@things-factory/auth-base 6.1.194 → 6.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +4 -3
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +1 -10
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.js +1 -0
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/application/application.js +1 -0
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/index.d.ts +1 -1
- package/dist-server/service/login-history/login-history.d.ts +1 -1
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +1 -1
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/user/user.d.ts +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/utils/get-user-domains.d.ts +4 -4
- package/dist-server/utils/get-user-domains.js +19 -7
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/package.json +7 -7
- package/server/controllers/checkin.ts +1 -1
- package/server/middlewares/domain-authenticate-middleware.ts +1 -1
- package/server/router/auth-checkin-router.ts +12 -6
- package/server/router/auth-private-process-router.ts +2 -11
- package/server/router/site-root-router.ts +1 -1
- package/server/service/app-binding/app-binding.ts +2 -1
- package/server/service/application/application.ts +2 -1
- package/server/service/login-history/login-history.ts +1 -1
- package/server/service/privilege/privilege-query.ts +1 -1
- package/server/utils/get-user-domains.ts +98 -74
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Domain } from '@things-factory/shell';
|
|
2
2
|
import { User } from '../service/user/user';
|
|
3
|
-
export declare function getUserDomains(user: User): Promise<Domain[]>;
|
|
4
|
-
export declare function getRoleBasedDomains(user: User): Promise<Domain[]>;
|
|
5
|
-
export declare function getDomainsWithPrivilege(user: User, privilege: string, category: string): Promise<Domain[]>;
|
|
6
|
-
export declare function getDomainsAsOwner(user: User): Promise<Domain[]>;
|
|
3
|
+
export declare function getUserDomains(user: User): Promise<Partial<Domain>[]>;
|
|
4
|
+
export declare function getRoleBasedDomains(user: User): Promise<Partial<Domain>[]>;
|
|
5
|
+
export declare function getDomainsWithPrivilege(user: User, privilege: string, category: string): Promise<Partial<Domain>[]>;
|
|
6
|
+
export declare function getDomainsAsOwner(user: User): Promise<Partial<Domain>[]>;
|
|
@@ -4,7 +4,7 @@ exports.getDomainsAsOwner = exports.getDomainsWithPrivilege = exports.getRoleBas
|
|
|
4
4
|
const shell_1 = require("@things-factory/shell");
|
|
5
5
|
const user_1 = require("../service/user/user");
|
|
6
6
|
async function getUserDomains(user) {
|
|
7
|
-
return await (0, shell_1.getRepository)(shell_1.Domain)
|
|
7
|
+
return (await (0, shell_1.getRepository)(shell_1.Domain)
|
|
8
8
|
.createQueryBuilder('DOMAIN')
|
|
9
9
|
.where(qb => {
|
|
10
10
|
const subQuery = qb
|
|
@@ -28,11 +28,14 @@ async function getUserDomains(user) {
|
|
|
28
28
|
return 'DOMAIN.id IN ' + subQuery;
|
|
29
29
|
})
|
|
30
30
|
.orderBy('DOMAIN.name', 'ASC')
|
|
31
|
-
.getMany()
|
|
31
|
+
.getMany()).map(domain => {
|
|
32
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain;
|
|
33
|
+
return { id, name, description, subdomain, extType, brandName, brandImage };
|
|
34
|
+
});
|
|
32
35
|
}
|
|
33
36
|
exports.getUserDomains = getUserDomains;
|
|
34
37
|
async function getRoleBasedDomains(user) {
|
|
35
|
-
return await (0, shell_1.getRepository)(shell_1.Domain)
|
|
38
|
+
return (await (0, shell_1.getRepository)(shell_1.Domain)
|
|
36
39
|
.createQueryBuilder('DOMAIN')
|
|
37
40
|
.where(qb => {
|
|
38
41
|
const subQuery = qb
|
|
@@ -46,11 +49,14 @@ async function getRoleBasedDomains(user) {
|
|
|
46
49
|
.getQuery();
|
|
47
50
|
return 'DOMAIN.id IN ' + subQuery;
|
|
48
51
|
})
|
|
49
|
-
.getMany()
|
|
52
|
+
.getMany()).map(domain => {
|
|
53
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain;
|
|
54
|
+
return { id, name, description, subdomain, extType, brandName, brandImage };
|
|
55
|
+
});
|
|
50
56
|
}
|
|
51
57
|
exports.getRoleBasedDomains = getRoleBasedDomains;
|
|
52
58
|
async function getDomainsWithPrivilege(user, privilege, category) {
|
|
53
|
-
return await (0, shell_1.getRepository)(shell_1.Domain)
|
|
59
|
+
return (await (0, shell_1.getRepository)(shell_1.Domain)
|
|
54
60
|
.createQueryBuilder('DOMAIN')
|
|
55
61
|
.where(qb => {
|
|
56
62
|
const subQuery = qb
|
|
@@ -77,12 +83,18 @@ async function getDomainsWithPrivilege(user, privilege, category) {
|
|
|
77
83
|
return 'DOMAIN.id IN ' + subQuery;
|
|
78
84
|
})
|
|
79
85
|
.orderBy('DOMAIN.name', 'ASC')
|
|
80
|
-
.getMany()
|
|
86
|
+
.getMany()).map(domain => {
|
|
87
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain;
|
|
88
|
+
return { id, name, description, subdomain, extType, brandName, brandImage };
|
|
89
|
+
});
|
|
81
90
|
}
|
|
82
91
|
exports.getDomainsWithPrivilege = getDomainsWithPrivilege;
|
|
83
92
|
async function getDomainsAsOwner(user) {
|
|
84
|
-
return await (0, shell_1.getRepository)(shell_1.Domain).find({
|
|
93
|
+
return (await (0, shell_1.getRepository)(shell_1.Domain).find({
|
|
85
94
|
where: { owner: user.id }
|
|
95
|
+
})).map(domain => {
|
|
96
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain;
|
|
97
|
+
return { id, name, description, subdomain, extType, brandName, brandImage };
|
|
86
98
|
});
|
|
87
99
|
}
|
|
88
100
|
exports.getDomainsAsOwner = getDomainsAsOwner;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-user-domains.js","sourceRoot":"","sources":["../../server/utils/get-user-domains.ts"],"names":[],"mappings":";;;AAEA,iDAA6D;AAE7D,+CAA2C;AAEpC,KAAK,UAAU,cAAc,CAAC,IAAU;IAC7C,OAAO,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"get-user-domains.js","sourceRoot":"","sources":["../../server/utils/get-user-domains.ts"],"names":[],"mappings":";;;AAEA,iDAA6D;AAE7D,+CAA2C;AAEpC,KAAK,UAAU,cAAc,CAAC,IAAU;IAC7C,OAAO,CACL,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC;SACxB,kBAAkB,CAAC,QAAQ,CAAC;SAC5B,KAAK,CAAC,EAAE,CAAC,EAAE;QACV,MAAM,QAAQ,GAAG,EAAE;aAChB,QAAQ,EAAE;aACV,QAAQ,CAAC,IAAI,CAAC;aACd,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,WAAI,EAAE,MAAM,CAAC;aAClB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;aAC9B,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC;aACjC,KAAK,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;aAC/C,QAAQ,EAAE,CAAA;QACb,OAAO,eAAe,GAAG,QAAQ,CAAA;IACnC,CAAC,CAAC;SACD,OAAO,CAAC,EAAE,CAAC,EAAE;QACZ,MAAM,QAAQ,GAAG,EAAE;aAChB,QAAQ,EAAE;aACV,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,cAAM,EAAE,QAAQ,CAAC;aACtB,KAAK,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;aACpD,QAAQ,EAAE,CAAA;QACb,OAAO,eAAe,GAAG,QAAQ,CAAA;IACnC,CAAC,CAAC;SACD,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC;SAC7B,OAAO,EAAE,CACb,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;QACnF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC7E,CAAC,CAAC,CAAA;AACJ,CAAC;AA/BD,wCA+BC;AAEM,KAAK,UAAU,mBAAmB,CAAC,IAAU;IAClD,OAAO,CACL,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC;SACxB,kBAAkB,CAAC,QAAQ,CAAC;SAC5B,KAAK,CAAC,EAAE,CAAC,EAAE;QACV,MAAM,QAAQ,GAAG,EAAE;aAChB,QAAQ,EAAE;aACV,QAAQ,CAAC,IAAI,CAAC;aACd,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,WAAI,EAAE,MAAM,CAAC;aAClB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;aAC9B,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC;aACjC,KAAK,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;aAC/C,QAAQ,EAAE,CAAA;QACb,OAAO,eAAe,GAAG,QAAQ,CAAA;IACnC,CAAC,CAAC;SACD,OAAO,EAAE,CACb,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;QACnF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC7E,CAAC,CAAC,CAAA;AACJ,CAAC;AArBD,kDAqBC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,IAAU,EACV,SAAiB,EACjB,QAAgB;IAEhB,OAAO,CACL,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC;SACxB,kBAAkB,CAAC,QAAQ,CAAC;SAC5B,KAAK,CAAC,EAAE,CAAC,EAAE;QACV,MAAM,QAAQ,GAAG,EAAE;aAChB,QAAQ,EAAE;aACV,QAAQ,CAAC,IAAI,CAAC;aACd,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,WAAI,EAAE,MAAM,CAAC;aAClB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;aAC9B,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC;aACjC,QAAQ,CAAC,iBAAiB,EAAE,WAAW,CAAC;aACxC,KAAK,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;aAC/C,QAAQ,CAAC,6BAA6B,EAAE,EAAE,SAAS,EAAE,CAAC;aACtD,QAAQ,CAAC,gCAAgC,EAAE,EAAE,QAAQ,EAAE,CAAC;aACxD,QAAQ,EAAE,CAAA;QACb,OAAO,eAAe,GAAG,QAAQ,CAAA;IACnC,CAAC,CAAC;SACD,OAAO,CAAC,EAAE,CAAC,EAAE;QACZ,MAAM,QAAQ,GAAG,EAAE;aAChB,QAAQ,EAAE;aACV,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,cAAM,EAAE,QAAQ,CAAC;aACtB,KAAK,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;aACpD,QAAQ,EAAE,CAAA;QACb,OAAO,eAAe,GAAG,QAAQ,CAAA;IACnC,CAAC,CAAC;SACD,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC;SAC7B,OAAO,EAAE,CACb,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;QACnF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC7E,CAAC,CAAC,CAAA;AACJ,CAAC;AAtCD,0DAsCC;AAEM,KAAK,UAAU,iBAAiB,CAAC,IAAU;IAChD,OAAO,CACL,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,IAAI,CAAC;QAC/B,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;KAC1B,CAAC,CACH,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;QACnF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC7E,CAAC,CAAC,CAAA;AACJ,CAAC;AATD,8CASC","sourcesContent":["import { In } from 'typeorm'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\n\nexport async function getUserDomains(user: User): Promise<Partial<Domain>[]> {\n return (\n await getRepository(Domain)\n .createQueryBuilder('DOMAIN')\n .where(qb => {\n const subQuery = qb\n .subQuery()\n .distinct(true)\n .select('DOMAIN.id')\n .from(User, 'USER')\n .leftJoin('USER.roles', 'ROLE')\n .leftJoin('ROLE.domain', 'DOMAIN')\n .where('USER.id = :userId', { userId: user.id })\n .getQuery()\n return 'DOMAIN.id IN ' + subQuery\n })\n .orWhere(qb => {\n const subQuery = qb\n .subQuery()\n .select('DOMAIN.id')\n .from(Domain, 'DOMAIN')\n .where('DOMAIN.owner = :userId', { userId: user.id })\n .getQuery()\n return 'DOMAIN.id IN ' + subQuery\n })\n .orderBy('DOMAIN.name', 'ASC')\n .getMany()\n ).map(domain => {\n const { id, name, description, subdomain, extType, brandName, brandImage } = domain\n return { id, name, description, subdomain, extType, brandName, brandImage }\n })\n}\n\nexport async function getRoleBasedDomains(user: User): Promise<Partial<Domain>[]> {\n return (\n await getRepository(Domain)\n .createQueryBuilder('DOMAIN')\n .where(qb => {\n const subQuery = qb\n .subQuery()\n .distinct(true)\n .select('DOMAIN.id')\n .from(User, 'USER')\n .leftJoin('USER.roles', 'ROLE')\n .leftJoin('ROLE.domain', 'DOMAIN')\n .where('USER.id = :userId', { userId: user.id })\n .getQuery()\n return 'DOMAIN.id IN ' + subQuery\n })\n .getMany()\n ).map(domain => {\n const { id, name, description, subdomain, extType, brandName, brandImage } = domain\n return { id, name, description, subdomain, extType, brandName, brandImage }\n })\n}\n\nexport async function getDomainsWithPrivilege(\n user: User,\n privilege: string,\n category: string\n): Promise<Partial<Domain>[]> {\n return (\n await getRepository(Domain)\n .createQueryBuilder('DOMAIN')\n .where(qb => {\n const subQuery = qb\n .subQuery()\n .distinct(true)\n .select('DOMAIN.id')\n .from(User, 'USER')\n .leftJoin('USER.roles', 'ROLE')\n .leftJoin('ROLE.domain', 'DOMAIN')\n .leftJoin('ROLE.privileges', 'PRIVILEGE')\n .where('USER.id = :userId', { userId: user.id })\n .andWhere('PRIVILEGE.name = :privilege', { privilege })\n .andWhere('PRIVILEGE.category = :category', { category })\n .getQuery()\n return 'DOMAIN.id IN ' + subQuery\n })\n .orWhere(qb => {\n const subQuery = qb\n .subQuery()\n .select('DOMAIN.id')\n .from(Domain, 'DOMAIN')\n .where('DOMAIN.owner = :userId', { userId: user.id })\n .getQuery()\n return 'DOMAIN.id IN ' + subQuery\n })\n .orderBy('DOMAIN.name', 'ASC')\n .getMany()\n ).map(domain => {\n const { id, name, description, subdomain, extType, brandName, brandImage } = domain\n return { id, name, description, subdomain, extType, brandName, brandImage }\n })\n}\n\nexport async function getDomainsAsOwner(user: User): Promise<Partial<Domain>[]> {\n return (\n await getRepository(Domain).find({\n where: { owner: user.id }\n })\n ).map(domain => {\n const { id, name, description, subdomain, extType, brandName, brandImage } = domain\n return { id, name, description, subdomain, extType, brandName, brandImage }\n })\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.2.0",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -30,11 +30,11 @@
|
|
|
30
30
|
"migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@things-factory/email-base": "^6.
|
|
34
|
-
"@things-factory/env": "^6.
|
|
35
|
-
"@things-factory/i18n-base": "^6.
|
|
36
|
-
"@things-factory/shell": "^6.
|
|
37
|
-
"@things-factory/utils": "^6.
|
|
33
|
+
"@things-factory/email-base": "^6.2.0",
|
|
34
|
+
"@things-factory/env": "^6.2.0",
|
|
35
|
+
"@things-factory/i18n-base": "^6.2.0",
|
|
36
|
+
"@things-factory/shell": "^6.2.0",
|
|
37
|
+
"@things-factory/utils": "^6.2.0",
|
|
38
38
|
"jsonwebtoken": "^9.0.0",
|
|
39
39
|
"koa-passport": "^6.0.0",
|
|
40
40
|
"koa-session": "^6.4.0",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"passport-jwt": "^4.0.0",
|
|
43
43
|
"passport-local": "^1.0.0"
|
|
44
44
|
},
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "2a98db1ae602fa3b2c73ffbcdd1cf3262a793d84"
|
|
46
46
|
}
|
|
@@ -6,7 +6,7 @@ import { getUserDomains } from '../utils/get-user-domains'
|
|
|
6
6
|
export async function checkin({ userId, subdomain }) {
|
|
7
7
|
const userRepo = getRepository(User)
|
|
8
8
|
const user = await userRepo.findOne({ where: { id: userId } })
|
|
9
|
-
const domains: Domain[] = await getUserDomains(user)
|
|
9
|
+
const domains: Partial<Domain>[] = await getUserDomains(user)
|
|
10
10
|
|
|
11
11
|
if (!domains?.length) {
|
|
12
12
|
return false
|
|
@@ -63,7 +63,7 @@ export async function domainAuthenticateMiddleware(context: any, next: any) {
|
|
|
63
63
|
}
|
|
64
64
|
|
|
65
65
|
// 2. 현재 subdomain 이 결정된 경우.
|
|
66
|
-
const userDomains: Domain[] = await getUserDomains(user)
|
|
66
|
+
const userDomains: Partial<Domain>[] = await getUserDomains(user)
|
|
67
67
|
if (userDomains.find(domain => domain.subdomain == subdomain) || (await process.superUserGranted(domain, user))) {
|
|
68
68
|
return await next()
|
|
69
69
|
}
|
|
@@ -19,14 +19,14 @@ authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
|
|
|
19
19
|
const { user } = context.state
|
|
20
20
|
let { subdomain } = context.params
|
|
21
21
|
|
|
22
|
-
let domains: Domain[] = await getUserDomains(user)
|
|
22
|
+
let domains: Partial<Domain>[] = await getUserDomains(user)
|
|
23
23
|
if (domainType) domains = domains.filter(d => d.extType == domainType)
|
|
24
24
|
|
|
25
25
|
if (!accepts(header.accept, ['text/html', '*/*'])) {
|
|
26
26
|
// When request expects non html response
|
|
27
27
|
try {
|
|
28
28
|
if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain
|
|
29
|
-
const checkInDomain: Domain | undefined = domains.find(
|
|
29
|
+
const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain
|
|
30
30
|
if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))
|
|
31
31
|
|
|
32
32
|
await checkIn(checkInDomain, null, context)
|
|
@@ -47,7 +47,7 @@ authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
|
|
|
47
47
|
subdomain = findSubdomainFromPath(context, redirectTo)
|
|
48
48
|
}
|
|
49
49
|
|
|
50
|
-
let checkInDomain: Domain
|
|
50
|
+
let checkInDomain: Partial<Domain>
|
|
51
51
|
if (subdomain) {
|
|
52
52
|
checkInDomain = domains.find(d => d.subdomain == subdomain)
|
|
53
53
|
if (!checkInDomain) message = t('error.domain not allowed', { subdomain })
|
|
@@ -55,13 +55,15 @@ authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
|
|
|
55
55
|
checkInDomain = domains[0]
|
|
56
56
|
}
|
|
57
57
|
|
|
58
|
-
if (checkInDomain)
|
|
58
|
+
if (checkInDomain) {
|
|
59
|
+
return await checkIn(checkInDomain, redirectTo, context)
|
|
60
|
+
}
|
|
59
61
|
|
|
60
62
|
await context.render('auth-page', {
|
|
61
63
|
pageElement: 'auth-checkin',
|
|
62
64
|
elementScript: '/auth/checkin.js',
|
|
63
65
|
data: {
|
|
64
|
-
user,
|
|
66
|
+
user: { email: user.email, locale: user.locale, name: user.name, userType: user.userType },
|
|
65
67
|
domains,
|
|
66
68
|
domainType,
|
|
67
69
|
redirectTo,
|
|
@@ -87,7 +89,11 @@ authCheckinRouter.get('/auth/domains', async context => {
|
|
|
87
89
|
context.body = domains
|
|
88
90
|
})
|
|
89
91
|
|
|
90
|
-
async function checkIn(
|
|
92
|
+
async function checkIn(
|
|
93
|
+
checkInDomain: Partial<Domain>,
|
|
94
|
+
redirectTo: string | null,
|
|
95
|
+
context: ResolverContext
|
|
96
|
+
): Promise<void> {
|
|
91
97
|
const user: User = context.state.user
|
|
92
98
|
await LoginHistory.stamp(checkInDomain, user, context.req.connection.remoteAddress)
|
|
93
99
|
|
|
@@ -68,7 +68,7 @@ authPrivateProcessRouter
|
|
|
68
68
|
.get('/profile', async (context, next) => {
|
|
69
69
|
const { domain, user } = context.state
|
|
70
70
|
|
|
71
|
-
let domains: Domain[] = await getUserDomains(user)
|
|
71
|
+
let domains: Partial<Domain>[] = await getUserDomains(user)
|
|
72
72
|
domains = domains.filter((d: Domain) => d.extType == domainType)
|
|
73
73
|
|
|
74
74
|
context.body = {
|
|
@@ -80,16 +80,7 @@ authPrivateProcessRouter
|
|
|
80
80
|
super: await process.superUserGranted(domain, user),
|
|
81
81
|
privileges: await User.getPrivilegesByDomain(user, domain)
|
|
82
82
|
},
|
|
83
|
-
domains
|
|
84
|
-
return {
|
|
85
|
-
subdomain: d.subdomain,
|
|
86
|
-
name: d.name,
|
|
87
|
-
description: d.description,
|
|
88
|
-
extType: d.extType,
|
|
89
|
-
brandName: d.brandName,
|
|
90
|
-
brandImage: d.brandImage
|
|
91
|
-
}
|
|
92
|
-
}),
|
|
83
|
+
domains,
|
|
93
84
|
domain: domain && {
|
|
94
85
|
name: domain.name,
|
|
95
86
|
subdomain: domain.subdomain
|
|
@@ -30,7 +30,7 @@ siteRootRouter.get('/', findAuth, domainMiddleware, async (context, next) => {
|
|
|
30
30
|
const subdomain = domain?.subdomain
|
|
31
31
|
|
|
32
32
|
if (user && subdomain) {
|
|
33
|
-
const userDomains: Domain[] = await getUserDomains(user)
|
|
33
|
+
const userDomains: Partial<Domain>[] = await getUserDomains(user)
|
|
34
34
|
if (userDomains.find(userDomain => userDomain.subdomain == subdomain)) {
|
|
35
35
|
return await next()
|
|
36
36
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ObjectType, Field } from 'type-graphql'
|
|
1
|
+
import { ObjectType, Field, Directive } from 'type-graphql'
|
|
2
2
|
import { Domain } from '@things-factory/shell'
|
|
3
3
|
import { Application } from '../application/application'
|
|
4
4
|
import { User, UserStatus } from '../user/user'
|
|
@@ -12,5 +12,6 @@ export class AppBinding extends User {
|
|
|
12
12
|
scope: string
|
|
13
13
|
|
|
14
14
|
@Field({ nullable: true })
|
|
15
|
+
@Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
|
|
15
16
|
refreshToken: string
|
|
16
17
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import crypto from 'crypto'
|
|
2
2
|
import jwt from 'jsonwebtoken'
|
|
3
|
-
import { Field, ID, ObjectType, registerEnumType } from 'type-graphql'
|
|
3
|
+
import { Directive, Field, ID, ObjectType, registerEnumType } from 'type-graphql'
|
|
4
4
|
import {
|
|
5
5
|
Column,
|
|
6
6
|
CreateDateColumn,
|
|
@@ -108,6 +108,7 @@ export class Application {
|
|
|
108
108
|
: 'varchar'
|
|
109
109
|
})
|
|
110
110
|
@Field({ nullable: true })
|
|
111
|
+
@Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
|
|
111
112
|
appSecret: string
|
|
112
113
|
|
|
113
114
|
@Column({
|
|
@@ -35,7 +35,7 @@ export class LoginHistory {
|
|
|
35
35
|
@Field({ nullable: true })
|
|
36
36
|
accessedAt: Date
|
|
37
37
|
|
|
38
|
-
static async stamp(accessDomain: Domain
|
|
38
|
+
static async stamp(accessDomain: Partial<Domain>, accessUser: User, accessorIp: string): Promise<void> {
|
|
39
39
|
await getRepository(LoginHistory).save({
|
|
40
40
|
accessDomain,
|
|
41
41
|
accessUser,
|
|
@@ -52,7 +52,7 @@ export class PrivilegeQuery {
|
|
|
52
52
|
@Arg('name') name: string,
|
|
53
53
|
@Arg('category') category: string,
|
|
54
54
|
@Ctx() context: ResolverContext
|
|
55
|
-
): Promise<Domain[]> {
|
|
55
|
+
): Promise<Partial<Domain>[]> {
|
|
56
56
|
const { user } = context.state
|
|
57
57
|
return await User.getDomainsWithPrivilege(name, category, user)
|
|
58
58
|
}
|
|
@@ -4,85 +4,109 @@ import { Domain, getRepository } from '@things-factory/shell'
|
|
|
4
4
|
|
|
5
5
|
import { User } from '../service/user/user'
|
|
6
6
|
|
|
7
|
-
export async function getUserDomains(user: User): Promise<Domain[]> {
|
|
8
|
-
return
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
7
|
+
export async function getUserDomains(user: User): Promise<Partial<Domain>[]> {
|
|
8
|
+
return (
|
|
9
|
+
await getRepository(Domain)
|
|
10
|
+
.createQueryBuilder('DOMAIN')
|
|
11
|
+
.where(qb => {
|
|
12
|
+
const subQuery = qb
|
|
13
|
+
.subQuery()
|
|
14
|
+
.distinct(true)
|
|
15
|
+
.select('DOMAIN.id')
|
|
16
|
+
.from(User, 'USER')
|
|
17
|
+
.leftJoin('USER.roles', 'ROLE')
|
|
18
|
+
.leftJoin('ROLE.domain', 'DOMAIN')
|
|
19
|
+
.where('USER.id = :userId', { userId: user.id })
|
|
20
|
+
.getQuery()
|
|
21
|
+
return 'DOMAIN.id IN ' + subQuery
|
|
22
|
+
})
|
|
23
|
+
.orWhere(qb => {
|
|
24
|
+
const subQuery = qb
|
|
25
|
+
.subQuery()
|
|
26
|
+
.select('DOMAIN.id')
|
|
27
|
+
.from(Domain, 'DOMAIN')
|
|
28
|
+
.where('DOMAIN.owner = :userId', { userId: user.id })
|
|
29
|
+
.getQuery()
|
|
30
|
+
return 'DOMAIN.id IN ' + subQuery
|
|
31
|
+
})
|
|
32
|
+
.orderBy('DOMAIN.name', 'ASC')
|
|
33
|
+
.getMany()
|
|
34
|
+
).map(domain => {
|
|
35
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
36
|
+
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
37
|
+
})
|
|
33
38
|
}
|
|
34
39
|
|
|
35
|
-
export async function getRoleBasedDomains(user: User): Promise<Domain[]> {
|
|
36
|
-
return
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
40
|
+
export async function getRoleBasedDomains(user: User): Promise<Partial<Domain>[]> {
|
|
41
|
+
return (
|
|
42
|
+
await getRepository(Domain)
|
|
43
|
+
.createQueryBuilder('DOMAIN')
|
|
44
|
+
.where(qb => {
|
|
45
|
+
const subQuery = qb
|
|
46
|
+
.subQuery()
|
|
47
|
+
.distinct(true)
|
|
48
|
+
.select('DOMAIN.id')
|
|
49
|
+
.from(User, 'USER')
|
|
50
|
+
.leftJoin('USER.roles', 'ROLE')
|
|
51
|
+
.leftJoin('ROLE.domain', 'DOMAIN')
|
|
52
|
+
.where('USER.id = :userId', { userId: user.id })
|
|
53
|
+
.getQuery()
|
|
54
|
+
return 'DOMAIN.id IN ' + subQuery
|
|
55
|
+
})
|
|
56
|
+
.getMany()
|
|
57
|
+
).map(domain => {
|
|
58
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
59
|
+
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
60
|
+
})
|
|
51
61
|
}
|
|
52
62
|
|
|
53
|
-
export async function getDomainsWithPrivilege(
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
63
|
+
export async function getDomainsWithPrivilege(
|
|
64
|
+
user: User,
|
|
65
|
+
privilege: string,
|
|
66
|
+
category: string
|
|
67
|
+
): Promise<Partial<Domain>[]> {
|
|
68
|
+
return (
|
|
69
|
+
await getRepository(Domain)
|
|
70
|
+
.createQueryBuilder('DOMAIN')
|
|
71
|
+
.where(qb => {
|
|
72
|
+
const subQuery = qb
|
|
73
|
+
.subQuery()
|
|
74
|
+
.distinct(true)
|
|
75
|
+
.select('DOMAIN.id')
|
|
76
|
+
.from(User, 'USER')
|
|
77
|
+
.leftJoin('USER.roles', 'ROLE')
|
|
78
|
+
.leftJoin('ROLE.domain', 'DOMAIN')
|
|
79
|
+
.leftJoin('ROLE.privileges', 'PRIVILEGE')
|
|
80
|
+
.where('USER.id = :userId', { userId: user.id })
|
|
81
|
+
.andWhere('PRIVILEGE.name = :privilege', { privilege })
|
|
82
|
+
.andWhere('PRIVILEGE.category = :category', { category })
|
|
83
|
+
.getQuery()
|
|
84
|
+
return 'DOMAIN.id IN ' + subQuery
|
|
85
|
+
})
|
|
86
|
+
.orWhere(qb => {
|
|
87
|
+
const subQuery = qb
|
|
88
|
+
.subQuery()
|
|
89
|
+
.select('DOMAIN.id')
|
|
90
|
+
.from(Domain, 'DOMAIN')
|
|
91
|
+
.where('DOMAIN.owner = :userId', { userId: user.id })
|
|
92
|
+
.getQuery()
|
|
93
|
+
return 'DOMAIN.id IN ' + subQuery
|
|
94
|
+
})
|
|
95
|
+
.orderBy('DOMAIN.name', 'ASC')
|
|
96
|
+
.getMany()
|
|
97
|
+
).map(domain => {
|
|
98
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
99
|
+
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
100
|
+
})
|
|
82
101
|
}
|
|
83
102
|
|
|
84
|
-
export async function getDomainsAsOwner(user: User): Promise<Domain[]> {
|
|
85
|
-
return
|
|
86
|
-
|
|
103
|
+
export async function getDomainsAsOwner(user: User): Promise<Partial<Domain>[]> {
|
|
104
|
+
return (
|
|
105
|
+
await getRepository(Domain).find({
|
|
106
|
+
where: { owner: user.id }
|
|
107
|
+
})
|
|
108
|
+
).map(domain => {
|
|
109
|
+
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
110
|
+
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
87
111
|
})
|
|
88
112
|
}
|