex');
+    const encryptedText = Buffer.from(textParts.join(':'), 'hex');
+    const decipher = crypto_1.default.createDecipheriv('aes-256-cbc', Buffer.from(KEY), iv);
+    const decrypted = decipher.update(encryptedText);
+    return Buffer.concat([decrypted, decipher.final()]).toString();
+}
+exports.decryptState = decryptState;
+//# sourceMappingURL=encrypt-state.js.map

package/dist-server/utils/encrypt-state.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encrypt-state.js","sourceRoot":"","sources":["../../server/utils/encrypt-state.ts"],"names":[],"mappings":";;;;AAAA,4DAA2B;AAE3B,+CAA+C;AAC/C,MAAM,GAAG,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;AAElC,SAAgB,YAAY,CAAC,IAAY;IACvC,MAAM,EAAE,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,MAAM,GAAG,gBAAM,CAAC,cAAc,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAA;IACzE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAErC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC9F,CAAC;AAND,oCAMC;AAED,SAAgB,YAAY,CAAC,IAAY;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAA;IAChD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAA;IAC7D,MAAM,QAAQ,GAAG,gBAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAA;IAC7E,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhD,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;AAChE,CAAC;AARD,oCAQC","sourcesContent":["import crypto from 'crypto'\n\n/* only for short-term life state encryption */\nconst KEY = crypto.randomBytes(32)\n\nexport function encryptState(text: string) {\n const iv = crypto.randomBytes(16)\n const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(KEY), iv)\n const encrypted = cipher.update(text)\n\n return iv.toString('hex') + ':' + Buffer.concat([encrypted, cipher.final()]).toString('hex')\n}\n\nexport function decryptState(text: string) {\n const textParts = text.split(':')\n const iv = Buffer.from(textParts.shift(), 'hex')\n const encryptedText = Buffer.from(textParts.join(':'), 'hex')\n const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(KEY), iv)\n const decrypted = decipher.update(encryptedText)\n\n return Buffer.concat([decrypted, decipher.final()]).toString()\n}\n"]}

package/dist-server/utils/get-aes-256-key.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const AES_256_KEY: any;

package/dist-server/utils/get-aes-256-key.js ADDED Viewed

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AES_256_KEY = void 0;
+const env_1 = require("@things-factory/env");
+var _AES_256_KEY = env_1.config.get('AES_256_KEY');
+if (!_AES_256_KEY) {
+    if (process.env.NODE_ENV == 'production') {
+        throw new TypeError('AES_256_KEY not configured.');
+    }
+    else {
+        _AES_256_KEY = 'V6g5oHJZb7KcYzIyL6cM95XvIDouon5b';
+    }
+}
+exports.AES_256_KEY = _AES_256_KEY;
+//# sourceMappingURL=get-aes-256-key.js.map

package/dist-server/utils/get-aes-256-key.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"get-aes-256-key.js","sourceRoot":"","sources":["../../server/utils/get-aes-256-key.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAE5C,IAAI,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;AAE5C,IAAI,CAAC,YAAY,EAAE;IACjB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,EAAE;QACxC,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,CAAA;KACnD;SAAM;QACL,YAAY,GAAG,kCAAkC,CAAA;KAClD;CACF;AAEY,QAAA,WAAW,GAAG,YAAY,CAAA","sourcesContent":["import { config } from '@things-factory/env'\n\nvar _AES_256_KEY = config.get('AES_256_KEY')\n\nif (!_AES_256_KEY) {\n if (process.env.NODE_ENV == 'production') {\n throw new TypeError('AES_256_KEY not configured.')\n } else {\n _AES_256_KEY = 'V6g5oHJZb7KcYzIyL6cM95XvIDouon5b'\n }\n}\n\nexport const AES_256_KEY = _AES_256_KEY\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "6.1.186",
+  "version": "6.1.191",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -30,10 +30,10 @@
     "migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
   },
   "dependencies": {
-    "@things-factory/email-base": "^6.1.186",
+    "@things-factory/email-base": "^6.1.191",
     "@things-factory/env": "^6.1.175",
-    "@things-factory/i18n-base": "^6.1.186",
-    "@things-factory/shell": "^6.1.186",
+    "@things-factory/i18n-base": "^6.1.191",
+    "@things-factory/shell": "^6.1.191",
     "@things-factory/utils": "^6.1.186",
     "jsonwebtoken": "^9.0.0",
     "koa-passport": "^6.0.0",
@@ -42,5 +42,5 @@
     "passport-jwt": "^4.0.0",
     "passport-local": "^1.0.0"
   },
-  "gitHead": "ddf508496cdd7d4b9d0e020703a2f7a586a42ec5"
+  "gitHead": "b6dfc909644710c546e38bfc0c49c3d72d528de1"
 }

package/server/index.ts CHANGED Viewed

@@ -15,6 +15,7 @@ export * from './utils/get-user-domains'
 export * from './utils/get-secret'
 export * from './utils/check-user-belongs-domain'
 export * from './utils/access-token-cookie'
+export * from './utils/encrypt-state'
 export * from './errors'
 export * from './types'

package/server/service/auth-provider/auth-provider-mutation.ts CHANGED Viewed

@@ -80,14 +80,14 @@ export class AuthProviderMutation {
     if (_updateRecords.length > 0) {
       for (let i = 0; i < _updateRecords.length; i++) {
-        const newRecord = _updateRecords[i]
+        const updatedRecord = _updateRecords[i]
         const authProvider = await tx.getRepository(AuthProvider).findOne({
-          where: { domain: { id: domain.id }, id: newRecord.id }
+          where: { domain: { id: domain.id }, id: updatedRecord.id }
         })
         const result = await tx.getRepository(AuthProvider).save({
           ...authProvider,
-          ...newRecord,
+          ...updatedRecord,
           updater: user
         })

package/server/service/auth-provider/auth-provider-query.ts CHANGED Viewed

@@ -40,6 +40,34 @@ export class AuthProviderQuery {
     return { items, total }
   }
+  @FieldResolver(type => String)
+  clientSecret(@Root() authProvider: AuthProvider): string {
+    const clientSecret = authProvider.clientSecret
+    if (!clientSecret || clientSecret.length <= 2) {
+      return clientSecret // 입력 문자열의 길이가 2 이하인 경우 그대로 반환
+    }
+    const firstChar = clientSecret.charAt(0)
+    const lastChar = clientSecret.charAt(clientSecret.length - 1)
+    const maskedPart = '*'.repeat(clientSecret.length - 2)
+    return firstChar + maskedPart + lastChar
+  }
+  @FieldResolver(type => String)
+  privateKey(@Root() authProvider: AuthProvider): string {
+    const privateKey = authProvider.privateKey
+    if (!privateKey || privateKey.length <= 2) {
+      return privateKey // 입력 문자열의 길이가 2 이하인 경우 그대로 반환
+    }
+    const firstChar = privateKey.charAt(0)
+    const lastChar = privateKey.charAt(privateKey.length - 1)
+    const maskedPart = '*'.repeat(privateKey.length - 2)
+    return firstChar + maskedPart + lastChar
+  }
   @FieldResolver(type => Domain)
   async domain(@Root() authProvider: AuthProvider): Promise<Domain> {
     return authProvider.domainId && (await getRepository(Domain).findOneBy({ id: authProvider.domainId }))

package/server/service/auth-provider/auth-provider-type.ts CHANGED Viewed

@@ -24,6 +24,9 @@ export class NewAuthProvider {
   @Field({ nullable: true })
   clientSecret?: string
+  @Field({ nullable: true })
+  privateKey?: string
   @Field(type => ScalarObject, { nullable: true })
   params?: { [key: string]: any }
 }
@@ -48,6 +51,9 @@ export class AuthProviderPatch {
   @Field({ nullable: true })
   clientSecret?: string
+  @Field({ nullable: true })
+  privateKey?: string
   @Field(type => ScalarObject, { nullable: true })
   params?: { [key: string]: any }

package/server/service/auth-provider/auth-provider.ts CHANGED Viewed

@@ -13,7 +13,7 @@ import {
 } from 'typeorm'
 import { Directive, ObjectType, Field, Int, ID, registerEnumType } from 'type-graphql'
-import { Domain, ScalarObject } from '@things-factory/shell'
+import { Domain, ScalarObject, encryptTransformer } from '@things-factory/shell'
 import { User } from '../user/user'
 import { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'
 import { AuthProviderParameterSpec } from './auth-provider-parameter-spec'
@@ -104,10 +104,15 @@ export class AuthProvider {
   clientId?: string
   @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
-  @Column({ nullable: true })
+  @Column({ nullable: true, transformer: encryptTransformer })
   @Field({ nullable: true })
   clientSecret?: string
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true, transformer: encryptTransformer })
+  @Field({ nullable: true })
+  privateKey?: string
   @Column('simple-json', { nullable: true })
   @Field(type => ScalarObject, { nullable: true })
   params?: { [key: string]: any }

package/server/utils/encrypt-state.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import crypto from 'crypto'
+/* only for short-term life state encryption */
+const KEY = crypto.randomBytes(32)
+export function encryptState(text: string) {
+  const iv = crypto.randomBytes(16)
+  const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(KEY), iv)
+  const encrypted = cipher.update(text)
+  return iv.toString('hex') + ':' + Buffer.concat([encrypted, cipher.final()]).toString('hex')
+}
+export function decryptState(text: string) {
+  const textParts = text.split(':')
+  const iv = Buffer.from(textParts.shift(), 'hex')
+  const encryptedText = Buffer.from(textParts.join(':'), 'hex')
+  const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(KEY), iv)
+  const decrypted = decipher.update(encryptedText)
+  return Buffer.concat([decrypted, decipher.final()]).toString()
+}

package/server/utils/get-aes-256-key.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { config } from '@things-factory/env'
+var _AES_256_KEY = config.get('AES_256_KEY')
+if (!_AES_256_KEY) {
+  if (process.env.NODE_ENV == 'production') {
+    throw new TypeError('AES_256_KEY not configured.')
+  } else {
+    _AES_256_KEY = 'V6g5oHJZb7KcYzIyL6cM95XvIDouon5b'
+  }
+}
+export const AES_256_KEY = _AES_256_KEY