@things-factory/auth-base 7.0.0-alpha.6 → 7.0.0-alpha.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/router/auth-private-process-router.js +2 -2
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +0 -1
- package/dist-server/service/privilege/privilege-query.js +0 -13
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/user/user.d.ts +4 -1
- package/dist-server/service/user/user.js +31 -35
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +5 -5
- package/server/router/auth-private-process-router.ts +2 -2
- package/server/service/privilege/privilege-query.ts +2 -19
- package/server/service/user/user.ts +37 -56
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "7.0.0-alpha.
|
|
3
|
+
"version": "7.0.0-alpha.7",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -30,10 +30,10 @@
|
|
|
30
30
|
"migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@things-factory/email-base": "^7.0.0-alpha.
|
|
33
|
+
"@things-factory/email-base": "^7.0.0-alpha.7",
|
|
34
34
|
"@things-factory/env": "^7.0.0-alpha.0",
|
|
35
|
-
"@things-factory/i18n-base": "^7.0.0-alpha.
|
|
36
|
-
"@things-factory/shell": "^7.0.0-alpha.
|
|
35
|
+
"@things-factory/i18n-base": "^7.0.0-alpha.7",
|
|
36
|
+
"@things-factory/shell": "^7.0.0-alpha.7",
|
|
37
37
|
"@things-factory/utils": "^7.0.0-alpha.0",
|
|
38
38
|
"jsonwebtoken": "^9.0.0",
|
|
39
39
|
"koa-passport": "^6.0.0",
|
|
@@ -43,5 +43,5 @@
|
|
|
43
43
|
"passport-local": "^1.0.0",
|
|
44
44
|
"popsicle-cookie-jar": "^1.0.0"
|
|
45
45
|
},
|
|
46
|
-
"gitHead": "
|
|
46
|
+
"gitHead": "85c46b9027d6188ddbd5104215a2256ff5331c19"
|
|
47
47
|
}
|
|
@@ -75,8 +75,8 @@ authPrivateProcessRouter
|
|
|
75
75
|
var privileges = await User.getPrivilegesByDomain(user, domain)
|
|
76
76
|
|
|
77
77
|
if (prohibitedPrivileges) {
|
|
78
|
-
prohibitedPrivileges.forEach(({ category,
|
|
79
|
-
privileges = privileges.filter(p => p.category != category || p.
|
|
78
|
+
prohibitedPrivileges.forEach(({ category, privilege }) => {
|
|
79
|
+
privileges = privileges.filter(p => p.category != category || p.privilege != privilege)
|
|
80
80
|
})
|
|
81
81
|
}
|
|
82
82
|
|
|
@@ -28,31 +28,14 @@ export class PrivilegeQuery {
|
|
|
28
28
|
return { items, total }
|
|
29
29
|
}
|
|
30
30
|
|
|
31
|
-
@Query(returns => [Privilege], {
|
|
32
|
-
description: 'To fetch current users privileges for current domain'
|
|
33
|
-
})
|
|
34
|
-
async myPrivileges(@Ctx() context: ResolverContext): Promise<Privilege[]> {
|
|
35
|
-
const { user, domain } = context.state
|
|
36
|
-
|
|
37
|
-
return User.getPrivilegesByDomain(user, domain)
|
|
38
|
-
}
|
|
39
|
-
|
|
40
31
|
@Query(returns => Boolean, { description: 'To query whether I have the given permission' })
|
|
41
|
-
async hasPrivilege(
|
|
42
|
-
@Arg('privilege') privilege: string,
|
|
43
|
-
@Arg('category') category: string,
|
|
44
|
-
@Ctx() context: ResolverContext
|
|
45
|
-
): Promise<Boolean> {
|
|
32
|
+
async hasPrivilege(@Arg('privilege') privilege: string, @Arg('category') category: string, @Ctx() context: ResolverContext): Promise<Boolean> {
|
|
46
33
|
const { domain, user } = context.state
|
|
47
34
|
return await User.hasPrivilege(privilege, category, domain, user)
|
|
48
35
|
}
|
|
49
36
|
|
|
50
37
|
@Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })
|
|
51
|
-
async domainsWithPrivilege(
|
|
52
|
-
@Arg('privilege') privilege: string,
|
|
53
|
-
@Arg('category') category: string,
|
|
54
|
-
@Ctx() context: ResolverContext
|
|
55
|
-
): Promise<Partial<Domain>[]> {
|
|
38
|
+
async domainsWithPrivilege(@Arg('privilege') privilege: string, @Arg('category') category: string, @Ctx() context: ResolverContext): Promise<Partial<Domain>[]> {
|
|
56
39
|
const { user } = context.state
|
|
57
40
|
return await User.getDomainsWithPrivilege(privilege, category, user)
|
|
58
41
|
}
|
|
@@ -2,19 +2,7 @@ import crypto from 'crypto'
|
|
|
2
2
|
import jwt from 'jsonwebtoken'
|
|
3
3
|
import { Directive, Field, ID, ObjectType } from 'type-graphql'
|
|
4
4
|
import { GraphQLEmailAddress } from 'graphql-scalars'
|
|
5
|
-
import {
|
|
6
|
-
Column,
|
|
7
|
-
CreateDateColumn,
|
|
8
|
-
Entity,
|
|
9
|
-
Index,
|
|
10
|
-
JoinTable,
|
|
11
|
-
ManyToMany,
|
|
12
|
-
ManyToOne,
|
|
13
|
-
OneToMany,
|
|
14
|
-
PrimaryGeneratedColumn,
|
|
15
|
-
RelationId,
|
|
16
|
-
UpdateDateColumn
|
|
17
|
-
} from 'typeorm'
|
|
5
|
+
import { Column, CreateDateColumn, Entity, Index, JoinTable, ManyToMany, ManyToOne, OneToMany, PrimaryGeneratedColumn, RelationId, UpdateDateColumn } from 'typeorm'
|
|
18
6
|
|
|
19
7
|
import { config } from '@things-factory/env'
|
|
20
8
|
import { Domain, getRepository } from '@things-factory/shell'
|
|
@@ -23,6 +11,7 @@ import { validatePasswordByRule } from '../../controllers/utils/password-rule'
|
|
|
23
11
|
import { AuthError } from '../../errors/auth-error'
|
|
24
12
|
import { SECRET } from '../../utils/get-secret'
|
|
25
13
|
import { Role } from '../role/role'
|
|
14
|
+
import { Privilege } from '../privilege/privilege'
|
|
26
15
|
import { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'
|
|
27
16
|
import { getDomainsWithPrivilege } from '../../utils/get-user-domains'
|
|
28
17
|
|
|
@@ -71,12 +60,7 @@ export class User {
|
|
|
71
60
|
@Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
|
|
72
61
|
@Column({
|
|
73
62
|
nullable: true,
|
|
74
|
-
type:
|
|
75
|
-
DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
|
|
76
|
-
? 'longtext'
|
|
77
|
-
: DATABASE_TYPE == 'oracle'
|
|
78
|
-
? 'clob'
|
|
79
|
-
: 'varchar'
|
|
63
|
+
type: DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? 'longtext' : DATABASE_TYPE == 'oracle' ? 'clob' : 'varchar'
|
|
80
64
|
})
|
|
81
65
|
password: string
|
|
82
66
|
|
|
@@ -113,12 +97,7 @@ export class User {
|
|
|
113
97
|
ssoId: string
|
|
114
98
|
|
|
115
99
|
@Column({
|
|
116
|
-
type:
|
|
117
|
-
DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
|
|
118
|
-
? 'enum'
|
|
119
|
-
: DATABASE_TYPE == 'oracle'
|
|
120
|
-
? 'varchar2'
|
|
121
|
-
: 'smallint',
|
|
100
|
+
type: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? 'enum' : DATABASE_TYPE == 'oracle' ? 'varchar2' : 'smallint',
|
|
122
101
|
enum: UserStatus,
|
|
123
102
|
default: UserStatus.INACTIVE
|
|
124
103
|
})
|
|
@@ -313,39 +292,41 @@ export class User {
|
|
|
313
292
|
}
|
|
314
293
|
}
|
|
315
294
|
|
|
316
|
-
static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User) {
|
|
317
|
-
const result = await getRepository(
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
AND "R"."domain_id" = '${domain?.id}'
|
|
329
|
-
)
|
|
330
|
-
`
|
|
331
|
-
)
|
|
332
|
-
|
|
333
|
-
return result[0].has_privilege > 0
|
|
295
|
+
static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User): Promise<boolean> {
|
|
296
|
+
const result = await getRepository(Privilege)
|
|
297
|
+
.createQueryBuilder('privilege')
|
|
298
|
+
.innerJoin('privilege.roles', 'role')
|
|
299
|
+
.innerJoin('role.users', 'user')
|
|
300
|
+
.where('privilege.category = :category', { category })
|
|
301
|
+
.andWhere('privilege.name = :privilege', { privilege })
|
|
302
|
+
.andWhere('user.id = :userId', { userId: user.id })
|
|
303
|
+
.andWhere('role.domain.id = :domainId', { domainId: domain.id })
|
|
304
|
+
.getCount()
|
|
305
|
+
|
|
306
|
+
return result > 0
|
|
334
307
|
}
|
|
335
308
|
|
|
336
|
-
static async getPrivilegesByDomain(user: User, domain: Domain) {
|
|
337
|
-
const result = await getRepository(User)
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
)
|
|
347
|
-
|
|
348
|
-
|
|
309
|
+
static async getPrivilegesByDomain(user: User, domain: Domain): Promise<{ category: string; privilege: string }[]> {
|
|
310
|
+
const result = await getRepository(User)
|
|
311
|
+
.createQueryBuilder('user')
|
|
312
|
+
.leftJoinAndSelect('user.roles', 'role')
|
|
313
|
+
.leftJoinAndSelect('role.privileges', 'privilege')
|
|
314
|
+
.select(['privilege.name AS privilege', 'privilege.category AS category'])
|
|
315
|
+
.where('user.id = :userId', { userId: user.id })
|
|
316
|
+
.andWhere('role.domain.id = :domainId', { domainId: domain.id })
|
|
317
|
+
.orderBy('privilege.category')
|
|
318
|
+
.addOrderBy('privilege.name')
|
|
319
|
+
.getRawMany()
|
|
320
|
+
|
|
321
|
+
const distinct = result.reduce((acc, current) => {
|
|
322
|
+
const last = acc[acc.length - 1]
|
|
323
|
+
if (!last || last.privilege !== current.privilege || last.category !== current.category) {
|
|
324
|
+
acc.push(current)
|
|
325
|
+
}
|
|
326
|
+
return acc
|
|
327
|
+
}, [])
|
|
328
|
+
|
|
329
|
+
return distinct
|
|
349
330
|
}
|
|
350
331
|
|
|
351
332
|
static async getDomainsWithPrivilege(privilege: string, category: string, user: User) {
|