@things-factory/auth-base 7.0.0-alpha.1 → 7.0.0-alpha.21

package/dist-server/types.d.ts

@@ -5,13 +5,13 @@ import { User } from './service/user/user';
 declare global {
     export type ResolverContext = {
         state: IContextState;
-        t: TFunction;
+        t?: TFunction;
         [key: string]: any;
     };
     interface IContextState {
         domain: Domain;
         user: User;
-        tx: EntityManager;
+        tx?: EntityManager;
         [key: string]: any;
     }
 }

package/dist-server/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../server/types.ts"],"names":[],"mappings":"","sourcesContent":["import { TFunction } from 'i18next'\nimport { EntityManager } from 'typeorm'\n\nimport { Domain } from '@things-factory/shell'\n\nimport { User } from './service/user/user'\n\ndeclare global {\n  export type ResolverContext = {\n    state: IContextState\n    t: TFunction\n    [key: string]: any\n  }\n\n  interface IContextState {\n    domain: Domain\n    user: User\n    tx: EntityManager\n    [key: string]: any\n  }\n}\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../server/types.ts"],"names":[],"mappings":"","sourcesContent":["import { TFunction } from 'i18next'\nimport { EntityManager } from 'typeorm'\n\nimport { Domain } from '@things-factory/shell'\n\nimport { User } from './service/user/user'\n\ndeclare global {\n  export type ResolverContext = {\n    state: IContextState\n    t?: TFunction\n    [key: string]: any\n  }\n\n  interface IContextState {\n    domain: Domain\n    user: User\n    tx?: EntityManager\n    [key: string]: any\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "7.0.0-alpha.1",
+  "version": "7.0.0-alpha.21",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -30,10 +30,10 @@
     "migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
   },
   "dependencies": {
-    "@things-factory/email-base": "^7.0.0-alpha.1",
+    "@things-factory/email-base": "^7.0.0-alpha.21",
     "@things-factory/env": "^7.0.0-alpha.0",
-    "@things-factory/i18n-base": "^7.0.0-alpha.1",
-    "@things-factory/shell": "^7.0.0-alpha.1",
+    "@things-factory/i18n-base": "^7.0.0-alpha.21",
+    "@things-factory/shell": "^7.0.0-alpha.21",
     "@things-factory/utils": "^7.0.0-alpha.0",
     "jsonwebtoken": "^9.0.0",
     "koa-passport": "^6.0.0",
@@ -43,5 +43,5 @@
     "passport-local": "^1.0.0",
     "popsicle-cookie-jar": "^1.0.0"
   },
-  "gitHead": "778315d165d7f15e147583a45d5079c3d7cbce38"
+  "gitHead": "6dff39aa0d60f0fcf760cca9b8453626f222fa57"
 }

package/server/router/auth-private-process-router.ts

@@ -75,8 +75,8 @@ authPrivateProcessRouter
     var privileges = await User.getPrivilegesByDomain(user, domain)
 
     if (prohibitedPrivileges) {
-      prohibitedPrivileges.forEach(({ category, name }) => {
-        privileges = privileges.filter(p => p.category != category || p.name != name)
+      prohibitedPrivileges.forEach(({ category, privilege }) => {
+        privileges = privileges.filter(p => p.category != category || p.privilege != privilege)
       })
     }
 

package/server/service/appliance/appliance-query.ts

@@ -33,6 +33,24 @@ export class ApplianceQuery {
     return { items, total }
   }
 
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => ApplianceList, { description: 'To fetch multiple appliance' })
+  async edges(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<ApplianceList> {
+    const { domain } = context.state
+
+    const queryBuilder = getQueryBuilderFromListParams({
+      domain,
+      params,
+      repository: getRepository(Appliance),
+      alias: 'appliance',
+      searchables: ['name', 'description']
+    })
+
+    const [items, total] = await queryBuilder.getManyAndCount()
+
+    return { items, total }
+  }
+
   @FieldResolver(type => String)
   async accessToken(@Root() appliance: Appliance, @Ctx() context: ResolverContext) {
     return appliance.accessToken

package/server/service/privilege/privilege-query.ts

@@ -28,31 +28,14 @@ export class PrivilegeQuery {
     return { items, total }
   }
 
-  @Query(returns => [Privilege], {
-    description: 'To fetch current users privileges for current domain'
-  })
-  async myPrivileges(@Ctx() context: ResolverContext): Promise<Privilege[]> {
-    const { user, domain } = context.state
-
-    return User.getPrivilegesByDomain(user, domain)
-  }
-
   @Query(returns => Boolean, { description: 'To query whether I have the given permission' })
-  async hasPrivilege(
-    @Arg('privilege') privilege: string,
-    @Arg('category') category: string,
-    @Ctx() context: ResolverContext
-  ): Promise<Boolean> {
+  async hasPrivilege(@Arg('privilege') privilege: string, @Arg('category') category: string, @Ctx() context: ResolverContext): Promise<Boolean> {
     const { domain, user } = context.state
     return await User.hasPrivilege(privilege, category, domain, user)
   }
 
   @Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })
-  async domainsWithPrivilege(
-    @Arg('privilege') privilege: string,
-    @Arg('category') category: string,
-    @Ctx() context: ResolverContext
-  ): Promise<Partial<Domain>[]> {
+  async domainsWithPrivilege(@Arg('privilege') privilege: string, @Arg('category') category: string, @Ctx() context: ResolverContext): Promise<Partial<Domain>[]> {
     const { user } = context.state
     return await User.getDomainsWithPrivilege(privilege, category, user)
   }

package/server/service/user/user-query.ts

@@ -83,38 +83,6 @@ export class UserQuery {
     return Boolean(defaultPassword)
   }
 
-  // @Query(returns => [User], { description: '...' })
-  // async domainUsers(@Ctx() context: ResolverContext): Promise<User[]> {
-  //   const { domain } = context.state
-
-  //   const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id, 'USER')
-  //   const domainUsers: User[] = await qb
-  //     .orWhere(qb => {
-  //       const subQuery = qb
-  //         .subQuery()
-  //         .select('CAST(APPLICATION.id as TEXT)')
-  //         .from(Application, 'APPLICATION')
-  //         .where('APPLICATION.domain_id = :domainId', { domainId: domain.id })
-  //         .getQuery()
-  //       return 'USER.reference IN ' + subQuery
-  //     })
-  //     .orWhere(qb => {
-  //       const subQuery = qb
-  //         .subQuery()
-  //         .select('CAST(APPLIANCE.id as TEXT)')
-  //         .from(Appliance, 'APPLIANCE')
-  //         .where('APPLIANCE.domain_id = :domainId', { domainId: domain.id })
-  //         .getQuery()
-  //       return 'USER.reference IN ' + subQuery
-  //     })
-  //     .getMany()
-
-  //   return domainUsers.map((user: User & { owner: boolean }) => {
-  //     user.owner = user.id === domain.owner
-  //     return user
-  //   })
-  // }
-
   @Directive('@privilege(category: "user", privilege: "query")')
   @Query(returns => Boolean, { description: '...' })
   async checkUserExistence(@Arg('email', type => GraphQLEmailAddress) email: string): Promise<Boolean> {

package/server/service/user/user.ts

@@ -2,19 +2,7 @@ import crypto from 'crypto'
 import jwt from 'jsonwebtoken'
 import { Directive, Field, ID, ObjectType } from 'type-graphql'
 import { GraphQLEmailAddress } from 'graphql-scalars'
-import {
-  Column,
-  CreateDateColumn,
-  Entity,
-  Index,
-  JoinTable,
-  ManyToMany,
-  ManyToOne,
-  OneToMany,
-  PrimaryGeneratedColumn,
-  RelationId,
-  UpdateDateColumn
-} from 'typeorm'
+import { Column, CreateDateColumn, Entity, Index, JoinTable, ManyToMany, ManyToOne, OneToMany, PrimaryGeneratedColumn, RelationId, UpdateDateColumn } from 'typeorm'
 
 import { config } from '@things-factory/env'
 import { Domain, getRepository } from '@things-factory/shell'
@@ -23,6 +11,7 @@ import { validatePasswordByRule } from '../../controllers/utils/password-rule'
 import { AuthError } from '../../errors/auth-error'
 import { SECRET } from '../../utils/get-secret'
 import { Role } from '../role/role'
+import { Privilege } from '../privilege/privilege'
 import { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'
 import { getDomainsWithPrivilege } from '../../utils/get-user-domains'
 
@@ -71,12 +60,7 @@ export class User {
   @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
   @Column({
     nullable: true,
-    type:
-      DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
-        ? 'longtext'
-        : DATABASE_TYPE == 'oracle'
-        ? 'clob'
-        : 'varchar'
+    type: DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? 'longtext' : DATABASE_TYPE == 'oracle' ? 'clob' : 'varchar'
   })
   password: string
 
@@ -113,12 +97,7 @@ export class User {
   ssoId: string
 
   @Column({
-    type:
-      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
-        ? 'enum'
-        : DATABASE_TYPE == 'oracle'
-        ? 'varchar2'
-        : 'smallint',
+    type: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? 'enum' : DATABASE_TYPE == 'oracle' ? 'varchar2' : 'smallint',
     enum: UserStatus,
     default: UserStatus.INACTIVE
   })
@@ -313,39 +292,41 @@ export class User {
     }
   }
 
-  static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User) {
-    const result = await getRepository(User).query(
-      `
-      SELECT COUNT(1) AS "has_privilege" FROM "privileges" "PRIVILEGES"
-      WHERE "PRIVILEGES"."category" = '${category}'
-      AND "PRIVILEGES"."name" = '${privilege}'
-      AND "PRIVILEGES"."id" IN (
-        SELECT "RP"."privileges_id"
-        FROM "users_roles" "UR"
-        INNER JOIN "roles_privileges" "RP" ON "UR"."roles_id" = "RP"."roles_id"
-        LEFT JOIN "roles" "R" ON "R"."id" = "UR"."roles_id"
-        WHERE "UR"."users_id" = '${user?.id}'
-        AND "R"."domain_id" = '${domain?.id}'
-      )
-      `
-    )
-
-    return result[0].has_privilege > 0
+  static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User): Promise<boolean> {
+    const result = await getRepository(Privilege)
+      .createQueryBuilder('privilege')
+      .innerJoin('privilege.roles', 'role')
+      .innerJoin('role.users', 'user')
+      .where('privilege.category = :category', { category })
+      .andWhere('privilege.name = :privilege', { privilege })
+      .andWhere('user.id = :userId', { userId: user.id })
+      .andWhere('role.domain.id = :domainId', { domainId: domain.id })
+      .getCount()
+
+    return result > 0
   }
 
-  static async getPrivilegesByDomain(user: User, domain: Domain) {
-    const result = await getRepository(User).query(`
-      SELECT name privilege, category FROM "privileges" "PRIVILEGES"
-      WHERE "PRIVILEGES"."id" IN (
-        SELECT "RP"."privileges_id"
-        FROM "users_roles" "UR"
-        INNER JOIN "roles_privileges" "RP" ON "UR"."roles_id" = "RP"."roles_id"
-        LEFT JOIN "roles" "R" ON "R"."id" = "UR"."roles_id"
-        WHERE "UR"."users_id" = '${user.id}'
-        AND "R"."domain_id" = '${domain.id}'
-      )`)
-
-    return result
+  static async getPrivilegesByDomain(user: User, domain: Domain): Promise<{ category: string; privilege: string }[]> {
+    const result = await getRepository(User)
+      .createQueryBuilder('user')
+      .leftJoinAndSelect('user.roles', 'role')
+      .leftJoinAndSelect('role.privileges', 'privilege')
+      .select(['privilege.name AS privilege', 'privilege.category AS category'])
+      .where('user.id = :userId', { userId: user.id })
+      .andWhere('role.domain.id = :domainId', { domainId: domain.id })
+      .orderBy('privilege.category')
+      .addOrderBy('privilege.name')
+      .getRawMany()
+
+    const distinct = result.reduce((acc, current) => {
+      const last = acc[acc.length - 1]
+      if (!last || last.privilege !== current.privilege || last.category !== current.category) {
+        acc.push(current)
+      }
+      return acc
+    }, [])
+
+    return distinct
   }
 
   static async getDomainsWithPrivilege(privilege: string, category: string, user: User) {

package/server/types.ts

@@ -8,14 +8,14 @@ import { User } from './service/user/user'
 declare global {
   export type ResolverContext = {
     state: IContextState
-    t: TFunction
+    t?: TFunction
     [key: string]: any
   }
 
   interface IContextState {
     domain: Domain
     user: User
-    tx: EntityManager
+    tx?: EntityManager
     [key: string]: any
   }
 }