@things-factory/auth-base 6.2.49 → 6.2.50

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "6.2.49",
+  "version": "6.2.50",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -30,10 +30,10 @@
     "migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
   },
   "dependencies": {
-    "@things-factory/email-base": "^6.2.48",
+    "@things-factory/email-base": "^6.2.50",
     "@things-factory/env": "^6.2.33",
-    "@things-factory/i18n-base": "^6.2.48",
-    "@things-factory/shell": "^6.2.48",
+    "@things-factory/i18n-base": "^6.2.50",
+    "@things-factory/shell": "^6.2.50",
     "@things-factory/utils": "^6.2.48",
     "jsonwebtoken": "^9.0.0",
     "koa-passport": "^6.0.0",
@@ -43,5 +43,5 @@
     "passport-local": "^1.0.0",
     "popsicle-cookie-jar": "^1.0.0"
   },
-  "gitHead": "57266c96220301729f9c5cd633af1a4e2a651096"
+  "gitHead": "4dc51db04b745ac434d2bb874038ac4c3b47989b"
 }

package/server/constants/error-code.ts

@@ -14,4 +14,4 @@ export const CONFIRM_PASSWORD_NOT_MATCHED = 'confirm password not matched'
 export const PASSWORD_PATTERN_NOT_MATCHED = 'password should match the rule'
 export const USER_DUPLICATED = 'user duplicated'
 export const PASSWORD_USED_PAST = 'password used in the past'
-export const VERIFICATION_ERROR = 'user or verification token not found'
+export const VERIFICATION_ERROR = 'user or verification token not found'

package/server/router/auth-private-process-router.ts

@@ -67,11 +67,19 @@ authPrivateProcessRouter
     clearAccessTokenCookie(context)
   })
   .get('/profile', async (context, next) => {
-    const { domain, user, protected: protectedIP } = context.state
+    const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
 
     let domains: Partial<Domain>[] = await getUserDomains(user)
     domains = domains.filter((d: Domain) => d.extType == domainType)
 
+    var privileges = await User.getPrivilegesByDomain(user, domain)
+
+    if (prohibitedPrivileges) {
+      prohibitedPrivileges.forEach(({ category, name }) => {
+        privileges = privileges.filter(p => p.category != category || p.name != name)
+      })
+    }
+
     context.body = {
       user: {
         email: user.email,
@@ -79,8 +87,8 @@ authPrivateProcessRouter
         userType: user.userType,
         owner: await process.domainOwnerGranted(domain, user),
         super: await process.superUserGranted(domain, user),
-        protected: protectedIP,
-        privileges: await User.getPrivilegesByDomain(user, domain)
+        unsafeIP,
+        privileges
       },
       domains,
       domain: domain && {

package/server/service/domain-generator/domain-generator-mutation.ts

@@ -11,7 +11,7 @@ import { DomainGeneratorInput, DomainUserRoleInput } from './domain-generator-ty
 
 @Resolver()
 export class DomainGeneratorMutation {
-  @Directive('@privilege(category: "system", privilege: "mutation", superUserGranted: true)')
+  @Directive('@privilege(category: "domain", privilege: "mutation", superUserGranted: true)')
   @Directive('@transaction')
   @Mutation(returns => Domain)
   async domainRegister(

package/server/service/partner/partner-mutation.ts

@@ -46,7 +46,7 @@ export class PartnerMutation {
 
     // Find partner
     const partner: Partner = await tx.getRepository(Partner).findOne({
-      where: { domain: { id: domain.id }, partnerDomain }
+      where: { domain: { id: domain.id }, partnerDomain: { id: partnerDomain.id } }
     })
     if (!partner) throw new Error(context.t('error.failed to find x', { x: context.t('label.partner') }))
 

package/server/service/privilege/privilege-directive.ts

@@ -43,7 +43,7 @@ export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
             return await resolve.call(this, source, args, context, info)
           }
 
-          if (!category || !privilege) throw new Error(`Unauthorized! ${category}-${privilege} privilege required`)
+          if (!category || !privilege) throw new Error(`Unauthorized! Access restricted to authorized personnel only`)
 
           if (await User.hasPrivilege(privilege, category, domain, user)) {
             return await resolve.call(this, source, args, context, info)

package/translations/ms.json

@@ -1,55 +1,55 @@
 {
-  "field.email": "e-mel",
-  "field.password": "kata-laluan",
-  "field.token": "token",
-  "field.appliance_id": "perkakas",
-  "field.brand": "jenama",
-  "field.model": "model",
-  "field.active": "aktif",
-  "field.category": "kategori",
-  "field.roles": "peranan",
-  "field.privileges": "keistimewaan",
-  "field.user": "pengguna",
-  "field.user_type": "[ms] user type",
-  "field.user_account": "akaun pengguna",
-  "label.partner": "[ms] partner",
-  "text.account is reactivated": "[ms] account is reactivated",
-  "text.delete account succeed": "[ms] delete account succeed",
-  "text.inactive user": "[ms] inactive user",
-  "text.invalid verification token": "[ms] invalid verification token",
-  "text.invitation email sent": "[ms] invitation email sent",
-  "text.pattern_minimum_charaters": "[ms] minimum {length} charaters",
-  "text.pattern_atleast_1_lowercase": "[ms] at least 1 lowercase character",
-  "text.pattern_atleast_1_uppercase": "[ms] at least 1 uppercase character",
-  "text.pattern_atleast_1_digit": "[ms] at least 1 digit character",
-  "text.pattern_atleast_1_special": "[ms] at least 1 special character(!@#$%^&*())",
-  "text.pattern_not_allowed": "[ms] not allowed repeated charater",
-  "text.password reset succeed": "[ms] password reset succeed",
-  "text.password changed successfully": "[ms] password changed successfully",
-  "text.profile changed successfully": "[ms] profile changed successfully",
-  "text.result": "[ms] result",
-  "text.signout successfully": "[ms] signout successfully",
-  "text.user registered successfully": "[ms] user registered successfully. find your email to activate account",
-  "text.user activated successfully": "[ms] user activated successfully",
-  "text.password reset email sent": "[ms] password reset email sent",
-  "text.verification email sent": "[ms] verification email sent",
-  "error.confirm password not matched": "[ms] new password and confirm password is not matched",
-  "error.domain not allowed": "[ms] user not allowed domain `{subdomain}`",
-  "error.domain mismatch": "[ms] certificate is not for this domain",
-  "error.failed to find x": "[ms] failed to find {x}",
-  "error.password should match the rule": "[ms] password should match following rule. ${rule}",
-  "error.password used in the past": "[ms] password used in the past",
-  "error.subdomain not found": "[ms] domain not found",
-  "error.token or password is invalid": "[ms] token or password is invalid",
-  "error.unavailable-domain": "[ms] unavailable domain",
-  "error.user not found": "pengguna tidak wujud",
-  "error.user duplicated": "emel telah diguna oleh akaun lain",
-  "error.user or verification token not found": "[ms] user or verification token not found",
-  "error.user validation failed": "[ms] user validation failed",
-  "error.user not activated": "[ms] user is not activated",
-  "error.x is not a member of y": "[ms] {x} is not a member of {y}",
-  "privilege.category.system": "[ms] system setting",
-  "privilege.description": "[ms] to {name} {category} data",
-  "privilege.name.mutation": "[ms] edit",
-  "privilege.name.query": "[ms] read"
+  "error.confirm password not matched": "Kata laluan baru dan pengesahan kata laluan tidak sepadan",
+  "error.domain mismatch": "Sijil tidak sesuai untuk domain ini",
+  "error.domain not allowed": "Pengguna tidak dibenarkan domain `{subdomain}`",
+  "error.failed to find x": "Gagal mencari {x}",
+  "error.password should match the rule": "Kata laluan harus mematuhi peraturan berikut. ${rule}",
+  "error.password used in the past": "Kata laluan telah digunakan dalam masa lampau",
+  "error.subdomain not found": "Domain tidak ditemui",
+  "error.token or password is invalid": "Token atau kata laluan tidak sah",
+  "error.unavailable-domain": "Domain tidak tersedia",
+  "error.user duplicated": "Emel telah digunakan oleh akaun lain",
+  "error.user not activated": "Pengguna tidak diaktifkan",
+  "error.user not found": "Pengguna tidak ditemui",
+  "error.user or verification token not found": "Pengguna atau token pengesahan tidak ditemui",
+  "error.user validation failed": "Validasi pengguna gagal",
+  "error.x is not a member of y": "{x} bukan ahli {y}",
+  "field.active": "Aktif",
+  "field.appliance_id": "Perkakas",
+  "field.brand": "Jenama",
+  "field.category": "Kategori",
+  "field.email": "E-mel",
+  "field.model": "Model",
+  "field.password": "Kata laluan",
+  "field.privileges": "Keistimewaan",
+  "field.roles": "Peranan",
+  "field.token": "Token",
+  "field.user": "Pengguna",
+  "field.user_account": "Akaun pengguna",
+  "field.user_type": "Jenis pengguna",
+  "label.partner": "Rakan kongsi",
+  "privilege.category.system": "Tetapan sistem",
+  "privilege.description": "Untuk {name} data {category}",
+  "privilege.name.mutation": "Sunting",
+  "privilege.name.query": "Baca",
+  "text.account is reactivated": "Akaun telah diaktifkan semula",
+  "text.delete account succeed": "Berjaya memadam akaun",
+  "text.inactive user": "Pengguna tidak aktif",
+  "text.invalid verification token": "Token pengesahan tidak sah",
+  "text.invitation email sent": "E-mel jemputan telah dihantar",
+  "text.password changed successfully": "Kata laluan berjaya diubah",
+  "text.password reset email sent": "E-mel reset kata laluan telah dihantar",
+  "text.password reset succeed": "Reset kata laluan berjaya",
+  "text.pattern_atleast_1_digit": "Sekurang-kurangnya 1 aksara digit",
+  "text.pattern_atleast_1_lowercase": "Sekurang-kurangnya 1 aksara kecil",
+  "text.pattern_atleast_1_special": "Sekurang-kurangnya 1 aksara istimewa (!@#$%^&*())",
+  "text.pattern_atleast_1_uppercase": "Sekurang-kurangnya 1 aksara besar",
+  "text.pattern_minimum_charaters": "Minimum {length} aksara",
+  "text.pattern_not_allowed": "Tidak dibenarkan aksara berulang",
+  "text.profile changed successfully": "Profil berjaya diubah",
+  "text.result": "Hasil",
+  "text.signout successfully": "Berjaya keluar",
+  "text.user activated successfully": "Pengguna diaktifkan dengan berjaya",
+  "text.user registered successfully": "Pengguna berjaya didaftarkan. Cari e-mel anda untuk mengaktifkan akaun",
+  "text.verification email sent": "E-mel pengesahan telah dihantar"
 }

package/translations/zh.json

@@ -1,55 +1,55 @@
 {
-  "field.email": "电子邮件地址",
-  "field.password": "密码",
-  "field.token": "符记",
+  "error.confirm password not matched": "新密码与确认密码不匹配！",
+  "error.domain mismatch": "证书不适用于该域！",
+  "error.domain not allowed": "用户无权限使用`{subdomain}`域！",
+  "error.failed to find x": "查询{x}失败！",
+  "error.password should match the rule": "密码应符合以下规则。${rule}",
+  "error.password used in the past": "使用过的密码！",
+  "error.subdomain not found": "用户域查询失败！",
+  "error.token or password is invalid": "令牌或密码无效！",
+  "error.unavailable-domain": "不可用的域名",
+  "error.user duplicated": "有一个用户帐户使用相同的电子邮件",
+  "error.user not activated": "用户未激活！",
+  "error.user not found": "找不到用户",
+  "error.user or verification token not found": "找不到用户或验证令牌。",
+  "error.user validation failed": "用户验证失败！",
+  "error.x is not a member of y": "{x}不是{y}的成员",
+  "field.active": "激活",
   "field.appliance_id": "终端机ID",
   "field.brand": "品牌",
-  "field.model": "模型",
-  "field.active": "激活",
   "field.category": "分类",
-  "field.roles": "角色",
+  "field.email": "电子邮件地址",
+  "field.model": "模型",
+  "field.password": "密码",
   "field.privileges": "权限",
+  "field.roles": "角色",
+  "field.token": "符记",
   "field.user": "用户",
-  "field.user_type": "用户类型",
   "field.user_account": "用户账号",
+  "field.user_type": "用户类型",
   "label.partner": "合作伙伴",
+  "privilege.category.system": "系统配置",
+  "privilege.description": "{name} {category}数据",
+  "privilege.name.mutation": "编辑",
+  "privilege.name.query": "查询",
   "text.account is reactivated": "账户已经重新激活。",
   "text.delete account succeed": "已成功删除账号。",
   "text.inactive user": "未激活用账号。",
   "text.invalid verification token": "令牌无效。",
   "text.invitation email sent": "成功发送邀请电子邮件。",
-  "text.pattern_minimum_charaters": "最少未字符长度为{length}",
-  "text.pattern_atleast_1_lowercase": "至少1个小写字母",
-  "text.pattern_atleast_1_uppercase": "至少1个大写字母",
+  "text.password changed successfully": "密码更改成功。",
+  "text.password reset email sent": "已发送密码重置邮件。",
+  "text.password reset succeed": "密码重置成功。",
   "text.pattern_atleast_1_digit": "至少1位数字字符",
+  "text.pattern_atleast_1_lowercase": "至少1个小写字母",
   "text.pattern_atleast_1_special": "至少1个特殊字符（！@＃$％^＆*（））",
+  "text.pattern_atleast_1_uppercase": "至少1个大写字母",
+  "text.pattern_minimum_charaters": "最少未字符长度为{length}",
   "text.pattern_not_allowed": "不允许重复字符",
-  "text.password reset succeed": "密码重置成功。",
-  "text.password changed successfully": "密码更改成功。",
   "text.profile changed successfully": "个人资料更改成功。",
   "text.result": "结果",
   "text.signout successfully": "登出成功。",
-  "text.user registered successfully": "用户注册成功。 请查看电子邮件以激活帐户。",
   "text.user activated successfully": "用户激活成功",
-  "text.password reset email sent": "已发送密码重置邮件。",
-  "text.verification email sent": "验证邮件已发送",
-  "error.confirm password not matched": "新密码与确认密码不匹配！",
-  "error.domain not allowed": "用户无权限使用`{subdomain}`域！",
-  "error.domain mismatch": "证书不适用于该域！",
-  "error.failed to find x": "查询{x}失败！",
-  "error.password should match the rule": "密码应符合以下规则。${rule}",
-  "error.password used in the past": "使用过的密码！",
-  "error.subdomain not found": "用户域查询失败！",
-  "error.token or password is invalid": "令牌或密码无效！",
-  "error.unavailable-domain": "[zh] unavailable domain",
-  "error.user not found": "找不到用户",
-  "error.user duplicated": "有一个用户帐户使用相同的电子邮件",
-  "error.user or verification token not found": "找不到用户或验证令牌。",
-  "error.user validation failed": "用户验证失败！",
-  "error.user not activated": "用户未激活！",
-  "error.x is not a member of y": "{x}不是{y}的成员",
-  "privilege.category.system": "系统配置",
-  "privilege.description": "{name} {category}数据",
-  "privilege.name.mutation": "编辑",
-  "privilege.name.query": "查询"
-}
+  "text.user registered successfully": "用户注册成功。 请查看电子邮件以激活帐户。",
+  "text.verification email sent": "验证邮件已发送"
+}