@things-factory/auth-base 6.2.49 → 6.2.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/client/directive/privileged.ts +1 -1
- package/client/profiled.ts +22 -17
- package/dist-client/directive/privileged.d.ts +2 -2
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/profiled.d.ts +2 -3
- package/dist-client/profiled.js +18 -9
- package/dist-client/profiled.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/constants/error-code.js.map +1 -1
- package/dist-server/index.d.ts +1 -0
- package/dist-server/index.js +1 -0
- package/dist-server/index.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +9 -3
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.js +1 -1
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +9 -12
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +3 -3
- package/dist-server/service/privilege/privilege-query.js +23 -21
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege.d.ts +0 -2
- package/dist-server/service/privilege/privilege.js +0 -8
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/user/user.d.ts +2 -2
- package/dist-server/service/user/user.js +5 -5
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/utils/check-permission.d.ts +7 -0
- package/dist-server/utils/check-permission.js +38 -0
- package/dist-server/utils/check-permission.js.map +1 -0
- package/package.json +5 -5
- package/server/constants/error-code.ts +1 -1
- package/server/index.ts +2 -0
- package/server/router/auth-private-process-router.ts +11 -3
- package/server/service/domain-generator/domain-generator-mutation.ts +1 -1
- package/server/service/partner/partner-mutation.ts +1 -1
- package/server/service/privilege/privilege-directive.ts +21 -13
- package/server/service/privilege/privilege-query.ts +15 -13
- package/server/service/privilege/privilege.ts +0 -6
- package/server/service/user/user.ts +5 -5
- package/server/utils/check-permission.ts +52 -0
- package/translations/ms.json +53 -53
- package/translations/zh.json +35 -35
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privilege-directive.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-directive.ts"],"names":[],"mappings":";;;;AAAA,qCAA6D;AAC7D,sEAA6B;AAE7B,gDAA0E;
|
|
1
|
+
{"version":3,"file":"privilege-directive.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-directive.ts"],"names":[],"mappings":";;;;AAAA,qCAA6D;AAC7D,sEAA6B;AAE7B,gDAA0E;AAE1E,mEAA8D;AAE9D,OAAO,CAAC,YAAY,CAAC,GAAG,EAAE,CAAA;AAE1B,MAAM,SAAS,GAAG,WAAW,CAAA;AAEhB,QAAA,0BAA0B,GAAG,IAAA,qBAAG,EAAA;;;;;;;CAO5C,CAAA;AACM,MAAM,0BAA0B,GAAG,CAAC,MAAqB,EAAE,EAAE,CAClE,IAAA,iBAAS,EAAC,MAAM,EAAE;IAChB,CAAC,kBAAU,CAAC,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;;QACtE,MAAM,kBAAkB,GAAG,MAAA,IAAA,oBAAY,EAAC,MAAM,EAAE,WAAW,EAAE,SAAS,CAAC,0CAAG,CAAC,CAAC,CAAA;QAC5E,IAAI,kBAAkB,EAAE;YACtB,MAAM,EAAE,OAAO,GAAG,8BAAoB,EAAE,IAAI,EAAE,GAAG,WAAW,CAAA;YAE5D,IAAI,CAAC,IAAI,EAAE;gBACT,MAAM,IAAI,KAAK,CAAC,8EAA8E,SAAS,GAAG,CAAC,CAAA;aAC5G;YAED,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAAA;YACxF,IAAI,QAAQ,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,QAAQ,IAAI,SAAS,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;aAC1E;YAED,WAAW,CAAC,OAAO,GAAG,KAAK,WAAW,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI;gBAC/D,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;gBAEtE,IACE,MAAM,IAAA,kCAAe,EACnB;oBACE,QAAQ;oBACR,SAAS;oBACT,KAAK,EAAE,kBAAkB;oBACzB,KAAK,EAAE,gBAAgB;iBACxB,EACD,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,oBAAoB,CACrB,EACD;oBACA,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;iBAC7D;qBAAM;oBACL,MAAM,IAAI,KAAK,CACb,iBACE,QAAQ,IAAI,SAAS,CAAC,CAAC,CAAC,QAAQ,GAAG,GAAG,GAAG,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,mBACtE,WAAW,CACZ,CAAA;iBACF;YACH,CAAC,CAAA;YAED,OAAO,WAAW,CAAA;SACnB;IACH,CAAC;CACF,CAAC,CAAA;AA9CS,QAAA,0BAA0B,8BA8CnC","sourcesContent":["import { defaultFieldResolver, GraphQLSchema } from 'graphql'\nimport gql from 'graphql-tag'\n\nimport { getDirective, MapperKind, mapSchema } from '@graphql-tools/utils'\nimport { User } from '../user/user'\nimport { checkPermission } from '../../utils/check-permission'\n\nprocess['PRIVILEGES'] = {}\n\nconst DIRECTIVE = 'privilege'\n\nexport const privilegeDirectiveTypeDefs = gql`\n directive @privilege(\n category: String\n privilege: String\n domainOwnerGranted: Boolean\n superUserGranted: Boolean\n ) on FIELD_DEFINITION\n`\nexport const privilegeDirectiveResolver = (schema: GraphQLSchema) =>\n mapSchema(schema, {\n [MapperKind.OBJECT_FIELD]: (fieldConfig, fieldName, typeName, schema) => {\n const privilegeDirective = getDirective(schema, fieldConfig, DIRECTIVE)?.[0]\n if (privilegeDirective) {\n const { resolve = defaultFieldResolver, args } = fieldConfig\n\n if (!args) {\n throw new Error(`Unexpected Error. args should be defined in @privilege directive for field ${fieldName}.`)\n }\n\n const { domainOwnerGranted, superUserGranted, category, privilege } = privilegeDirective\n if (category && privilege) {\n process['PRIVILEGES'][`${category} ${privilege}`] = [category, privilege]\n }\n\n fieldConfig.resolve = async function (source, args, context, info) {\n const { domain, user, unsafeIP, prohibitedPrivileges } = context.state\n\n if (\n await checkPermission(\n {\n category,\n privilege,\n owner: domainOwnerGranted,\n super: superUserGranted\n },\n user,\n domain,\n unsafeIP,\n prohibitedPrivileges\n )\n ) {\n return await resolve.call(this, source, args, context, info)\n } else {\n throw new Error(\n `Unauthorized! ${\n category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'\n } required`\n )\n }\n }\n\n return fieldConfig\n }\n }\n })\n"]}
|
|
@@ -4,12 +4,12 @@ import { User } from '../user/user';
|
|
|
4
4
|
import { Privilege } from './privilege';
|
|
5
5
|
import { PrivilegeList } from './privilege-types';
|
|
6
6
|
export declare class PrivilegeQuery {
|
|
7
|
-
privilege(name: string, category: string): Promise<Privilege>;
|
|
8
7
|
privileges(params: ListParam, context: ResolverContext): Promise<PrivilegeList>;
|
|
9
8
|
myPrivileges(context: ResolverContext): Promise<Privilege[]>;
|
|
10
|
-
hasPrivilege(
|
|
11
|
-
domainsWithPrivilege(
|
|
9
|
+
hasPrivilege(privilege: string, category: string, context: ResolverContext): Promise<Boolean>;
|
|
10
|
+
domainsWithPrivilege(privilege: string, category: string, context: ResolverContext): Promise<Partial<Domain>[]>;
|
|
12
11
|
description(privilege: Privilege, context: ResolverContext): Promise<string>;
|
|
12
|
+
privilege(privilege: Privilege, context: ResolverContext): Promise<string>;
|
|
13
13
|
roles(privilege: Privilege): Promise<Role[]>;
|
|
14
14
|
updater(privilege: Privilege): Promise<User>;
|
|
15
15
|
creator(privilege: Privilege): Promise<User>;
|
|
@@ -9,17 +9,17 @@ const user_1 = require("../user/user");
|
|
|
9
9
|
const privilege_1 = require("./privilege");
|
|
10
10
|
const privilege_types_1 = require("./privilege-types");
|
|
11
11
|
let PrivilegeQuery = class PrivilegeQuery {
|
|
12
|
-
async privilege(name, category) {
|
|
13
|
-
return await (0, shell_1.getRepository)(privilege_1.Privilege).findOne({
|
|
14
|
-
where: { name, category }
|
|
15
|
-
});
|
|
16
|
-
}
|
|
17
12
|
async privileges(params, context) {
|
|
18
13
|
const [items, total] = await (0, shell_1.getQueryBuilderFromListParams)({
|
|
19
14
|
params,
|
|
20
15
|
repository: (0, shell_1.getRepository)(privilege_1.Privilege),
|
|
21
16
|
alias: 'p',
|
|
22
|
-
searchables: ['
|
|
17
|
+
searchables: ['privilege', 'category'],
|
|
18
|
+
filtersMap: {
|
|
19
|
+
privilege: {
|
|
20
|
+
columnName: 'name'
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
23
|
})
|
|
24
24
|
.orderBy('p.category', 'ASC')
|
|
25
25
|
.getManyAndCount();
|
|
@@ -29,13 +29,13 @@ let PrivilegeQuery = class PrivilegeQuery {
|
|
|
29
29
|
const { user, domain } = context.state;
|
|
30
30
|
return user_1.User.getPrivilegesByDomain(user, domain);
|
|
31
31
|
}
|
|
32
|
-
async hasPrivilege(
|
|
32
|
+
async hasPrivilege(privilege, category, context) {
|
|
33
33
|
const { domain, user } = context.state;
|
|
34
|
-
return await user_1.User.hasPrivilege(
|
|
34
|
+
return await user_1.User.hasPrivilege(privilege, category, domain, user);
|
|
35
35
|
}
|
|
36
|
-
async domainsWithPrivilege(
|
|
36
|
+
async domainsWithPrivilege(privilege, category, context) {
|
|
37
37
|
const { user } = context.state;
|
|
38
|
-
return await user_1.User.getDomainsWithPrivilege(
|
|
38
|
+
return await user_1.User.getDomainsWithPrivilege(privilege, category, user);
|
|
39
39
|
}
|
|
40
40
|
async description(privilege, context) {
|
|
41
41
|
const { t } = context;
|
|
@@ -49,6 +49,9 @@ let PrivilegeQuery = class PrivilegeQuery {
|
|
|
49
49
|
category: tcategory === keycategory ? category : tcategory
|
|
50
50
|
});
|
|
51
51
|
}
|
|
52
|
+
async privilege(privilege, context) {
|
|
53
|
+
return privilege.name;
|
|
54
|
+
}
|
|
52
55
|
async roles(privilege) {
|
|
53
56
|
return (await (0, shell_1.getRepository)(privilege_1.Privilege).findOne({
|
|
54
57
|
where: { id: privilege.id },
|
|
@@ -62,15 +65,6 @@ let PrivilegeQuery = class PrivilegeQuery {
|
|
|
62
65
|
return await (0, shell_1.getRepository)(user_1.User).findOneBy({ id: privilege.creatorId });
|
|
63
66
|
}
|
|
64
67
|
};
|
|
65
|
-
tslib_1.__decorate([
|
|
66
|
-
(0, type_graphql_1.Directive)('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)'),
|
|
67
|
-
(0, type_graphql_1.Query)(returns => privilege_1.Privilege, { description: 'To fetch privilege' }),
|
|
68
|
-
tslib_1.__param(0, (0, type_graphql_1.Arg)('name')),
|
|
69
|
-
tslib_1.__param(1, (0, type_graphql_1.Arg)('category')),
|
|
70
|
-
tslib_1.__metadata("design:type", Function),
|
|
71
|
-
tslib_1.__metadata("design:paramtypes", [String, String]),
|
|
72
|
-
tslib_1.__metadata("design:returntype", Promise)
|
|
73
|
-
], PrivilegeQuery.prototype, "privilege", null);
|
|
74
68
|
tslib_1.__decorate([
|
|
75
69
|
(0, type_graphql_1.Directive)('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)'),
|
|
76
70
|
(0, type_graphql_1.Query)(returns => privilege_types_1.PrivilegeList, { description: 'To fetch multiple privileges' }),
|
|
@@ -91,7 +85,7 @@ tslib_1.__decorate([
|
|
|
91
85
|
], PrivilegeQuery.prototype, "myPrivileges", null);
|
|
92
86
|
tslib_1.__decorate([
|
|
93
87
|
(0, type_graphql_1.Query)(returns => Boolean, { description: 'To query whether I have the given permission' }),
|
|
94
|
-
tslib_1.__param(0, (0, type_graphql_1.Arg)('
|
|
88
|
+
tslib_1.__param(0, (0, type_graphql_1.Arg)('privilege')),
|
|
95
89
|
tslib_1.__param(1, (0, type_graphql_1.Arg)('category')),
|
|
96
90
|
tslib_1.__param(2, (0, type_graphql_1.Ctx)()),
|
|
97
91
|
tslib_1.__metadata("design:type", Function),
|
|
@@ -100,7 +94,7 @@ tslib_1.__decorate([
|
|
|
100
94
|
], PrivilegeQuery.prototype, "hasPrivilege", null);
|
|
101
95
|
tslib_1.__decorate([
|
|
102
96
|
(0, type_graphql_1.Query)(returns => [shell_1.Domain], { description: 'To fetch domains with given privilege for user' }),
|
|
103
|
-
tslib_1.__param(0, (0, type_graphql_1.Arg)('
|
|
97
|
+
tslib_1.__param(0, (0, type_graphql_1.Arg)('privilege')),
|
|
104
98
|
tslib_1.__param(1, (0, type_graphql_1.Arg)('category')),
|
|
105
99
|
tslib_1.__param(2, (0, type_graphql_1.Ctx)()),
|
|
106
100
|
tslib_1.__metadata("design:type", Function),
|
|
@@ -115,6 +109,14 @@ tslib_1.__decorate([
|
|
|
115
109
|
tslib_1.__metadata("design:paramtypes", [privilege_1.Privilege, Object]),
|
|
116
110
|
tslib_1.__metadata("design:returntype", Promise)
|
|
117
111
|
], PrivilegeQuery.prototype, "description", null);
|
|
112
|
+
tslib_1.__decorate([
|
|
113
|
+
(0, type_graphql_1.FieldResolver)(type => String),
|
|
114
|
+
tslib_1.__param(0, (0, type_graphql_1.Root)()),
|
|
115
|
+
tslib_1.__param(1, (0, type_graphql_1.Ctx)()),
|
|
116
|
+
tslib_1.__metadata("design:type", Function),
|
|
117
|
+
tslib_1.__metadata("design:paramtypes", [privilege_1.Privilege, Object]),
|
|
118
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
119
|
+
], PrivilegeQuery.prototype, "privilege", null);
|
|
118
120
|
tslib_1.__decorate([
|
|
119
121
|
(0, type_graphql_1.FieldResolver)(type => [role_1.Role]),
|
|
120
122
|
tslib_1.__param(0, (0, type_graphql_1.Root)()),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privilege-query.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-query.ts"],"names":[],"mappings":";;;;AAAA,+CAA8F;AAC9F,iDAAuG;AAEvG,uCAAmC;AACnC,uCAAmC;AACnC,2CAAuC;AACvC,uDAAiD;AAG1C,IAAM,cAAc,GAApB,MAAM,cAAc;IAGnB,AAAN,KAAK,CAAC,
|
|
1
|
+
{"version":3,"file":"privilege-query.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-query.ts"],"names":[],"mappings":";;;;AAAA,+CAA8F;AAC9F,iDAAuG;AAEvG,uCAAmC;AACnC,uCAAmC;AACnC,2CAAuC;AACvC,uDAAiD;AAG1C,IAAM,cAAc,GAApB,MAAM,cAAc;IAGnB,AAAN,KAAK,CAAC,UAAU,CAAS,MAAiB,EAAS,OAAwB;QACzE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,MAAM,IAAA,qCAA6B,EAAC;YACzD,MAAM;YACN,UAAU,EAAE,IAAA,qBAAa,EAAC,qBAAS,CAAC;YACpC,KAAK,EAAE,GAAG;YACV,WAAW,EAAE,CAAC,WAAW,EAAE,UAAU,CAAC;YACtC,UAAU,EAAE;gBACV,SAAS,EAAE;oBACT,UAAU,EAAE,MAAM;iBACnB;aACF;SACF,CAAC;aACC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC;aAC5B,eAAe,EAAE,CAAA;QAEpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;IACzB,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY,CAAQ,OAAwB;QAChD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEtC,OAAO,WAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACjD,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACE,SAAiB,EAClB,QAAgB,EAC1B,OAAwB;QAE/B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QACtC,OAAO,MAAM,WAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAA;IACnE,CAAC;IAGK,AAAN,KAAK,CAAC,oBAAoB,CACN,SAAiB,EAClB,QAAgB,EAC1B,OAAwB;QAE/B,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAC9B,OAAO,MAAM,WAAI,CAAC,uBAAuB,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACtE,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CAAS,SAAoB,EAAS,OAAwB;QAC7E,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QACrB,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAA;QAEpC,MAAM,OAAO,GAAG,kBAAkB,IAAI,EAAE,CAAA;QACxC,MAAM,WAAW,GAAG,sBAAsB,QAAQ,EAAE,CAAA;QACpD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,CAAC,CAAA;QAEhC,OAAO,CAAC,CAAC,uBAAuB,EAAE;YAChC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;YACtC,QAAQ,EAAE,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;SAC3D,CAAC,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CAAS,SAAoB,EAAS,OAAwB;QAC3E,OAAO,SAAS,CAAC,IAAI,CAAA;IACvB,CAAC;IAGK,AAAN,KAAK,CAAC,KAAK,CAAS,SAAoB;QACtC,OAAO,CACL,MAAM,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAC,OAAO,CAAC;YACrC,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE;YAC3B,SAAS,EAAE,CAAC,OAAO,CAAC;SACrB,CAAC,CACH,CAAC,KAAK,CAAA;IACT,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAAS,SAAoB;QACxC,OAAO,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC,CAAA;IACzE,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAAS,SAAoB;QACxC,OAAO,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC,CAAA;IACzE,CAAC;CACF,CAAA;AAvFO;IAFL,IAAA,wBAAS,EAAC,yGAAyG,CAAC;IACpH,IAAA,oBAAK,EAAC,OAAO,CAAC,EAAE,CAAC,+BAAa,EAAE,EAAE,WAAW,EAAE,8BAA8B,EAAE,CAAC;IAC/D,mBAAA,IAAA,mBAAI,GAAE,CAAA;IAAqB,mBAAA,IAAA,kBAAG,GAAE,CAAA;;6CAAjB,iBAAS;;gDAgBzC;AAKK;IAHL,IAAA,oBAAK,EAAC,OAAO,CAAC,EAAE,CAAC,CAAC,qBAAS,CAAC,EAAE;QAC7B,WAAW,EAAE,sDAAsD;KACpE,CAAC;IACkB,mBAAA,IAAA,kBAAG,GAAE,CAAA;;;;kDAIxB;AAGK;IADL,IAAA,oBAAK,EAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,8CAA8C,EAAE,CAAC;IAExF,mBAAA,IAAA,kBAAG,EAAC,WAAW,CAAC,CAAA;IAChB,mBAAA,IAAA,kBAAG,EAAC,UAAU,CAAC,CAAA;IACf,mBAAA,IAAA,kBAAG,GAAE,CAAA;;;;kDAIP;AAGK;IADL,IAAA,oBAAK,EAAC,OAAO,CAAC,EAAE,CAAC,CAAC,cAAM,CAAC,EAAE,EAAE,WAAW,EAAE,gDAAgD,EAAE,CAAC;IAE3F,mBAAA,IAAA,kBAAG,EAAC,WAAW,CAAC,CAAA;IAChB,mBAAA,IAAA,kBAAG,EAAC,UAAU,CAAC,CAAA;IACf,mBAAA,IAAA,kBAAG,GAAE,CAAA;;;;0DAIP;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC;IACX,mBAAA,IAAA,mBAAI,GAAE,CAAA;IAAwB,mBAAA,IAAA,kBAAG,GAAE,CAAA;;6CAAjB,qBAAS;;iDAa7C;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC;IACb,mBAAA,IAAA,mBAAI,GAAE,CAAA;IAAwB,mBAAA,IAAA,kBAAG,GAAE,CAAA;;6CAAjB,qBAAS;;+CAE3C;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAI,CAAC,CAAC;IACjB,mBAAA,IAAA,mBAAI,GAAE,CAAA;;6CAAY,qBAAS;;2CAOvC;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,CAAC;IACb,mBAAA,IAAA,mBAAI,GAAE,CAAA;;6CAAY,qBAAS;;6CAEzC;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,CAAC;IACb,mBAAA,IAAA,mBAAI,GAAE,CAAA;;6CAAY,qBAAS;;6CAEzC;AAzFU,cAAc;IAD1B,IAAA,uBAAQ,EAAC,qBAAS,CAAC;GACP,cAAc,CA0F1B;AA1FY,wCAAc","sourcesContent":["import { Arg, Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'\nimport { Domain, getQueryBuilderFromListParams, getRepository, ListParam } from '@things-factory/shell'\n\nimport { Role } from '../role/role'\nimport { User } from '../user/user'\nimport { Privilege } from './privilege'\nimport { PrivilegeList } from './privilege-types'\n\n@Resolver(Privilege)\nexport class PrivilegeQuery {\n @Directive('@privilege(category: \"privilege\", privilege: \"query\", domainOwnerGranted: true, superUserGranted: true)')\n @Query(returns => PrivilegeList, { description: 'To fetch multiple privileges' })\n async privileges(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<PrivilegeList> {\n const [items, total] = await getQueryBuilderFromListParams({\n params,\n repository: getRepository(Privilege),\n alias: 'p',\n searchables: ['privilege', 'category'],\n filtersMap: {\n privilege: {\n columnName: 'name'\n }\n }\n })\n .orderBy('p.category', 'ASC')\n .getManyAndCount()\n\n return { items, total }\n }\n\n @Query(returns => [Privilege], {\n description: 'To fetch current users privileges for current domain'\n })\n async myPrivileges(@Ctx() context: ResolverContext): Promise<Privilege[]> {\n const { user, domain } = context.state\n\n return User.getPrivilegesByDomain(user, domain)\n }\n\n @Query(returns => Boolean, { description: 'To query whether I have the given permission' })\n async hasPrivilege(\n @Arg('privilege') privilege: string,\n @Arg('category') category: string,\n @Ctx() context: ResolverContext\n ): Promise<Boolean> {\n const { domain, user } = context.state\n return await User.hasPrivilege(privilege, category, domain, user)\n }\n\n @Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })\n async domainsWithPrivilege(\n @Arg('privilege') privilege: string,\n @Arg('category') category: string,\n @Ctx() context: ResolverContext\n ): Promise<Partial<Domain>[]> {\n const { user } = context.state\n return await User.getDomainsWithPrivilege(privilege, category, user)\n }\n\n @FieldResolver(type => String)\n async description(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {\n const { t } = context\n const { name, category } = privilege\n\n const keyname = `privilege.name.${name}`\n const keycategory = `privilege.category.${category}`\n const tname = t(keyname)\n const tcategory = t(keycategory)\n\n return t('privilege.description', {\n name: tname === keyname ? name : tname,\n category: tcategory === keycategory ? category : tcategory\n })\n }\n\n @FieldResolver(type => String)\n async privilege(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {\n return privilege.name\n }\n\n @FieldResolver(type => [Role])\n async roles(@Root() privilege: Privilege) {\n return (\n await getRepository(Privilege).findOne({\n where: { id: privilege.id },\n relations: ['roles']\n })\n ).roles\n }\n\n @FieldResolver(type => User)\n async updater(@Root() privilege: Privilege): Promise<User> {\n return await getRepository(User).findOneBy({ id: privilege.updaterId })\n }\n\n @FieldResolver(type => User)\n async creator(@Root() privilege: Privilege): Promise<User> {\n return await getRepository(User).findOneBy({ id: privilege.creatorId })\n }\n}\n"]}
|
|
@@ -5,14 +5,12 @@ export declare class PrivilegeObject {
|
|
|
5
5
|
category?: string;
|
|
6
6
|
owner?: boolean;
|
|
7
7
|
super?: boolean;
|
|
8
|
-
protected?: boolean;
|
|
9
8
|
}
|
|
10
9
|
export declare class PrivilegeInput {
|
|
11
10
|
privilege?: string;
|
|
12
11
|
category?: string;
|
|
13
12
|
owner?: boolean;
|
|
14
13
|
super?: boolean;
|
|
15
|
-
protected?: boolean;
|
|
16
14
|
}
|
|
17
15
|
export declare class Privilege {
|
|
18
16
|
id: string;
|
|
@@ -24,10 +24,6 @@ tslib_1.__decorate([
|
|
|
24
24
|
(0, type_graphql_1.Field)({ nullable: true }),
|
|
25
25
|
tslib_1.__metadata("design:type", Boolean)
|
|
26
26
|
], PrivilegeObject.prototype, "super", void 0);
|
|
27
|
-
tslib_1.__decorate([
|
|
28
|
-
(0, type_graphql_1.Field)({ nullable: true }),
|
|
29
|
-
tslib_1.__metadata("design:type", Boolean)
|
|
30
|
-
], PrivilegeObject.prototype, "protected", void 0);
|
|
31
27
|
PrivilegeObject = tslib_1.__decorate([
|
|
32
28
|
(0, type_graphql_1.ObjectType)()
|
|
33
29
|
], PrivilegeObject);
|
|
@@ -50,10 +46,6 @@ tslib_1.__decorate([
|
|
|
50
46
|
(0, type_graphql_1.Field)({ nullable: true }),
|
|
51
47
|
tslib_1.__metadata("design:type", Boolean)
|
|
52
48
|
], PrivilegeInput.prototype, "super", void 0);
|
|
53
|
-
tslib_1.__decorate([
|
|
54
|
-
(0, type_graphql_1.Field)({ nullable: true }),
|
|
55
|
-
tslib_1.__metadata("design:type", Boolean)
|
|
56
|
-
], PrivilegeInput.prototype, "protected", void 0);
|
|
57
49
|
PrivilegeInput = tslib_1.__decorate([
|
|
58
50
|
(0, type_graphql_1.InputType)()
|
|
59
51
|
], PrivilegeInput);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege.ts"],"names":[],"mappings":";;;;AAAA,qCAWgB;AAChB,+CAA+D;AAC/D,uCAAmC;AACnC,uCAAmC;AAG5B,IAAM,eAAe,GAArB,MAAM,eAAe;
|
|
1
|
+
{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege.ts"],"names":[],"mappings":";;;;AAAA,qCAWgB;AAChB,+CAA+D;AAC/D,uCAAmC;AACnC,uCAAmC;AAG5B,IAAM,eAAe,GAArB,MAAM,eAAe;CAY3B,CAAA;AAXC;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;kDACR;AAElB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;iDACT;AAEjB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACX;AAEf;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACX;AAXJ,eAAe;IAD3B,IAAA,yBAAU,GAAE;GACA,eAAe,CAY3B;AAZY,0CAAe;AAerB,IAAM,cAAc,GAApB,MAAM,cAAc;CAY1B,CAAA;AAXC;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;iDACR;AAElB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gDACT;AAEjB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACX;AAEf;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACX;AAXJ,cAAc;IAD1B,IAAA,wBAAS,GAAE;GACC,cAAc,CAY1B;AAZY,wCAAc;AAmBpB,IAAM,SAAS,GAAf,MAAM,SAAS;CAkDrB,CAAA;AAjDC;IAAC,IAAA,gCAAsB,EAAC,MAAM,CAAC;IAC9B,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,iBAAE,CAAC;;qCACR;AAEV;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,GAAE;;uCACI;AAEZ;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;2CACV;AAEhB;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACP;AAEnB;IAAC,IAAA,oBAAU,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;IACjD,IAAA,mBAAS,EAAC;QACT,uFAAuF;QACvF,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAAC;QACpE,kBAAkB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAAC;KACvE,CAAC;IACD,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;wCAC7B;AAEb;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCAC/B,WAAI;0CAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC;;4CACvC;AAEjB;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCAC/B,WAAI;0CAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC;;4CACvC;AAEjB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACf,IAAI;4CAAA;AAEf;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACf,IAAI;4CAAA;AAjDJ,SAAS;IALrB,IAAA,gBAAM,GAAE;IACR,IAAA,eAAK,EAAC,gBAAgB,EAAE,CAAC,SAAoB,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE;QACvF,MAAM,EAAE,KAAK;KACd,CAAC;IACD,IAAA,yBAAU,GAAE;GACA,SAAS,CAkDrB;AAlDY,8BAAS","sourcesContent":["import {\n Column,\n CreateDateColumn,\n Entity,\n Index,\n ManyToMany,\n ManyToOne,\n JoinTable,\n RelationId,\n PrimaryGeneratedColumn,\n UpdateDateColumn\n} from 'typeorm'\nimport { ObjectType, InputType, Field, ID } from 'type-graphql'\nimport { Role } from '../role/role'\nimport { User } from '../user/user'\n\n@ObjectType()\nexport class PrivilegeObject {\n @Field({ nullable: true })\n privilege?: string\n\n @Field({ nullable: true })\n category?: string\n\n @Field({ nullable: true })\n owner?: boolean\n\n @Field({ nullable: true })\n super?: boolean\n}\n\n@InputType()\nexport class PrivilegeInput {\n @Field({ nullable: true })\n privilege?: string\n\n @Field({ nullable: true })\n category?: string\n\n @Field({ nullable: true })\n owner?: boolean\n\n @Field({ nullable: true })\n super?: boolean\n}\n\n@Entity()\n@Index('ix_privilege_0', (privilege: Privilege) => [privilege.name, privilege.category], {\n unique: false\n})\n@ObjectType()\nexport class Privilege {\n @PrimaryGeneratedColumn('uuid')\n @Field(type => ID)\n id: string\n\n @Column()\n @Field()\n name: string\n\n @Column()\n @Field({ nullable: true })\n category: string\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n description: string\n\n @ManyToMany(type => Role, role => role.privileges)\n @JoinTable({\n /* case M2M, JoinTable setting should be defined only one side (never set both side) */\n name: 'roles_privileges',\n joinColumns: [{ name: 'privileges_id', referencedColumnName: 'id' }],\n inverseJoinColumns: [{ name: 'roles_id', referencedColumnName: 'id' }]\n })\n @Field(type => [Role], { nullable: true })\n roles: Role[]\n\n @ManyToOne(type => User, { nullable: true })\n @Field(type => User, { nullable: true })\n creator: User\n\n @RelationId((privilege: Privilege) => privilege.creator)\n creatorId: string\n\n @ManyToOne(type => User, { nullable: true })\n @Field(type => User, { nullable: true })\n updater: User\n\n @RelationId((privilege: Privilege) => privilege.updater)\n updaterId: string\n\n @CreateDateColumn()\n @Field({ nullable: true })\n createdAt: Date\n\n @UpdateDateColumn()\n @Field({ nullable: true })\n updatedAt: Date\n}\n"]}
|
|
@@ -40,7 +40,7 @@ export declare class User {
|
|
|
40
40
|
static verify(hashed: any, password: any, salt: any): boolean;
|
|
41
41
|
static checkAuthWithEmail(decoded: any): Promise<User>;
|
|
42
42
|
static checkAuth(decoded: any): Promise<User>;
|
|
43
|
-
static hasPrivilege(
|
|
43
|
+
static hasPrivilege(privilege: string, category: string, domain: Domain, user: User): Promise<boolean>;
|
|
44
44
|
static getPrivilegesByDomain(user: User, domain: Domain): Promise<any>;
|
|
45
|
-
static getDomainsWithPrivilege(
|
|
45
|
+
static getDomainsWithPrivilege(privilege: string, category: string, user: User): Promise<Partial<Domain>[]>;
|
|
46
46
|
}
|
|
@@ -157,11 +157,11 @@ let User = User_1 = class User {
|
|
|
157
157
|
return user;
|
|
158
158
|
}
|
|
159
159
|
}
|
|
160
|
-
static async hasPrivilege(
|
|
160
|
+
static async hasPrivilege(privilege, category, domain, user) {
|
|
161
161
|
const result = await (0, shell_1.getRepository)(User_1).query(`
|
|
162
162
|
SELECT COUNT(1) AS "has_privilege" FROM "privileges" "PRIVILEGES"
|
|
163
163
|
WHERE "PRIVILEGES"."category" = '${category}'
|
|
164
|
-
AND "PRIVILEGES"."name" = '${
|
|
164
|
+
AND "PRIVILEGES"."name" = '${privilege}'
|
|
165
165
|
AND "PRIVILEGES"."id" IN (
|
|
166
166
|
SELECT "RP"."privileges_id"
|
|
167
167
|
FROM "users_roles" "UR"
|
|
@@ -175,7 +175,7 @@ let User = User_1 = class User {
|
|
|
175
175
|
}
|
|
176
176
|
static async getPrivilegesByDomain(user, domain) {
|
|
177
177
|
const result = await (0, shell_1.getRepository)(User_1).query(`
|
|
178
|
-
SELECT name, category FROM "privileges" "PRIVILEGES"
|
|
178
|
+
SELECT name privilege, category FROM "privileges" "PRIVILEGES"
|
|
179
179
|
WHERE "PRIVILEGES"."id" IN (
|
|
180
180
|
SELECT "RP"."privileges_id"
|
|
181
181
|
FROM "users_roles" "UR"
|
|
@@ -186,8 +186,8 @@ let User = User_1 = class User {
|
|
|
186
186
|
)`);
|
|
187
187
|
return result;
|
|
188
188
|
}
|
|
189
|
-
static async getDomainsWithPrivilege(
|
|
190
|
-
return (0, get_user_domains_1.getDomainsWithPrivilege)(user,
|
|
189
|
+
static async getDomainsWithPrivilege(privilege, category, user) {
|
|
190
|
+
return (0, get_user_domains_1.getDomainsWithPrivilege)(user, privilege, category);
|
|
191
191
|
}
|
|
192
192
|
};
|
|
193
193
|
tslib_1.__decorate([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.js","sourceRoot":"","sources":["../../../server/service/user/user.ts"],"names":[],"mappings":";;;;;AAAA,4DAA2B;AAC3B,wEAA8B;AAC9B,+CAA+D;AAC/D,qCAYgB;AAEhB,6CAA4C;AAC5C,iDAA6D;AAE7D,yEAA8E;AAC9E,wDAAmD;AACnD,uDAA+C;AAC/C,uCAAmC;AACnC,uFAAiF;AACjF,mEAAsE;AAEtE,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;AAC7C,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAA;AAEpC,MAAM,oBAAoB,GAAG,MAAM,CAAC,YAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,IAAI,IAAI,CAAA;AAEhF,IAAY,UAOX;AAPD,WAAY,UAAU;IACpB,mCAAqB,CAAA;IACrB,qCAAuB,CAAA;IACvB,iCAAmB,CAAA;IACnB,+BAAiB,CAAA;IACjB,+BAAiB,CAAA;IACjB,4DAA8C,CAAA;AAChD,CAAC,EAPW,UAAU,GAAV,kBAAU,KAAV,kBAAU,QAOrB;AAMM,IAAM,IAAI,YAAV,MAAM,IAAI;IAyHf,8BAA8B;IAC9B,KAAK,CAAC,IAAI,CAAC,OAAQ;QACjB,IAAI,EAAE,SAAS,GAAG,oBAAoB,EAAE,SAAS,EAAE,GAAG,OAAO,IAAI,EAAE,CAAA;QAEnE,IAAI,IAAI,GAAG;YACT,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE;gBACN,SAAS;aACV;SACF,CAAA;QAED,OAAO,MAAM,sBAAG,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAM,EAAE;YAClC,SAAS;YACT,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,MAAM;SAChB,CAAC,CAAA;IACJ,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,sBAAsB,CAAC,QAAQ,EAAE,GAAG;QACzC,IAAA,sCAAsB,EAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,mBAAmB;IACnB,MAAM,CAAC,YAAY;QACjB,OAAO,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC/C,CAAC;IAED,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAI;QAClC,OAAO,gBAAM;aACV,UAAU,CAAC,QAAQ,EAAE,IAAI,IAAI,mBAAM,CAAC;aACpC,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,QAAQ,CAAC,CAAA;IACrB,CAAC;IAED,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI;QAClC,OAAO,CACL,MAAM;YACJ,gBAAM;iBACH,UAAU,CAAC,QAAQ,EAAE,IAAI,IAAI,mBAAM,CAAC;iBACpC,MAAM,CAAC,QAAQ,CAAC;iBAChB,MAAM,CAAC,QAAQ,CAAC;YACrB,MAAM;gBACJ,gBAAM;qBACH,UAAU,CAAC,MAAM,EAAE,IAAI,IAAI,mBAAM,CAAC;qBAClC,MAAM,CAAC,QAAQ,CAAC;qBAChB,MAAM,CAAC,QAAQ,CAAC,CACtB,CAAA;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,OAAO;QACrC,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAA,EAAE;YACnB,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;SACH;QAED,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAA;QACtC,IAAI,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YAClC,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAC/B,SAAS,EAAE,CAAC,SAAS,CAAC;YACtB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAA;QAEF,IAAI,CAAC,IAAI;YACP,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;aACC;YACH,QAAQ,IAAI,CAAC,MAAM,EAAE;gBACnB,KAAK,UAAU,CAAC,QAAQ;oBACtB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;wBACnD,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,MAAM;oBACpB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,WAAW;wBAC5C,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,OAAO;oBACrB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,YAAY;qBAC9C,CAAC,CAAA;aACL;YAED,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO;QAC5B,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,EAAE,MAAK,SAAS,EAAE;YAC7B,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;SACH;QAED,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAA;QACtC,IAAI,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YAClC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE;YACzB,SAAS,EAAE,CAAC,SAAS,CAAC;YACtB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAA;QAEF,IAAI,CAAC,IAAI;YACP,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;aACC;YACH,QAAQ,IAAI,CAAC,MAAM,EAAE;gBACnB,KAAK,UAAU,CAAC,QAAQ;oBACtB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;wBACnD,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,MAAM;oBACpB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,WAAW;wBAC5C,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,OAAO;oBACrB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,YAAY;qBAC9C,CAAC,CAAA;aACL;YAED,MAAM,EAAE,eAAe,EAAE,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAElD,IAAI,eAAe,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;gBAChF,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,kBAAkB,CAAA;aAC5C;YAED,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,QAAgB,EAAE,MAAc,EAAE,IAAU;QAClF,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAC,KAAK,CAC5C;;yCAEmC,QAAQ;mCACd,IAAI;;;;;;mCAMJ,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE;iCACV,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,EAAE;;OAEpC,CACF,CAAA;QAED,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAA;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,IAAU,EAAE,MAAc;QAC3D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAC,KAAK,CAAC;;;;;;;mCAOhB,IAAI,CAAC,EAAE;iCACT,MAAM,CAAC,EAAE;QAClC,CAAC,CAAA;QAEL,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAY,EAAE,QAAgB,EAAE,IAAU;QAC7E,OAAO,IAAA,0CAAuB,EAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;CACF,CAAA;AAlTC;IAAC,IAAA,gCAAsB,EAAC,MAAM,CAAC;IAC9B,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,iBAAE,CAAC;;gCACC;AAEnB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,GAAE;;kCACI;AAEZ;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yCACP;AAEnB;IAAC,IAAA,oBAAU,EAAC,IAAI,CAAC,EAAE,CAAC,cAAM,CAAC;IAC1B,IAAA,mBAAS,EAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IACpC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,cAAM,CAAC,CAAC;;qCACN;AAElB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,GAAE;;mCACK;AAEb;IAAC,IAAA,wBAAS,EAAC,gFAAgF,CAAC;IAC3F,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;QACd,IAAI,EACF,aAAa,IAAI,OAAO,IAAI,aAAa,IAAI,SAAS;YACpD,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,aAAa,IAAI,QAAQ;gBAC3B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,SAAS;KAChB,CAAC;;sCACc;AAEhB;IAAC,IAAA,oBAAU,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAC5C,IAAA,mBAAS,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;IAClC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAI,CAAC,CAAC;;mCACR;AAEd;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sCACV;AAEhB;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;uCACT;AAEjB;IAAC,IAAA,wBAAS,EAAC,gFAAgF,CAAC;IAC3F,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;;kCACU;AAEZ;IAAC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;oCACZ;AAEd;IAAC,IAAA,wBAAS,EAAC,gFAAgF,CAAC;IAC3F,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;mCACb;AAEb;IAAC,IAAA,gBAAM,EAAC;QACN,IAAI,EACF,aAAa,IAAI,UAAU,IAAI,aAAa,IAAI,OAAO,IAAI,aAAa,IAAI,SAAS;YACnF,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,aAAa,IAAI,QAAQ;gBAC3B,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,UAAU,CAAC,QAAQ;KAC7B,CAAC;IACD,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC;;oCACJ;AAElB;IAAC,IAAA,gBAAM,EAAC;QACN,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC;KACX,CAAC;;uCACe;AAEjB;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;sCACiB,IAAI;+CAAA;AAEvB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;mCACZ;AAEd;IAAC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,yCAAkB,EAAE,kBAAkB,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC;IAClF,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,yCAAkB,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gDAChB;AAExC;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,MAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACjB,IAAI;qCAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;;uCACxB;AAEjB;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,MAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACjB,IAAI;qCAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;;uCACxB;AAEjB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACf,IAAI;uCAAA;AAEf;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACf,IAAI;IAEf,8BAA8B;;uCAFf;AAvHJ,IAAI;IAJhB,IAAA,gBAAM,GAAE;IACR,IAAA,eAAK,EAAC,WAAW,EAAE,CAAC,IAAU,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACnE,kEAAkE;;IACjE,IAAA,yBAAU,GAAE;GACA,IAAI,CAmThB;AAnTY,oBAAI","sourcesContent":["import crypto from 'crypto'\nimport jwt from 'jsonwebtoken'\nimport { Directive, Field, ID, ObjectType } from 'type-graphql'\nimport {\n Column,\n CreateDateColumn,\n Entity,\n Index,\n JoinTable,\n ManyToMany,\n ManyToOne,\n OneToMany,\n PrimaryGeneratedColumn,\n RelationId,\n UpdateDateColumn\n} from 'typeorm'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { validatePasswordByRule } from '../../controllers/utils/password-rule'\nimport { AuthError } from '../../errors/auth-error'\nimport { SECRET } from '../../utils/get-secret'\nimport { Role } from '../role/role'\nimport { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'\nimport { getDomainsWithPrivilege } from '../../utils/get-user-domains'\n\nconst ORMCONFIG = config.get('ormconfig', {})\nconst DATABASE_TYPE = ORMCONFIG.type\n\nconst sessionExpirySeconds = Number(config.get('session/expirySeconds')) || '7d'\n\nexport enum UserStatus {\n INACTIVE = 'inactive',\n ACTIVATED = 'activated',\n DELETED = 'deleted',\n LOCKED = 'locked',\n BANNED = 'banned',\n PWD_RESET_REQUIRED = 'password_reset_required'\n}\n\n@Entity()\n@Index('ix_user_0', (user: User) => [user.email], { unique: true })\n//@Index('ix_user_1', (user: User) => [user.id], { unique: true })\n@ObjectType()\nexport class User {\n @PrimaryGeneratedColumn('uuid')\n @Field(type => ID)\n readonly id: string\n\n @Column()\n @Field()\n name: string\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n description: string\n\n @ManyToMany(type => Domain)\n @JoinTable({ name: 'users_domains' })\n @Field(type => [Domain])\n domains?: Domain[]\n\n @Column()\n @Field()\n email: string\n\n @Directive('@privilege(category: \"security\", privilege: \"query\", domainOwnerGranted: true)')\n @Column({\n nullable: true,\n type:\n DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'\n ? 'longtext'\n : DATABASE_TYPE == 'oracle'\n ? 'clob'\n : 'varchar'\n })\n password: string\n\n @ManyToMany(type => Role, role => role.users)\n @JoinTable({ name: 'users_roles' })\n @Field(type => [Role])\n roles?: Role[]\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n userType: string // default: 'user', enum: 'user', 'application', 'appliance'\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n reference: string\n\n @Directive('@privilege(category: \"security\", privilege: \"query\", domainOwnerGranted: true)')\n @Column({\n nullable: true\n })\n salt: string\n\n @Column({ nullable: true })\n @Field({ nullable: true })\n locale: string\n\n @Directive('@privilege(category: \"security\", privilege: \"query\", domainOwnerGranted: true)')\n @Column({ nullable: true })\n @Field({ nullable: true })\n ssoId: string\n\n @Column({\n type:\n DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'\n ? 'enum'\n : DATABASE_TYPE == 'oracle'\n ? 'varchar2'\n : 'smallint',\n enum: UserStatus,\n default: UserStatus.INACTIVE\n })\n @Field(type => String)\n status: UserStatus\n\n @Column({\n type: 'smallint',\n default: 0\n })\n failCount: number\n\n @Column({\n nullable: true\n })\n passwordUpdatedAt: Date\n\n @Field({ nullable: true })\n owner: boolean /* should not be a column */\n\n @OneToMany(() => UsersAuthProviders, usersAuthProviders => usersAuthProviders.user)\n @Field(type => [UsersAuthProviders], { nullable: true })\n usersAuthProviders: UsersAuthProviders[]\n\n @ManyToOne(type => User, { nullable: true })\n @Field({ nullable: true })\n creator: User\n\n @RelationId((user: User) => user.creator)\n creatorId: string\n\n @ManyToOne(type => User, { nullable: true })\n @Field({ nullable: true })\n updater: User\n\n @RelationId((user: User) => user.updater)\n updaterId: string\n\n @CreateDateColumn()\n @Field({ nullable: true })\n createdAt: Date\n\n @UpdateDateColumn()\n @Field({ nullable: true })\n updatedAt: Date\n\n /* signing for jsonwebtoken */\n async sign(options?) {\n var { expiresIn = sessionExpirySeconds, subdomain } = options || {}\n\n var user = {\n id: this.id,\n userType: this.userType,\n status: this.status,\n domain: {\n subdomain\n }\n }\n\n return await jwt.sign(user, SECRET, {\n expiresIn,\n issuer: 'hatiolab.com',\n subject: 'user'\n })\n }\n\n /* validate password through password rule */\n static validatePasswordByRule(password, lng) {\n validatePasswordByRule(password, lng)\n }\n\n /* generate salt */\n static generateSalt() {\n return crypto.randomBytes(16).toString('hex')\n }\n\n /* encode password */\n static encode(password: string, salt) {\n return crypto\n .createHmac('sha256', salt || SECRET)\n .update(password)\n .digest('base64')\n }\n\n /* verify password */\n static verify(hashed, password, salt) {\n return (\n hashed ==\n crypto\n .createHmac('sha256', salt || SECRET)\n .update(password)\n .digest('base64') ||\n hashed ==\n crypto\n .createHmac('sha1', salt || SECRET)\n .update(password)\n .digest('base64')\n )\n }\n\n static async checkAuthWithEmail(decoded) {\n if (!decoded?.email) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n }\n\n const repository = getRepository(User)\n var user = await repository.findOne({\n where: { email: decoded.email },\n relations: ['domains'],\n cache: true\n })\n\n if (!user)\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n else {\n switch (user.status) {\n case UserStatus.INACTIVE:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.LOCKED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_LOCKED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.DELETED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_DELETED\n })\n }\n\n return user\n }\n }\n\n static async checkAuth(decoded) {\n if (decoded?.id === undefined) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n }\n\n const repository = getRepository(User)\n var user = await repository.findOne({\n where: { id: decoded.id },\n relations: ['domains'],\n cache: true\n })\n\n if (!user)\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n else {\n switch (user.status) {\n case UserStatus.INACTIVE:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.LOCKED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_LOCKED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.DELETED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_DELETED\n })\n }\n\n const { defaultPassword } = config.get('password')\n\n if (defaultPassword && user.password === this.encode(defaultPassword, user.salt)) {\n user.status = UserStatus.PWD_RESET_REQUIRED\n }\n\n return user\n }\n }\n\n static async hasPrivilege(name: string, category: string, domain: Domain, user: User) {\n const result = await getRepository(User).query(\n `\n SELECT COUNT(1) AS \"has_privilege\" FROM \"privileges\" \"PRIVILEGES\"\n WHERE \"PRIVILEGES\".\"category\" = '${category}'\n AND \"PRIVILEGES\".\"name\" = '${name}'\n AND \"PRIVILEGES\".\"id\" IN (\n SELECT \"RP\".\"privileges_id\"\n FROM \"users_roles\" \"UR\"\n INNER JOIN \"roles_privileges\" \"RP\" ON \"UR\".\"roles_id\" = \"RP\".\"roles_id\"\n LEFT JOIN \"roles\" \"R\" ON \"R\".\"id\" = \"UR\".\"roles_id\"\n WHERE \"UR\".\"users_id\" = '${user?.id}'\n AND \"R\".\"domain_id\" = '${domain?.id}'\n )\n `\n )\n\n return result[0].has_privilege > 0\n }\n\n static async getPrivilegesByDomain(user: User, domain: Domain) {\n const result = await getRepository(User).query(`\n SELECT name, category FROM \"privileges\" \"PRIVILEGES\"\n WHERE \"PRIVILEGES\".\"id\" IN (\n SELECT \"RP\".\"privileges_id\"\n FROM \"users_roles\" \"UR\"\n INNER JOIN \"roles_privileges\" \"RP\" ON \"UR\".\"roles_id\" = \"RP\".\"roles_id\"\n LEFT JOIN \"roles\" \"R\" ON \"R\".\"id\" = \"UR\".\"roles_id\"\n WHERE \"UR\".\"users_id\" = '${user.id}'\n AND \"R\".\"domain_id\" = '${domain.id}'\n )`)\n\n return result\n }\n\n static async getDomainsWithPrivilege(name: string, category: string, user: User) {\n return getDomainsWithPrivilege(user, name, category)\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"user.js","sourceRoot":"","sources":["../../../server/service/user/user.ts"],"names":[],"mappings":";;;;;AAAA,4DAA2B;AAC3B,wEAA8B;AAC9B,+CAA+D;AAC/D,qCAYgB;AAEhB,6CAA4C;AAC5C,iDAA6D;AAE7D,yEAA8E;AAC9E,wDAAmD;AACnD,uDAA+C;AAC/C,uCAAmC;AACnC,uFAAiF;AACjF,mEAAsE;AAEtE,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;AAC7C,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAA;AAEpC,MAAM,oBAAoB,GAAG,MAAM,CAAC,YAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,IAAI,IAAI,CAAA;AAEhF,IAAY,UAOX;AAPD,WAAY,UAAU;IACpB,mCAAqB,CAAA;IACrB,qCAAuB,CAAA;IACvB,iCAAmB,CAAA;IACnB,+BAAiB,CAAA;IACjB,+BAAiB,CAAA;IACjB,4DAA8C,CAAA;AAChD,CAAC,EAPW,UAAU,GAAV,kBAAU,KAAV,kBAAU,QAOrB;AAMM,IAAM,IAAI,YAAV,MAAM,IAAI;IAyHf,8BAA8B;IAC9B,KAAK,CAAC,IAAI,CAAC,OAAQ;QACjB,IAAI,EAAE,SAAS,GAAG,oBAAoB,EAAE,SAAS,EAAE,GAAG,OAAO,IAAI,EAAE,CAAA;QAEnE,IAAI,IAAI,GAAG;YACT,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE;gBACN,SAAS;aACV;SACF,CAAA;QAED,OAAO,MAAM,sBAAG,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAM,EAAE;YAClC,SAAS;YACT,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,MAAM;SAChB,CAAC,CAAA;IACJ,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,sBAAsB,CAAC,QAAQ,EAAE,GAAG;QACzC,IAAA,sCAAsB,EAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,mBAAmB;IACnB,MAAM,CAAC,YAAY;QACjB,OAAO,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC/C,CAAC;IAED,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAI;QAClC,OAAO,gBAAM;aACV,UAAU,CAAC,QAAQ,EAAE,IAAI,IAAI,mBAAM,CAAC;aACpC,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,QAAQ,CAAC,CAAA;IACrB,CAAC;IAED,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI;QAClC,OAAO,CACL,MAAM;YACJ,gBAAM;iBACH,UAAU,CAAC,QAAQ,EAAE,IAAI,IAAI,mBAAM,CAAC;iBACpC,MAAM,CAAC,QAAQ,CAAC;iBAChB,MAAM,CAAC,QAAQ,CAAC;YACrB,MAAM;gBACJ,gBAAM;qBACH,UAAU,CAAC,MAAM,EAAE,IAAI,IAAI,mBAAM,CAAC;qBAClC,MAAM,CAAC,QAAQ,CAAC;qBAChB,MAAM,CAAC,QAAQ,CAAC,CACtB,CAAA;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,OAAO;QACrC,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAA,EAAE;YACnB,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;SACH;QAED,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAA;QACtC,IAAI,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YAClC,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAC/B,SAAS,EAAE,CAAC,SAAS,CAAC;YACtB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAA;QAEF,IAAI,CAAC,IAAI;YACP,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;aACC;YACH,QAAQ,IAAI,CAAC,MAAM,EAAE;gBACnB,KAAK,UAAU,CAAC,QAAQ;oBACtB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;wBACnD,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,MAAM;oBACpB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,WAAW;wBAC5C,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,OAAO;oBACrB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,YAAY;qBAC9C,CAAC,CAAA;aACL;YAED,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO;QAC5B,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,EAAE,MAAK,SAAS,EAAE;YAC7B,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;SACH;QAED,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAA;QACtC,IAAI,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YAClC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE;YACzB,SAAS,EAAE,CAAC,SAAS,CAAC;YACtB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAA;QAEF,IAAI,CAAC,IAAI;YACP,MAAM,IAAI,sBAAS,CAAC;gBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc;aAChD,CAAC,CAAA;aACC;YACH,QAAQ,IAAI,CAAC,MAAM,EAAE;gBACnB,KAAK,UAAU,CAAC,QAAQ;oBACtB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;wBACnD,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,MAAM;oBACpB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,WAAW;wBAC5C,MAAM,EAAE;4BACN,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB;qBACF,CAAC,CAAA;gBACJ,KAAK,UAAU,CAAC,OAAO;oBACrB,MAAM,IAAI,sBAAS,CAAC;wBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,YAAY;qBAC9C,CAAC,CAAA;aACL;YAED,MAAM,EAAE,eAAe,EAAE,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAElD,IAAI,eAAe,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;gBAChF,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,kBAAkB,CAAA;aAC5C;YAED,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,QAAgB,EAAE,MAAc,EAAE,IAAU;QACvF,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAC,KAAK,CAC5C;;yCAEmC,QAAQ;mCACd,SAAS;;;;;;mCAMT,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE;iCACV,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,EAAE;;OAEpC,CACF,CAAA;QAED,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAA;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,IAAU,EAAE,MAAc;QAC3D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,MAAI,CAAC,CAAC,KAAK,CAAC;;;;;;;mCAOhB,IAAI,CAAC,EAAE;iCACT,MAAM,CAAC,EAAE;QAClC,CAAC,CAAA;QAEL,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,SAAiB,EAAE,QAAgB,EAAE,IAAU;QAClF,OAAO,IAAA,0CAAuB,EAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;IAC3D,CAAC;CACF,CAAA;AAlTC;IAAC,IAAA,gCAAsB,EAAC,MAAM,CAAC;IAC9B,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,iBAAE,CAAC;;gCACC;AAEnB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,GAAE;;kCACI;AAEZ;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yCACP;AAEnB;IAAC,IAAA,oBAAU,EAAC,IAAI,CAAC,EAAE,CAAC,cAAM,CAAC;IAC1B,IAAA,mBAAS,EAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IACpC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,cAAM,CAAC,CAAC;;qCACN;AAElB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,GAAE;;mCACK;AAEb;IAAC,IAAA,wBAAS,EAAC,gFAAgF,CAAC;IAC3F,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;QACd,IAAI,EACF,aAAa,IAAI,OAAO,IAAI,aAAa,IAAI,SAAS;YACpD,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,aAAa,IAAI,QAAQ;gBAC3B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,SAAS;KAChB,CAAC;;sCACc;AAEhB;IAAC,IAAA,oBAAU,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAC5C,IAAA,mBAAS,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;IAClC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAI,CAAC,CAAC;;mCACR;AAEd;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sCACV;AAEhB;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;uCACT;AAEjB;IAAC,IAAA,wBAAS,EAAC,gFAAgF,CAAC;IAC3F,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;;kCACU;AAEZ;IAAC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;oCACZ;AAEd;IAAC,IAAA,wBAAS,EAAC,gFAAgF,CAAC;IAC3F,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;mCACb;AAEb;IAAC,IAAA,gBAAM,EAAC;QACN,IAAI,EACF,aAAa,IAAI,UAAU,IAAI,aAAa,IAAI,OAAO,IAAI,aAAa,IAAI,SAAS;YACnF,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,aAAa,IAAI,QAAQ;gBAC3B,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,UAAU,CAAC,QAAQ;KAC7B,CAAC;IACD,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC;;oCACJ;AAElB;IAAC,IAAA,gBAAM,EAAC;QACN,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC;KACX,CAAC;;uCACe;AAEjB;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;sCACiB,IAAI;+CAAA;AAEvB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;mCACZ;AAEd;IAAC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,yCAAkB,EAAE,kBAAkB,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC;IAClF,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,yCAAkB,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gDAChB;AAExC;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,MAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACjB,IAAI;qCAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;;uCACxB;AAEjB;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,MAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3C,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACjB,IAAI;qCAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;;uCACxB;AAEjB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACf,IAAI;uCAAA;AAEf;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;sCACf,IAAI;IAEf,8BAA8B;;uCAFf;AAvHJ,IAAI;IAJhB,IAAA,gBAAM,GAAE;IACR,IAAA,eAAK,EAAC,WAAW,EAAE,CAAC,IAAU,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACnE,kEAAkE;;IACjE,IAAA,yBAAU,GAAE;GACA,IAAI,CAmThB;AAnTY,oBAAI","sourcesContent":["import crypto from 'crypto'\nimport jwt from 'jsonwebtoken'\nimport { Directive, Field, ID, ObjectType } from 'type-graphql'\nimport {\n Column,\n CreateDateColumn,\n Entity,\n Index,\n JoinTable,\n ManyToMany,\n ManyToOne,\n OneToMany,\n PrimaryGeneratedColumn,\n RelationId,\n UpdateDateColumn\n} from 'typeorm'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { validatePasswordByRule } from '../../controllers/utils/password-rule'\nimport { AuthError } from '../../errors/auth-error'\nimport { SECRET } from '../../utils/get-secret'\nimport { Role } from '../role/role'\nimport { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'\nimport { getDomainsWithPrivilege } from '../../utils/get-user-domains'\n\nconst ORMCONFIG = config.get('ormconfig', {})\nconst DATABASE_TYPE = ORMCONFIG.type\n\nconst sessionExpirySeconds = Number(config.get('session/expirySeconds')) || '7d'\n\nexport enum UserStatus {\n INACTIVE = 'inactive',\n ACTIVATED = 'activated',\n DELETED = 'deleted',\n LOCKED = 'locked',\n BANNED = 'banned',\n PWD_RESET_REQUIRED = 'password_reset_required'\n}\n\n@Entity()\n@Index('ix_user_0', (user: User) => [user.email], { unique: true })\n//@Index('ix_user_1', (user: User) => [user.id], { unique: true })\n@ObjectType()\nexport class User {\n @PrimaryGeneratedColumn('uuid')\n @Field(type => ID)\n readonly id: string\n\n @Column()\n @Field()\n name: string\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n description: string\n\n @ManyToMany(type => Domain)\n @JoinTable({ name: 'users_domains' })\n @Field(type => [Domain])\n domains?: Domain[]\n\n @Column()\n @Field()\n email: string\n\n @Directive('@privilege(category: \"security\", privilege: \"query\", domainOwnerGranted: true)')\n @Column({\n nullable: true,\n type:\n DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'\n ? 'longtext'\n : DATABASE_TYPE == 'oracle'\n ? 'clob'\n : 'varchar'\n })\n password: string\n\n @ManyToMany(type => Role, role => role.users)\n @JoinTable({ name: 'users_roles' })\n @Field(type => [Role])\n roles?: Role[]\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n userType: string // default: 'user', enum: 'user', 'application', 'appliance'\n\n @Column({\n nullable: true\n })\n @Field({ nullable: true })\n reference: string\n\n @Directive('@privilege(category: \"security\", privilege: \"query\", domainOwnerGranted: true)')\n @Column({\n nullable: true\n })\n salt: string\n\n @Column({ nullable: true })\n @Field({ nullable: true })\n locale: string\n\n @Directive('@privilege(category: \"security\", privilege: \"query\", domainOwnerGranted: true)')\n @Column({ nullable: true })\n @Field({ nullable: true })\n ssoId: string\n\n @Column({\n type:\n DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'\n ? 'enum'\n : DATABASE_TYPE == 'oracle'\n ? 'varchar2'\n : 'smallint',\n enum: UserStatus,\n default: UserStatus.INACTIVE\n })\n @Field(type => String)\n status: UserStatus\n\n @Column({\n type: 'smallint',\n default: 0\n })\n failCount: number\n\n @Column({\n nullable: true\n })\n passwordUpdatedAt: Date\n\n @Field({ nullable: true })\n owner: boolean /* should not be a column */\n\n @OneToMany(() => UsersAuthProviders, usersAuthProviders => usersAuthProviders.user)\n @Field(type => [UsersAuthProviders], { nullable: true })\n usersAuthProviders: UsersAuthProviders[]\n\n @ManyToOne(type => User, { nullable: true })\n @Field({ nullable: true })\n creator: User\n\n @RelationId((user: User) => user.creator)\n creatorId: string\n\n @ManyToOne(type => User, { nullable: true })\n @Field({ nullable: true })\n updater: User\n\n @RelationId((user: User) => user.updater)\n updaterId: string\n\n @CreateDateColumn()\n @Field({ nullable: true })\n createdAt: Date\n\n @UpdateDateColumn()\n @Field({ nullable: true })\n updatedAt: Date\n\n /* signing for jsonwebtoken */\n async sign(options?) {\n var { expiresIn = sessionExpirySeconds, subdomain } = options || {}\n\n var user = {\n id: this.id,\n userType: this.userType,\n status: this.status,\n domain: {\n subdomain\n }\n }\n\n return await jwt.sign(user, SECRET, {\n expiresIn,\n issuer: 'hatiolab.com',\n subject: 'user'\n })\n }\n\n /* validate password through password rule */\n static validatePasswordByRule(password, lng) {\n validatePasswordByRule(password, lng)\n }\n\n /* generate salt */\n static generateSalt() {\n return crypto.randomBytes(16).toString('hex')\n }\n\n /* encode password */\n static encode(password: string, salt) {\n return crypto\n .createHmac('sha256', salt || SECRET)\n .update(password)\n .digest('base64')\n }\n\n /* verify password */\n static verify(hashed, password, salt) {\n return (\n hashed ==\n crypto\n .createHmac('sha256', salt || SECRET)\n .update(password)\n .digest('base64') ||\n hashed ==\n crypto\n .createHmac('sha1', salt || SECRET)\n .update(password)\n .digest('base64')\n )\n }\n\n static async checkAuthWithEmail(decoded) {\n if (!decoded?.email) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n }\n\n const repository = getRepository(User)\n var user = await repository.findOne({\n where: { email: decoded.email },\n relations: ['domains'],\n cache: true\n })\n\n if (!user)\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n else {\n switch (user.status) {\n case UserStatus.INACTIVE:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.LOCKED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_LOCKED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.DELETED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_DELETED\n })\n }\n\n return user\n }\n }\n\n static async checkAuth(decoded) {\n if (decoded?.id === undefined) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n }\n\n const repository = getRepository(User)\n var user = await repository.findOne({\n where: { id: decoded.id },\n relations: ['domains'],\n cache: true\n })\n\n if (!user)\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND\n })\n else {\n switch (user.status) {\n case UserStatus.INACTIVE:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.LOCKED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_LOCKED,\n detail: {\n email: user.email\n }\n })\n case UserStatus.DELETED:\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.USER_DELETED\n })\n }\n\n const { defaultPassword } = config.get('password')\n\n if (defaultPassword && user.password === this.encode(defaultPassword, user.salt)) {\n user.status = UserStatus.PWD_RESET_REQUIRED\n }\n\n return user\n }\n }\n\n static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User) {\n const result = await getRepository(User).query(\n `\n SELECT COUNT(1) AS \"has_privilege\" FROM \"privileges\" \"PRIVILEGES\"\n WHERE \"PRIVILEGES\".\"category\" = '${category}'\n AND \"PRIVILEGES\".\"name\" = '${privilege}'\n AND \"PRIVILEGES\".\"id\" IN (\n SELECT \"RP\".\"privileges_id\"\n FROM \"users_roles\" \"UR\"\n INNER JOIN \"roles_privileges\" \"RP\" ON \"UR\".\"roles_id\" = \"RP\".\"roles_id\"\n LEFT JOIN \"roles\" \"R\" ON \"R\".\"id\" = \"UR\".\"roles_id\"\n WHERE \"UR\".\"users_id\" = '${user?.id}'\n AND \"R\".\"domain_id\" = '${domain?.id}'\n )\n `\n )\n\n return result[0].has_privilege > 0\n }\n\n static async getPrivilegesByDomain(user: User, domain: Domain) {\n const result = await getRepository(User).query(`\n SELECT name privilege, category FROM \"privileges\" \"PRIVILEGES\"\n WHERE \"PRIVILEGES\".\"id\" IN (\n SELECT \"RP\".\"privileges_id\"\n FROM \"users_roles\" \"UR\"\n INNER JOIN \"roles_privileges\" \"RP\" ON \"UR\".\"roles_id\" = \"RP\".\"roles_id\"\n LEFT JOIN \"roles\" \"R\" ON \"R\".\"id\" = \"UR\".\"roles_id\"\n WHERE \"UR\".\"users_id\" = '${user.id}'\n AND \"R\".\"domain_id\" = '${domain.id}'\n )`)\n\n return result\n }\n\n static async getDomainsWithPrivilege(privilege: string, category: string, user: User) {\n return getDomainsWithPrivilege(user, privilege, category)\n }\n}\n"]}
|