@things-factory/auth-base 6.2.9 → 6.2.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/client/auth.ts +15 -6
- package/client/bootstrap.ts +1 -1
- package/client/directive/privileged.ts +2 -38
- package/client/index.ts +1 -0
- package/client/profiled.ts +68 -0
- package/config/config.development.js +32 -1
- package/config/config.production.js +32 -1
- package/dist-client/auth.d.ts +5 -0
- package/dist-client/auth.js +8 -5
- package/dist-client/auth.js.map +1 -1
- package/dist-client/bootstrap.js +1 -1
- package/dist-client/bootstrap.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +0 -6
- package/dist-client/directive/privileged.js +2 -21
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/index.d.ts +1 -0
- package/dist-client/index.js +1 -0
- package/dist-client/index.js.map +1 -1
- package/dist-client/profiled.d.ts +9 -0
- package/dist-client/profiled.js +44 -0
- package/dist-client/profiled.js.map +1 -0
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +20 -4
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +3 -1
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +39 -9
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +7 -3
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +12 -4
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +6 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +1 -1
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/role/role-query.js +1 -1
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -3
- package/server/middlewares/authenticate-401-middleware.ts +22 -4
- package/server/router/auth-private-process-router.ts +3 -1
- package/server/router/auth-public-process-router.ts +39 -9
- package/server/router/auth-signin-router.ts +7 -3
- package/server/router/auth-signup-router.ts +12 -4
- package/server/router/oauth2/oauth2-authorize-router.ts +7 -1
- package/server/service/privilege/privilege-directive.ts +1 -1
- package/server/service/role/role-query.ts +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "6.2.
|
|
3
|
+
"version": "6.2.11",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
"dependencies": {
|
|
33
33
|
"@things-factory/email-base": "^6.2.6",
|
|
34
34
|
"@things-factory/env": "^6.2.0",
|
|
35
|
-
"@things-factory/i18n-base": "^6.2.
|
|
35
|
+
"@things-factory/i18n-base": "^6.2.10",
|
|
36
36
|
"@things-factory/shell": "^6.2.6",
|
|
37
37
|
"@things-factory/utils": "^6.2.0",
|
|
38
38
|
"jsonwebtoken": "^9.0.0",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"passport-jwt": "^4.0.0",
|
|
43
43
|
"passport-local": "^1.0.0"
|
|
44
44
|
},
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "702c73270456544f84da2194e2e71a7795e678f3"
|
|
46
46
|
}
|
|
@@ -1,7 +1,13 @@
|
|
|
1
|
+
import { config } from '@things-factory/env'
|
|
2
|
+
|
|
1
3
|
import { SUBDOMAIN_NOTFOUND, USER_DUPLICATED, USER_LOCKED, USER_NOT_ACTIVATED } from '../constants/error-code'
|
|
2
4
|
import { AuthError } from '../errors/auth-error'
|
|
3
5
|
import { accepts } from '../utils/accepts'
|
|
4
6
|
|
|
7
|
+
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
8
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
9
|
+
const languages = config.get('i18n/languages', false)
|
|
10
|
+
|
|
5
11
|
export async function authenticate401Middleware(context, next) {
|
|
6
12
|
try {
|
|
7
13
|
await next()
|
|
@@ -55,7 +61,10 @@ export async function authenticate401Middleware(context, next) {
|
|
|
55
61
|
data: {
|
|
56
62
|
...err.detail,
|
|
57
63
|
message,
|
|
58
|
-
redirectTo
|
|
64
|
+
redirectTo,
|
|
65
|
+
disableUserSignupProcess,
|
|
66
|
+
disableUserFavoredLanguage,
|
|
67
|
+
languages
|
|
59
68
|
}
|
|
60
69
|
})
|
|
61
70
|
|
|
@@ -66,7 +75,10 @@ export async function authenticate401Middleware(context, next) {
|
|
|
66
75
|
data: {
|
|
67
76
|
...err.detail,
|
|
68
77
|
message,
|
|
69
|
-
redirectTo
|
|
78
|
+
redirectTo,
|
|
79
|
+
disableUserSignupProcess,
|
|
80
|
+
disableUserFavoredLanguage,
|
|
81
|
+
languages
|
|
70
82
|
}
|
|
71
83
|
})
|
|
72
84
|
|
|
@@ -77,7 +89,10 @@ export async function authenticate401Middleware(context, next) {
|
|
|
77
89
|
data: {
|
|
78
90
|
...err.detail,
|
|
79
91
|
message,
|
|
80
|
-
redirectTo
|
|
92
|
+
redirectTo,
|
|
93
|
+
disableUserSignupProcess,
|
|
94
|
+
disableUserFavoredLanguage,
|
|
95
|
+
languages
|
|
81
96
|
}
|
|
82
97
|
})
|
|
83
98
|
|
|
@@ -88,7 +103,10 @@ export async function authenticate401Middleware(context, next) {
|
|
|
88
103
|
data: {
|
|
89
104
|
...err.detail,
|
|
90
105
|
message: err instanceof AuthError ? message : '',
|
|
91
|
-
redirectTo
|
|
106
|
+
redirectTo,
|
|
107
|
+
disableUserSignupProcess,
|
|
108
|
+
disableUserFavoredLanguage,
|
|
109
|
+
languages
|
|
92
110
|
}
|
|
93
111
|
})
|
|
94
112
|
}
|
|
@@ -12,6 +12,7 @@ import { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-to
|
|
|
12
12
|
import { getUserDomains } from '../utils/get-user-domains'
|
|
13
13
|
|
|
14
14
|
const domainType = config.get('domainType')
|
|
15
|
+
const languages = config.get('i18n/languages') || []
|
|
15
16
|
|
|
16
17
|
export const authPrivateProcessRouter = new Router({
|
|
17
18
|
prefix: '/auth'
|
|
@@ -84,6 +85,7 @@ authPrivateProcessRouter
|
|
|
84
85
|
domain: domain && {
|
|
85
86
|
name: domain.name,
|
|
86
87
|
subdomain: domain.subdomain
|
|
87
|
-
}
|
|
88
|
+
},
|
|
89
|
+
languages
|
|
88
90
|
}
|
|
89
91
|
})
|
|
@@ -11,6 +11,9 @@ import { User } from '../service/user/user'
|
|
|
11
11
|
import { accepts } from '../utils/accepts'
|
|
12
12
|
import { clearAccessTokenCookie } from '../utils/access-token-cookie'
|
|
13
13
|
|
|
14
|
+
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
15
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
16
|
+
const languages = config.get('i18n/languages', false)
|
|
14
17
|
const passwordRule = config.get('password') || {
|
|
15
18
|
lowerCase: true,
|
|
16
19
|
upperCase: true,
|
|
@@ -59,7 +62,10 @@ authPublicProcessRouter.get('/forgot-password', async (context, next) => {
|
|
|
59
62
|
pageElement: 'forgot-password',
|
|
60
63
|
elementScript: '/auth/forgot-password.js',
|
|
61
64
|
data: {
|
|
62
|
-
email
|
|
65
|
+
email,
|
|
66
|
+
disableUserSignupProcess,
|
|
67
|
+
disableUserFavoredLanguage,
|
|
68
|
+
languages
|
|
63
69
|
}
|
|
64
70
|
})
|
|
65
71
|
})
|
|
@@ -72,7 +78,10 @@ authPublicProcessRouter.get('/reset-password', async (context, next) => {
|
|
|
72
78
|
elementScript: '/auth/reset-password.js',
|
|
73
79
|
data: {
|
|
74
80
|
token,
|
|
75
|
-
passwordRule
|
|
81
|
+
passwordRule,
|
|
82
|
+
disableUserSignupProcess,
|
|
83
|
+
disableUserFavoredLanguage,
|
|
84
|
+
languages
|
|
76
85
|
}
|
|
77
86
|
})
|
|
78
87
|
})
|
|
@@ -84,7 +93,10 @@ authPublicProcessRouter.get('/unlock-user', async (context, next) => {
|
|
|
84
93
|
pageElement: 'unlock-user',
|
|
85
94
|
elementScript: '/auth/unlock-user.js',
|
|
86
95
|
data: {
|
|
87
|
-
token
|
|
96
|
+
token,
|
|
97
|
+
disableUserSignupProcess,
|
|
98
|
+
disableUserFavoredLanguage,
|
|
99
|
+
languages
|
|
88
100
|
}
|
|
89
101
|
})
|
|
90
102
|
})
|
|
@@ -96,7 +108,10 @@ authPublicProcessRouter.get('/activate/:email', async (context, next) => {
|
|
|
96
108
|
pageElement: 'auth-activate',
|
|
97
109
|
elementScript: '/auth/activate.js',
|
|
98
110
|
data: {
|
|
99
|
-
email
|
|
111
|
+
email,
|
|
112
|
+
disableUserSignupProcess,
|
|
113
|
+
disableUserFavoredLanguage,
|
|
114
|
+
languages
|
|
100
115
|
}
|
|
101
116
|
})
|
|
102
117
|
})
|
|
@@ -116,7 +131,10 @@ authPublicProcessRouter.get('/verify/:token', async (context, next) => {
|
|
|
116
131
|
pageElement: 'auth-result',
|
|
117
132
|
elementScript: '/auth/result.js',
|
|
118
133
|
data: {
|
|
119
|
-
message
|
|
134
|
+
message,
|
|
135
|
+
disableUserSignupProcess,
|
|
136
|
+
disableUserFavoredLanguage,
|
|
137
|
+
languages
|
|
120
138
|
}
|
|
121
139
|
})
|
|
122
140
|
}
|
|
@@ -201,7 +219,10 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
|
|
|
201
219
|
data: {
|
|
202
220
|
token,
|
|
203
221
|
message,
|
|
204
|
-
passwordRule
|
|
222
|
+
passwordRule,
|
|
223
|
+
disableUserSignupProcess,
|
|
224
|
+
disableUserFavoredLanguage,
|
|
225
|
+
languages
|
|
205
226
|
}
|
|
206
227
|
})
|
|
207
228
|
}
|
|
@@ -221,7 +242,10 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
|
|
|
221
242
|
pageElement: 'auth-result',
|
|
222
243
|
elementScript: '/auth/result.js',
|
|
223
244
|
data: {
|
|
224
|
-
message
|
|
245
|
+
message,
|
|
246
|
+
disableUserSignupProcess,
|
|
247
|
+
disableUserFavoredLanguage,
|
|
248
|
+
languages
|
|
225
249
|
}
|
|
226
250
|
})
|
|
227
251
|
}
|
|
@@ -234,7 +258,10 @@ authPublicProcessRouter.post('/reset-password', async (context, next) => {
|
|
|
234
258
|
pageElement: 'auth-result',
|
|
235
259
|
elementScript: '/auth/result.js',
|
|
236
260
|
data: {
|
|
237
|
-
message: e.message
|
|
261
|
+
message: e.message,
|
|
262
|
+
disableUserSignupProcess,
|
|
263
|
+
disableUserFavoredLanguage,
|
|
264
|
+
languages
|
|
238
265
|
}
|
|
239
266
|
})
|
|
240
267
|
}
|
|
@@ -265,7 +292,10 @@ authPublicProcessRouter.post('/unlock-user', async (context, next) => {
|
|
|
265
292
|
pageElement: 'auth-result',
|
|
266
293
|
elementScript: '/auth/result.js',
|
|
267
294
|
data: {
|
|
268
|
-
message: t('text.account is reactivated')
|
|
295
|
+
message: t('text.account is reactivated'),
|
|
296
|
+
disableUserSignupProcess,
|
|
297
|
+
disableUserFavoredLanguage,
|
|
298
|
+
languages
|
|
269
299
|
}
|
|
270
300
|
})
|
|
271
301
|
}
|
|
@@ -5,7 +5,9 @@ import { signinMiddleware } from '../middlewares'
|
|
|
5
5
|
import { accepts } from '../utils/accepts'
|
|
6
6
|
import { setAccessTokenCookie } from '../utils/access-token-cookie'
|
|
7
7
|
|
|
8
|
-
const
|
|
8
|
+
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
9
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
10
|
+
const languages = config.get('i18n/languages', false)
|
|
9
11
|
|
|
10
12
|
const SSOConfig = config.get('sso', {} as any)
|
|
11
13
|
const SSOLinks = Object.values(SSOConfig)
|
|
@@ -25,8 +27,10 @@ authSigninRouter.get('/auth/signin', async (context, next) => {
|
|
|
25
27
|
data: {
|
|
26
28
|
email,
|
|
27
29
|
redirectTo: redirect_to,
|
|
28
|
-
|
|
29
|
-
|
|
30
|
+
ssoLinks: SSOLinks,
|
|
31
|
+
disableUserSignupProcess,
|
|
32
|
+
disableUserFavoredLanguage,
|
|
33
|
+
languages
|
|
30
34
|
}
|
|
31
35
|
})
|
|
32
36
|
})
|
|
@@ -6,7 +6,9 @@ import { signup } from '../controllers/signup'
|
|
|
6
6
|
import { accepts } from '../utils/accepts'
|
|
7
7
|
import { setAccessTokenCookie } from '../utils/access-token-cookie'
|
|
8
8
|
|
|
9
|
-
const
|
|
9
|
+
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
10
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
11
|
+
const languages = config.get('i18n/languages', false)
|
|
10
12
|
|
|
11
13
|
const passwordRule = config.get('password') || {
|
|
12
14
|
lowerCase: true,
|
|
@@ -22,7 +24,7 @@ const passwordRule = config.get('password') || {
|
|
|
22
24
|
|
|
23
25
|
export const authSignupRouter = new Router()
|
|
24
26
|
|
|
25
|
-
if (
|
|
27
|
+
if (!disableUserSignupProcess) {
|
|
26
28
|
authSignupRouter.get('/auth/signup', async (context, next) => {
|
|
27
29
|
const { email } = context.query
|
|
28
30
|
|
|
@@ -31,7 +33,10 @@ if (userSignupProcess) {
|
|
|
31
33
|
elementScript: '/auth/signup.js',
|
|
32
34
|
data: {
|
|
33
35
|
email,
|
|
34
|
-
passwordRule
|
|
36
|
+
passwordRule,
|
|
37
|
+
disableUserSignupProcess,
|
|
38
|
+
disableUserFavoredLanguage,
|
|
39
|
+
languages
|
|
35
40
|
}
|
|
36
41
|
})
|
|
37
42
|
})
|
|
@@ -64,7 +69,10 @@ if (userSignupProcess) {
|
|
|
64
69
|
pageElement: 'auth-result',
|
|
65
70
|
elementScript: '/auth/result.js',
|
|
66
71
|
data: {
|
|
67
|
-
message
|
|
72
|
+
message,
|
|
73
|
+
disableUserSignupProcess,
|
|
74
|
+
disableUserFavoredLanguage,
|
|
75
|
+
languages
|
|
68
76
|
}
|
|
69
77
|
})
|
|
70
78
|
}
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
import Router from 'koa-router'
|
|
2
2
|
|
|
3
3
|
import { getRepository } from '@things-factory/shell'
|
|
4
|
+
import { config } from '@things-factory/env'
|
|
4
5
|
|
|
5
6
|
import { Application } from '../../service/application/application'
|
|
6
7
|
import { NonClient, server as oauth2orizeServer } from './oauth2-server'
|
|
7
8
|
|
|
8
9
|
export const oauth2AuthorizeRouter = new Router()
|
|
9
10
|
|
|
11
|
+
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
12
|
+
const languages = config.get('i18n/languages', false)
|
|
13
|
+
|
|
10
14
|
// user authorization endpoint
|
|
11
15
|
//
|
|
12
16
|
// `authorization` middleware accepts a `validate` callback which is
|
|
@@ -60,7 +64,9 @@ oauth2AuthorizeRouter.get(
|
|
|
60
64
|
name: oauth2.user.name,
|
|
61
65
|
email: oauth2.user.email
|
|
62
66
|
}
|
|
63
|
-
}
|
|
67
|
+
},
|
|
68
|
+
disableUserFavoredLanguage,
|
|
69
|
+
languages
|
|
64
70
|
}
|
|
65
71
|
})
|
|
66
72
|
// await context.render(decisionPage, {
|
|
@@ -24,7 +24,7 @@ export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
|
|
|
24
24
|
const { resolve = defaultFieldResolver, args } = fieldConfig
|
|
25
25
|
|
|
26
26
|
if (!args) {
|
|
27
|
-
throw new Error(`Unexpected Error. args should be defined in @
|
|
27
|
+
throw new Error(`Unexpected Error. args should be defined in @privilege directive for field ${fieldName}.`)
|
|
28
28
|
}
|
|
29
29
|
|
|
30
30
|
const { domainOwnerGranted, superUserGranted, category, privilege } = privilegeDirective
|
|
@@ -38,7 +38,7 @@ export class RoleQuery {
|
|
|
38
38
|
}
|
|
39
39
|
|
|
40
40
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
41
|
-
@Query(returns => [RolePrivilege], { description: 'To fetch
|
|
41
|
+
@Query(returns => [RolePrivilege], { description: 'To fetch privileges of a role' })
|
|
42
42
|
async rolePrivileges(@Arg('roleId') roleId: string, @Ctx() context: ResolverContext): Promise<RolePrivilege[]> {
|
|
43
43
|
const rolePrivileges = await getRepository(Privilege).query(
|
|
44
44
|
`
|