@things-factory/auth-base 6.2.6 → 6.2.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/client/auth.ts +19 -6
- package/client/bootstrap.ts +1 -1
- package/client/directive/privileged.ts +2 -38
- package/client/index.ts +1 -0
- package/client/profiled.ts +78 -0
- package/config/config.development.js +32 -0
- package/config/config.production.js +32 -0
- package/dist-client/auth.d.ts +7 -0
- package/dist-client/auth.js +11 -5
- package/dist-client/auth.js.map +1 -1
- package/dist-client/bootstrap.js +1 -1
- package/dist-client/bootstrap.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +0 -6
- package/dist-client/directive/privileged.js +2 -21
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/index.d.ts +1 -0
- package/dist-client/index.js +1 -0
- package/dist-client/index.js.map +1 -1
- package/dist-client/profiled.d.ts +10 -0
- package/dist-client/profiled.js +52 -0
- package/dist-client/profiled.js.map +1 -0
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/router/auth-private-process-router.js +3 -1
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +29 -9
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +7 -1
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +53 -44
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +6 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +1 -1
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/role/role-query.js +1 -1
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -3
- package/server/router/auth-private-process-router.ts +3 -1
- package/server/router/auth-public-process-router.ts +29 -9
- package/server/router/auth-signin-router.ts +8 -1
- package/server/router/auth-signup-router.ts +63 -53
- package/server/router/oauth2/oauth2-authorize-router.ts +7 -1
- package/server/service/privilege/privilege-directive.ts +1 -1
- package/server/service/role/role-query.ts +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "6.2.
|
|
3
|
+
"version": "6.2.10",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
"dependencies": {
|
|
33
33
|
"@things-factory/email-base": "^6.2.6",
|
|
34
34
|
"@things-factory/env": "^6.2.0",
|
|
35
|
-
"@things-factory/i18n-base": "^6.2.
|
|
35
|
+
"@things-factory/i18n-base": "^6.2.10",
|
|
36
36
|
"@things-factory/shell": "^6.2.6",
|
|
37
37
|
"@things-factory/utils": "^6.2.0",
|
|
38
38
|
"jsonwebtoken": "^9.0.0",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"passport-jwt": "^4.0.0",
|
|
43
43
|
"passport-local": "^1.0.0"
|
|
44
44
|
},
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "a93e333b304f0452e1f5dafedf497cecebdbe03e"
|
|
46
46
|
}
|
|
@@ -12,6 +12,7 @@ import { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-to
|
|
|
12
12
|
import { getUserDomains } from '../utils/get-user-domains'
|
|
13
13
|
|
|
14
14
|
const domainType = config.get('domainType')
|
|
15
|
+
const languages = config.get('i18n/languages') || []
|
|
15
16
|
|
|
16
17
|
export const authPrivateProcessRouter = new Router({
|
|
17
18
|
prefix: '/auth'
|
|
@@ -84,6 +85,7 @@ authPrivateProcessRouter
|
|
|
84
85
|
domain: domain && {
|
|
85
86
|
name: domain.name,
|
|
86
87
|
subdomain: domain.subdomain
|
|
87
|
-
}
|
|
88
|
+
},
|
|
89
|
+
languages
|
|
88
90
|
}
|
|
89
91
|
})
|
|
@@ -11,6 +11,8 @@ import { User } from '../service/user/user'
|
|
|
11
11
|
import { accepts } from '../utils/accepts'
|
|
12
12
|
import { clearAccessTokenCookie } from '../utils/access-token-cookie'
|
|
13
13
|
|
|
14
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
15
|
+
const languages = config.get('i18n/languages', false)
|
|
14
16
|
const passwordRule = config.get('password') || {
|
|
15
17
|
lowerCase: true,
|
|
16
18
|
upperCase: true,
|
|
@@ -59,7 +61,9 @@ authPublicProcessRouter.get('/forgot-password', async (context, next) => {
|
|
|
59
61
|
pageElement: 'forgot-password',
|
|
60
62
|
elementScript: '/auth/forgot-password.js',
|
|
61
63
|
data: {
|
|
62
|
-
email
|
|
64
|
+
email,
|
|
65
|
+
disableUserFavoredLanguage,
|
|
66
|
+
languages
|
|
63
67
|
}
|
|
64
68
|
})
|
|
65
69
|
})
|
|
@@ -72,7 +76,9 @@ authPublicProcessRouter.get('/reset-password', async (context, next) => {
|
|
|
72
76
|
elementScript: '/auth/reset-password.js',
|
|
73
77
|
data: {
|
|
74
78
|
token,
|
|
75
|
-
passwordRule
|
|
79
|
+
passwordRule,
|
|
80
|
+
disableUserFavoredLanguage,
|
|
81
|
+
languages
|
|
76
82
|
}
|
|
77
83
|
})
|
|
78
84
|
})
|
|
@@ -84,7 +90,9 @@ authPublicProcessRouter.get('/unlock-user', async (context, next) => {
|
|
|
84
90
|
pageElement: 'unlock-user',
|
|
85
91
|
elementScript: '/auth/unlock-user.js',
|
|
86
92
|
data: {
|
|
87
|
-
token
|
|
93
|
+
token,
|
|
94
|
+
disableUserFavoredLanguage,
|
|
95
|
+
languages
|
|
88
96
|
}
|
|
89
97
|
})
|
|
90
98
|
})
|
|
@@ -96,7 +104,9 @@ authPublicProcessRouter.get('/activate/:email', async (context, next) => {
|
|
|
96
104
|
pageElement: 'auth-activate',
|
|
97
105
|
elementScript: '/auth/activate.js',
|
|
98
106
|
data: {
|
|
99
|
-
email
|
|
107
|
+
email,
|
|
108
|
+
disableUserFavoredLanguage,
|
|
109
|
+
languages
|
|
100
110
|
}
|
|
101
111
|
})
|
|
102
112
|
})
|
|
@@ -116,7 +126,9 @@ authPublicProcessRouter.get('/verify/:token', async (context, next) => {
|
|
|
116
126
|
pageElement: 'auth-result',
|
|
117
127
|
elementScript: '/auth/result.js',
|
|
118
128
|
data: {
|
|
119
|
-
message
|
|
129
|
+
message,
|
|
130
|
+
disableUserFavoredLanguage,
|
|
131
|
+
languages
|
|
120
132
|
}
|
|
121
133
|
})
|
|
122
134
|
}
|
|
@@ -201,7 +213,9 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
|
|
|
201
213
|
data: {
|
|
202
214
|
token,
|
|
203
215
|
message,
|
|
204
|
-
passwordRule
|
|
216
|
+
passwordRule,
|
|
217
|
+
disableUserFavoredLanguage,
|
|
218
|
+
languages
|
|
205
219
|
}
|
|
206
220
|
})
|
|
207
221
|
}
|
|
@@ -221,7 +235,9 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
|
|
|
221
235
|
pageElement: 'auth-result',
|
|
222
236
|
elementScript: '/auth/result.js',
|
|
223
237
|
data: {
|
|
224
|
-
message
|
|
238
|
+
message,
|
|
239
|
+
disableUserFavoredLanguage,
|
|
240
|
+
languages
|
|
225
241
|
}
|
|
226
242
|
})
|
|
227
243
|
}
|
|
@@ -234,7 +250,9 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
|
|
|
234
250
|
pageElement: 'auth-result',
|
|
235
251
|
elementScript: '/auth/result.js',
|
|
236
252
|
data: {
|
|
237
|
-
message: e.message
|
|
253
|
+
message: e.message,
|
|
254
|
+
disableUserFavoredLanguage,
|
|
255
|
+
languages
|
|
238
256
|
}
|
|
239
257
|
})
|
|
240
258
|
}
|
|
@@ -265,7 +283,9 @@ authPublicProcessRouter.post('/unlock-user', async (context, next) => {
|
|
|
265
283
|
pageElement: 'auth-result',
|
|
266
284
|
elementScript: '/auth/result.js',
|
|
267
285
|
data: {
|
|
268
|
-
message: t('text.account is reactivated')
|
|
286
|
+
message: t('text.account is reactivated'),
|
|
287
|
+
disableUserFavoredLanguage,
|
|
288
|
+
languages
|
|
269
289
|
}
|
|
270
290
|
})
|
|
271
291
|
}
|
|
@@ -5,6 +5,10 @@ import { signinMiddleware } from '../middlewares'
|
|
|
5
5
|
import { accepts } from '../utils/accepts'
|
|
6
6
|
import { setAccessTokenCookie } from '../utils/access-token-cookie'
|
|
7
7
|
|
|
8
|
+
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
9
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
10
|
+
const languages = config.get('i18n/languages', false)
|
|
11
|
+
|
|
8
12
|
const SSOConfig = config.get('sso', {} as any)
|
|
9
13
|
const SSOLinks = Object.values(SSOConfig)
|
|
10
14
|
.filter(({ link, title }) => link && title)
|
|
@@ -23,7 +27,10 @@ authSigninRouter.get('/auth/signin', async (context, next) => {
|
|
|
23
27
|
data: {
|
|
24
28
|
email,
|
|
25
29
|
redirectTo: redirect_to,
|
|
26
|
-
ssoLinks: SSOLinks
|
|
30
|
+
ssoLinks: SSOLinks,
|
|
31
|
+
disableUserSignupProcess,
|
|
32
|
+
disableUserFavoredLanguage,
|
|
33
|
+
languages
|
|
27
34
|
}
|
|
28
35
|
})
|
|
29
36
|
})
|
|
@@ -6,6 +6,10 @@ import { signup } from '../controllers/signup'
|
|
|
6
6
|
import { accepts } from '../utils/accepts'
|
|
7
7
|
import { setAccessTokenCookie } from '../utils/access-token-cookie'
|
|
8
8
|
|
|
9
|
+
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
10
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
11
|
+
const languages = config.get('i18n/languages', false)
|
|
12
|
+
|
|
9
13
|
const passwordRule = config.get('password') || {
|
|
10
14
|
lowerCase: true,
|
|
11
15
|
upperCase: true,
|
|
@@ -20,64 +24,70 @@ const passwordRule = config.get('password') || {
|
|
|
20
24
|
|
|
21
25
|
export const authSignupRouter = new Router()
|
|
22
26
|
|
|
23
|
-
|
|
24
|
-
|
|
27
|
+
if (!disableUserSignupProcess) {
|
|
28
|
+
authSignupRouter.get('/auth/signup', async (context, next) => {
|
|
29
|
+
const { email } = context.query
|
|
25
30
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
31
|
+
await context.render('auth-page', {
|
|
32
|
+
pageElement: 'auth-signup',
|
|
33
|
+
elementScript: '/auth/signup.js',
|
|
34
|
+
data: {
|
|
35
|
+
email,
|
|
36
|
+
passwordRule,
|
|
37
|
+
disableUserFavoredLanguage,
|
|
38
|
+
languages
|
|
39
|
+
}
|
|
40
|
+
})
|
|
33
41
|
})
|
|
34
|
-
})
|
|
35
42
|
|
|
36
|
-
authSignupRouter.post('/auth/signup', async (context, next) => {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
43
|
+
authSignupRouter.post('/auth/signup', async (context, next) => {
|
|
44
|
+
const { header, t } = context
|
|
45
|
+
const { domain } = context.state
|
|
46
|
+
const user = context.request.body
|
|
40
47
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
48
|
+
// try {
|
|
49
|
+
const { token } = await signup(
|
|
50
|
+
{
|
|
51
|
+
...user,
|
|
52
|
+
context,
|
|
53
|
+
domain
|
|
54
|
+
},
|
|
55
|
+
true
|
|
56
|
+
)
|
|
50
57
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
58
|
+
const message = t('text.user registered successfully')
|
|
59
|
+
context.body = {
|
|
60
|
+
message,
|
|
61
|
+
token
|
|
62
|
+
}
|
|
56
63
|
|
|
57
|
-
|
|
64
|
+
setAccessTokenCookie(context, token)
|
|
58
65
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
66
|
+
if (accepts(header.accept, ['text/html', '*/*'])) {
|
|
67
|
+
await context.render('auth-page', {
|
|
68
|
+
pageElement: 'auth-result',
|
|
69
|
+
elementScript: '/auth/result.js',
|
|
70
|
+
data: {
|
|
71
|
+
message,
|
|
72
|
+
disableUserFavoredLanguage,
|
|
73
|
+
languages
|
|
74
|
+
}
|
|
75
|
+
})
|
|
76
|
+
}
|
|
77
|
+
// } catch (e) {
|
|
78
|
+
// context.status = 401
|
|
79
|
+
// context.body = e.message
|
|
71
80
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
})
|
|
81
|
+
// if (accepts(header.accept, ['text/html', '*/*'])) {
|
|
82
|
+
// await context.render('auth-page', {
|
|
83
|
+
// pageElement: 'auth-signup',
|
|
84
|
+
// elementScript: '/auth/signup.js',
|
|
85
|
+
// data: {
|
|
86
|
+
// message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,
|
|
87
|
+
// passwordRule
|
|
88
|
+
// }
|
|
89
|
+
// })
|
|
90
|
+
// }
|
|
91
|
+
// }
|
|
92
|
+
})
|
|
93
|
+
}
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
import Router from 'koa-router'
|
|
2
2
|
|
|
3
3
|
import { getRepository } from '@things-factory/shell'
|
|
4
|
+
import { config } from '@things-factory/env'
|
|
4
5
|
|
|
5
6
|
import { Application } from '../../service/application/application'
|
|
6
7
|
import { NonClient, server as oauth2orizeServer } from './oauth2-server'
|
|
7
8
|
|
|
8
9
|
export const oauth2AuthorizeRouter = new Router()
|
|
9
10
|
|
|
11
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
12
|
+
const languages = config.get('i18n/languages', false)
|
|
13
|
+
|
|
10
14
|
// user authorization endpoint
|
|
11
15
|
//
|
|
12
16
|
// `authorization` middleware accepts a `validate` callback which is
|
|
@@ -60,7 +64,9 @@ oauth2AuthorizeRouter.get(
|
|
|
60
64
|
name: oauth2.user.name,
|
|
61
65
|
email: oauth2.user.email
|
|
62
66
|
}
|
|
63
|
-
}
|
|
67
|
+
},
|
|
68
|
+
disableUserFavoredLanguage,
|
|
69
|
+
languages
|
|
64
70
|
}
|
|
65
71
|
})
|
|
66
72
|
// await context.render(decisionPage, {
|
|
@@ -24,7 +24,7 @@ export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
|
|
|
24
24
|
const { resolve = defaultFieldResolver, args } = fieldConfig
|
|
25
25
|
|
|
26
26
|
if (!args) {
|
|
27
|
-
throw new Error(`Unexpected Error. args should be defined in @
|
|
27
|
+
throw new Error(`Unexpected Error. args should be defined in @privilege directive for field ${fieldName}.`)
|
|
28
28
|
}
|
|
29
29
|
|
|
30
30
|
const { domainOwnerGranted, superUserGranted, category, privilege } = privilegeDirective
|
|
@@ -38,7 +38,7 @@ export class RoleQuery {
|
|
|
38
38
|
}
|
|
39
39
|
|
|
40
40
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
41
|
-
@Query(returns => [RolePrivilege], { description: 'To fetch
|
|
41
|
+
@Query(returns => [RolePrivilege], { description: 'To fetch privileges of a role' })
|
|
42
42
|
async rolePrivileges(@Arg('roleId') roleId: string, @Ctx() context: ResolverContext): Promise<RolePrivilege[]> {
|
|
43
43
|
const rolePrivileges = await getRepository(Privilege).query(
|
|
44
44
|
`
|