@things-factory/auth-base 7.0.1-beta.1 → 7.0.1-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (160) hide show
  1. package/dist-client/auth.js.map +1 -1
  2. package/dist-client/directive/privileged.d.ts +1 -1
  3. package/dist-client/directive/privileged.js.map +1 -1
  4. package/dist-client/profiled.js.map +1 -1
  5. package/dist-client/reducers/auth.js.map +1 -1
  6. package/dist-client/tsconfig.tsbuildinfo +1 -1
  7. package/dist-server/constants/error-code.d.ts +1 -0
  8. package/dist-server/constants/error-code.js +2 -1
  9. package/dist-server/constants/error-code.js.map +1 -1
  10. package/dist-server/controllers/change-pwd.js.map +1 -1
  11. package/dist-server/controllers/checkin.js.map +1 -1
  12. package/dist-server/controllers/delete-user.js.map +1 -1
  13. package/dist-server/controllers/invitation.js.map +1 -1
  14. package/dist-server/controllers/profile.js.map +1 -1
  15. package/dist-server/controllers/reset-password.js.map +1 -1
  16. package/dist-server/controllers/signin.js.map +1 -1
  17. package/dist-server/controllers/signup.js.map +1 -1
  18. package/dist-server/controllers/unlock-user.js.map +1 -1
  19. package/dist-server/controllers/utils/password-rule.js +6 -6
  20. package/dist-server/controllers/utils/password-rule.js.map +1 -1
  21. package/dist-server/controllers/verification.js.map +1 -1
  22. package/dist-server/index.js.map +1 -1
  23. package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
  24. package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
  25. package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
  26. package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
  27. package/dist-server/middlewares/signin-middleware.js.map +1 -1
  28. package/dist-server/middlewares/webauthn-middleware.js +7 -1
  29. package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
  30. package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
  31. package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
  32. package/dist-server/router/auth-checkin-router.js.map +1 -1
  33. package/dist-server/router/auth-private-process-router.js.map +1 -1
  34. package/dist-server/router/auth-public-process-router.js.map +1 -1
  35. package/dist-server/router/auth-signin-router.js.map +1 -1
  36. package/dist-server/router/auth-signup-router.js.map +1 -1
  37. package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
  38. package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
  39. package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
  40. package/dist-server/router/oauth2/passport-oauth2-client-password.js.map +1 -1
  41. package/dist-server/router/oauth2/passport-refresh-token.js.map +1 -1
  42. package/dist-server/router/site-root-router.js.map +1 -1
  43. package/dist-server/routes.js.map +1 -1
  44. package/dist-server/service/app-binding/app-binding-mutation.js +2 -2
  45. package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
  46. package/dist-server/service/app-binding/app-binding-query.js +2 -2
  47. package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
  48. package/dist-server/service/app-binding/app-binding-types.js +2 -2
  49. package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
  50. package/dist-server/service/app-binding/app-binding.js +2 -2
  51. package/dist-server/service/app-binding/app-binding.js.map +1 -1
  52. package/dist-server/service/appliance/appliance-mutation.js +2 -2
  53. package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
  54. package/dist-server/service/appliance/appliance-query.js +2 -2
  55. package/dist-server/service/appliance/appliance-query.js.map +1 -1
  56. package/dist-server/service/appliance/appliance-types.js +6 -6
  57. package/dist-server/service/appliance/appliance-types.js.map +1 -1
  58. package/dist-server/service/appliance/appliance.js +2 -2
  59. package/dist-server/service/appliance/appliance.js.map +1 -1
  60. package/dist-server/service/application/application-mutation.js +2 -2
  61. package/dist-server/service/application/application-mutation.js.map +1 -1
  62. package/dist-server/service/application/application-query.js +2 -2
  63. package/dist-server/service/application/application-query.js.map +1 -1
  64. package/dist-server/service/application/application-types.js +8 -8
  65. package/dist-server/service/application/application-types.js.map +1 -1
  66. package/dist-server/service/application/application.js +4 -4
  67. package/dist-server/service/application/application.js.map +1 -1
  68. package/dist-server/service/auth-provider/auth-provider-mutation.js +2 -2
  69. package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
  70. package/dist-server/service/auth-provider/auth-provider-parameter-spec.js +2 -2
  71. package/dist-server/service/auth-provider/auth-provider-parameter-spec.js.map +1 -1
  72. package/dist-server/service/auth-provider/auth-provider-query.js +2 -2
  73. package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
  74. package/dist-server/service/auth-provider/auth-provider-type.js +6 -6
  75. package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
  76. package/dist-server/service/auth-provider/auth-provider.js +6 -6
  77. package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
  78. package/dist-server/service/domain-generator/domain-generator-mutation.js +2 -2
  79. package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
  80. package/dist-server/service/domain-generator/domain-generator-types.js +6 -6
  81. package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
  82. package/dist-server/service/granted-role/granted-role-mutation.js +2 -2
  83. package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
  84. package/dist-server/service/granted-role/granted-role-query.js +2 -2
  85. package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
  86. package/dist-server/service/granted-role/granted-role.js +2 -2
  87. package/dist-server/service/granted-role/granted-role.js.map +1 -1
  88. package/dist-server/service/invitation/invitation-mutation.js +2 -2
  89. package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
  90. package/dist-server/service/invitation/invitation-query.js +2 -2
  91. package/dist-server/service/invitation/invitation-query.js.map +1 -1
  92. package/dist-server/service/invitation/invitation-types.js +2 -2
  93. package/dist-server/service/invitation/invitation-types.js.map +1 -1
  94. package/dist-server/service/invitation/invitation.js +2 -2
  95. package/dist-server/service/invitation/invitation.js.map +1 -1
  96. package/dist-server/service/login-history/login-history-query.js +2 -2
  97. package/dist-server/service/login-history/login-history-query.js.map +1 -1
  98. package/dist-server/service/login-history/login-history-type.js +2 -2
  99. package/dist-server/service/login-history/login-history-type.js.map +1 -1
  100. package/dist-server/service/login-history/login-history.js +2 -2
  101. package/dist-server/service/login-history/login-history.js.map +1 -1
  102. package/dist-server/service/partner/partner-mutation.js +2 -2
  103. package/dist-server/service/partner/partner-mutation.js.map +1 -1
  104. package/dist-server/service/partner/partner-query.js +2 -2
  105. package/dist-server/service/partner/partner-query.js.map +1 -1
  106. package/dist-server/service/partner/partner-types.js +2 -2
  107. package/dist-server/service/partner/partner-types.js.map +1 -1
  108. package/dist-server/service/partner/partner.js +2 -2
  109. package/dist-server/service/partner/partner.js.map +1 -1
  110. package/dist-server/service/password-history/password-history.js +2 -2
  111. package/dist-server/service/password-history/password-history.js.map +1 -1
  112. package/dist-server/service/privilege/privilege-directive.js.map +1 -1
  113. package/dist-server/service/privilege/privilege-mutation.js +2 -2
  114. package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
  115. package/dist-server/service/privilege/privilege-query.js +2 -2
  116. package/dist-server/service/privilege/privilege-query.js.map +1 -1
  117. package/dist-server/service/privilege/privilege-types.js +8 -8
  118. package/dist-server/service/privilege/privilege-types.js.map +1 -1
  119. package/dist-server/service/privilege/privilege.js +6 -6
  120. package/dist-server/service/privilege/privilege.js.map +1 -1
  121. package/dist-server/service/role/role-mutation.js +2 -2
  122. package/dist-server/service/role/role-mutation.js.map +1 -1
  123. package/dist-server/service/role/role-query.js +2 -2
  124. package/dist-server/service/role/role-query.js.map +1 -1
  125. package/dist-server/service/role/role-types.js +10 -10
  126. package/dist-server/service/role/role-types.js.map +1 -1
  127. package/dist-server/service/role/role.js +2 -2
  128. package/dist-server/service/role/role.js.map +1 -1
  129. package/dist-server/service/user/domain-query.js +2 -2
  130. package/dist-server/service/user/domain-query.js.map +1 -1
  131. package/dist-server/service/user/user-mutation.js +2 -2
  132. package/dist-server/service/user/user-mutation.js.map +1 -1
  133. package/dist-server/service/user/user-query.js +2 -2
  134. package/dist-server/service/user/user-query.js.map +1 -1
  135. package/dist-server/service/user/user-types.js +6 -6
  136. package/dist-server/service/user/user-types.js.map +1 -1
  137. package/dist-server/service/user/user.js +5 -5
  138. package/dist-server/service/user/user.js.map +1 -1
  139. package/dist-server/service/users-auth-providers/users-auth-providers.js +2 -2
  140. package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
  141. package/dist-server/service/verification-token/verification-token.js +3 -3
  142. package/dist-server/service/verification-token/verification-token.js.map +1 -1
  143. package/dist-server/service/web-auth-credential/web-auth-credential.js +2 -2
  144. package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
  145. package/dist-server/tsconfig.tsbuildinfo +1 -1
  146. package/dist-server/utils/accepts.js.map +1 -1
  147. package/dist-server/utils/access-token-cookie.js.map +1 -1
  148. package/dist-server/utils/check-permission.js.map +1 -1
  149. package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
  150. package/dist-server/utils/get-aes-256-key.js.map +1 -1
  151. package/dist-server/utils/get-domain-users.js.map +1 -1
  152. package/dist-server/utils/get-secret.js.map +1 -1
  153. package/package.json +6 -6
  154. package/server/constants/error-code.ts +1 -0
  155. package/server/middlewares/webauthn-middleware.ts +6 -1
  156. package/translations/en.json +1 -0
  157. package/translations/ja.json +1 -0
  158. package/translations/ko.json +1 -0
  159. package/translations/ms.json +1 -0
  160. package/translations/zh.json +1 -0
package/dist-server/controllers/utils/password-rule.js CHANGED
@@ -20,11 +20,11 @@ const passwordConfig = env_1.config.get('password') || {
20
20
  function generatePasswordPatternRegExp({ lowerCase = true, upperCase = true, digit = true, specialCharacter = true, allowRepeat = false, useTightPattern = true, useLoosePattern = false, tightCharacterLength = 8, looseCharacterLength = 15 } = {}) {
21
21
  var tightChecklist = useTightPattern
22
22
  ? [
23
- lowerCase ? '(?=.*[a-z])' : '',
24
- upperCase ? '(?=.*[A-Z])' : '',
25
- digit ? '(?=.*\\d)' : '',
26
- specialCharacter ? '(?=.*[!@#$%^&*()])' : '',
27
- !allowRepeat ? '(?!.*(.)\\1(?=\\1{1,}))' : '',
23
+ lowerCase ? '(?=.*[a-z])' : '', // has at least one lower case character
24
+ upperCase ? '(?=.*[A-Z])' : '', // has at least one upper case character
25
+ digit ? '(?=.*\\d)' : '', // has at least one digit
26
+ specialCharacter ? '(?=.*[!@#$%^&*()])' : '', // has at least one special character
27
+ !allowRepeat ? '(?!.*(.)\\1(?=\\1{1,}))' : '', // has not an repeated character more than twice
28
28
  `.{${tightCharacterLength},}` // has a length of 8 and more
29
29
  ]
30
30
  : [];
@@ -34,7 +34,7 @@ function generatePasswordPatternRegExp({ lowerCase = true, upperCase = true, dig
34
34
  ]
35
35
  : [];
36
36
  var checkList = [
37
- '^',
37
+ '^', // from start
38
38
  ...tightChecklist,
39
39
  tightChecklist.length && looseChecklist.length ? '|' : '',
40
40
  ...looseChecklist,
package/dist-server/controllers/utils/password-rule.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"password-rule.js","sourceRoot":"","sources":["../../../server/controllers/utils/password-rule.ts"],"names":[],"mappings":";;;;AAAA,8DAA6B;AAE7B,6CAA4C;AAE5C,2DAAyE;AACzE,wDAAmD;AAEnD,MAAM,cAAc,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC/C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAED,SAAS,6BAA6B,CAAC,EACrC,SAAS,GAAG,IAAI,EAChB,SAAS,GAAG,IAAI,EAChB,KAAK,GAAG,IAAI,EACZ,gBAAgB,GAAG,IAAI,EACvB,WAAW,GAAG,KAAK,EACnB,eAAe,GAAG,IAAI,EACtB,eAAe,GAAG,KAAK,EACvB,oBAAoB,GAAG,CAAC,EACxB,oBAAoB,GAAG,EAAE,EAC1B,GAAG,EAAE;IACJ,IAAI,cAAc,GAAG,eAAe;QAClC,CAAC,CAAC;YACE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;YAC9B,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;YAC9B,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;YACxB,gBAAgB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE;YAC5C,CAAC,WAAW,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE;YAC7C,KAAK,oBAAoB,IAAI,CAAC,6BAA6B;SAC5D;QACH,CAAC,CAAC,EAAE,CAAA;IAEN,IAAI,cAAc,GAAG,eAAe;QAClC,CAAC,CAAC;YACE,KAAK,oBAAoB,IAAI,CAAC,8BAA8B;SAC7D;QACH,CAAC,CAAC,EAAE,CAAA;IAEN,IAAI,SAAS,GAAG;QACd,GAAG;QACH,GAAG,cAAc;QACjB,cAAc,CAAC,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACzD,GAAG,cAAc;QACjB,GAAG,CAAC,aAAa;KAClB,CAAA;IAED,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;AACvC,CAAC;AAED,SAAgB,2BAA2B,CACzC,EACE,SAAS,GAAG,IAAI,EAChB,SAAS,GAAG,IAAI,EAChB,KAAK,GAAG,IAAI,EACZ,gBAAgB,GAAG,IAAI,EACvB,WAAW,GAAG,KAAK,EACnB,eAAe,GAAG,IAAI,EACtB,eAAe,GAAG,KAAK,EACvB,oBAAoB,GAAG,CAAC,EACxB,oBAAoB,GAAG,EAAE,EAC1B,GAAG,EAAE,EACN,GAAG;IAEH,GAAG,GAAG,GAAG,IAAI,OAAO,CAAA;IACpB,IAAI,YAAY,GAAG,EAAE,CAAA;IAErB,MAAM,CAAC,GAAG,iBAAO,CAAC,SAAS,CAAC,GAAG,EAAE,cAAc,CAAC,CAAA;IAEhD,IAAI,eAAe,EAAE;QACnB,YAAY,CAAC,IAAI,CAAC,aAAa,oBAAoB,aAAa,CAAC,CAAA;KAClE;IAED,IAAI,eAAe,EAAE;QACnB,CAAC,eAAe;YACd,YAAY,CAAC,IAAI,CACf,CAAC,CAAC,gCAAgC,EAAE;gBAClC,MAAM,EAAE,oBAAoB;aAC7B,CAAC,CACH,CAAA;QACH,SAAS,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAA;QACrE,SAAS,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAA;QACrE,KAAK,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAA;QAC7D,gBAAgB,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAA;QAC1E,CAAC,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAA;KACjE;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAChC,CAAC;AAtCD,kEAsCC;AAEY,QAAA,eAAe,GAAG,6BAA6B,CAAC,cAAc,CAAC,CAAA;AAC5E,SAAgB,YAAY,CAAC,GAAG;IAC9B,OAAO,2BAA2B,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;AACzD,CAAC;AAFD,oCAEC;AAED,SAAgB,sBAAsB,CAAC,QAAQ,EAAE,GAAG;IAClD,IAAI,CAAC,uBAAe,EAAE;QACpB,OAAM;KACP;IAED,IAAI,uBAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;QAClC,OAAM;KACP;IAED,MAAM,IAAI,GAAG,2BAA2B,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;IAC7D,MAAM,IAAI,sBAAS,CAAC;QAClB,SAAS,EAAE,yCAA4B;QACvC,MAAM,EAAE;YACN,IAAI;SACL;KACF,CAAC,CAAA;AACJ,CAAC;AAhBD,wDAgBC","sourcesContent":["import i18next from 'i18next'\n\nimport { config } from '@things-factory/env'\n\nimport { PASSWORD_PATTERN_NOT_MATCHED } from '../../constants/error-code'\nimport { AuthError } from '../../errors/auth-error'\n\nconst passwordConfig = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nfunction generatePasswordPatternRegExp({\n lowerCase = true,\n upperCase = true,\n digit = true,\n specialCharacter = true,\n allowRepeat = false,\n useTightPattern = true,\n useLoosePattern = false,\n tightCharacterLength = 8,\n looseCharacterLength = 15\n} = {}) {\n var tightChecklist = useTightPattern\n ? [\n lowerCase ? '(?=.*[a-z])' : '', // has at least one lower case character\n upperCase ? '(?=.*[A-Z])' : '', // has at least one upper case character\n digit ? '(?=.*\\\\d)' : '', // has at least one digit\n specialCharacter ? '(?=.*[!@#$%^&*()])' : '', // has at least one special character\n !allowRepeat ? '(?!.*(.)\\\\1(?=\\\\1{1,}))' : '', // has not an repeated character more than twice\n `.{${tightCharacterLength},}` // has a length of 8 and more\n ]\n : []\n\n var looseChecklist = useLoosePattern\n ? [\n `.{${looseCharacterLength},}` // has a length of 15 and more\n ]\n : []\n\n var checkList = [\n '^', // from start\n ...tightChecklist,\n tightChecklist.length && looseChecklist.length ? '|' : '',\n ...looseChecklist,\n '$' //to the end\"\n ]\n\n return new RegExp(checkList.join(''))\n}\n\nexport function generatePasswordPatternHelp(\n {\n lowerCase = true,\n upperCase = true,\n digit = true,\n specialCharacter = true,\n allowRepeat = false,\n useTightPattern = true,\n useLoosePattern = false,\n tightCharacterLength = 8,\n looseCharacterLength = 15\n } = {},\n lng\n) {\n lng = lng || 'en-US'\n var descriptions = []\n\n const t = i18next.getFixedT(lng, 'translations')\n\n if (useLoosePattern) {\n descriptions.push(`more than ${looseCharacterLength} characters`)\n }\n\n if (useTightPattern) {\n !useLoosePattern &&\n descriptions.push(\n t('text.pattern_minimum_charaters', {\n length: tightCharacterLength\n })\n )\n lowerCase && descriptions.push(t('text.pattern_atleast_1_lowercase'))\n upperCase && descriptions.push(t('text.pattern_atleast_1_uppercase'))\n digit && descriptions.push(t('text.pattern_atleast_1_digit'))\n specialCharacter && descriptions.push(t('text.pattern_atleast_1_special'))\n !allowRepeat && descriptions.push(t('text.pattern_not_allowed'))\n }\n\n return descriptions.join(', ')\n}\n\nexport const passwordPattern = generatePasswordPatternRegExp(passwordConfig)\nexport function passwordHelp(lng) {\n return generatePasswordPatternHelp(passwordConfig, lng)\n}\n\nexport function validatePasswordByRule(password, lng) {\n if (!passwordPattern) {\n return\n }\n\n if (passwordPattern.test(password)) {\n return\n }\n\n const rule = generatePasswordPatternHelp(passwordConfig, lng)\n throw new AuthError({\n errorCode: PASSWORD_PATTERN_NOT_MATCHED,\n detail: {\n rule\n }\n })\n}\n"]}
1
+ {"version":3,"file":"password-rule.js","sourceRoot":"","sources":["../../../server/controllers/utils/password-rule.ts"],"names":[],"mappings":";;;;AAAA,8DAA6B;AAE7B,6CAA4C;AAE5C,2DAAyE;AACzE,wDAAmD;AAEnD,MAAM,cAAc,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC/C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAED,SAAS,6BAA6B,CAAC,EACrC,SAAS,GAAG,IAAI,EAChB,SAAS,GAAG,IAAI,EAChB,KAAK,GAAG,IAAI,EACZ,gBAAgB,GAAG,IAAI,EACvB,WAAW,GAAG,KAAK,EACnB,eAAe,GAAG,IAAI,EACtB,eAAe,GAAG,KAAK,EACvB,oBAAoB,GAAG,CAAC,EACxB,oBAAoB,GAAG,EAAE,EAC1B,GAAG,EAAE;IACJ,IAAI,cAAc,GAAG,eAAe;QAClC,CAAC,CAAC;YACE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,wCAAwC;YACxE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,wCAAwC;YACxE,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,yBAAyB;YACnD,gBAAgB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,EAAE,qCAAqC;YACnF,CAAC,WAAW,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,EAAE,gDAAgD;YAC/F,KAAK,oBAAoB,IAAI,CAAC,6BAA6B;SAC5D;QACH,CAAC,CAAC,EAAE,CAAA;IAEN,IAAI,cAAc,GAAG,eAAe;QAClC,CAAC,CAAC;YACE,KAAK,oBAAoB,IAAI,CAAC,8BAA8B;SAC7D;QACH,CAAC,CAAC,EAAE,CAAA;IAEN,IAAI,SAAS,GAAG;QACd,GAAG,EAAE,aAAa;QAClB,GAAG,cAAc;QACjB,cAAc,CAAC,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACzD,GAAG,cAAc;QACjB,GAAG,CAAC,aAAa;KAClB,CAAA;IAED,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;AACvC,CAAC;AAED,SAAgB,2BAA2B,CACzC,EACE,SAAS,GAAG,IAAI,EAChB,SAAS,GAAG,IAAI,EAChB,KAAK,GAAG,IAAI,EACZ,gBAAgB,GAAG,IAAI,EACvB,WAAW,GAAG,KAAK,EACnB,eAAe,GAAG,IAAI,EACtB,eAAe,GAAG,KAAK,EACvB,oBAAoB,GAAG,CAAC,EACxB,oBAAoB,GAAG,EAAE,EAC1B,GAAG,EAAE,EACN,GAAG;IAEH,GAAG,GAAG,GAAG,IAAI,OAAO,CAAA;IACpB,IAAI,YAAY,GAAG,EAAE,CAAA;IAErB,MAAM,CAAC,GAAG,iBAAO,CAAC,SAAS,CAAC,GAAG,EAAE,cAAc,CAAC,CAAA;IAEhD,IAAI,eAAe,EAAE,CAAC;QACpB,YAAY,CAAC,IAAI,CAAC,aAAa,oBAAoB,aAAa,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,CAAC,eAAe;YACd,YAAY,CAAC,IAAI,CACf,CAAC,CAAC,gCAAgC,EAAE;gBAClC,MAAM,EAAE,oBAAoB;aAC7B,CAAC,CACH,CAAA;QACH,SAAS,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAA;QACrE,SAAS,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAA;QACrE,KAAK,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAA;QAC7D,gBAAgB,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAA;QAC1E,CAAC,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAChC,CAAC;AAtCD,kEAsCC;AAEY,QAAA,eAAe,GAAG,6BAA6B,CAAC,cAAc,CAAC,CAAA;AAC5E,SAAgB,YAAY,CAAC,GAAG;IAC9B,OAAO,2BAA2B,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;AACzD,CAAC;AAFD,oCAEC;AAED,SAAgB,sBAAsB,CAAC,QAAQ,EAAE,GAAG;IAClD,IAAI,CAAC,uBAAe,EAAE,CAAC;QACrB,OAAM;IACR,CAAC;IAED,IAAI,uBAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,OAAM;IACR,CAAC;IAED,MAAM,IAAI,GAAG,2BAA2B,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;IAC7D,MAAM,IAAI,sBAAS,CAAC;QAClB,SAAS,EAAE,yCAA4B;QACvC,MAAM,EAAE;YACN,IAAI;SACL;KACF,CAAC,CAAA;AACJ,CAAC;AAhBD,wDAgBC","sourcesContent":["import i18next from 'i18next'\n\nimport { config } from '@things-factory/env'\n\nimport { PASSWORD_PATTERN_NOT_MATCHED } from '../../constants/error-code'\nimport { AuthError } from '../../errors/auth-error'\n\nconst passwordConfig = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nfunction generatePasswordPatternRegExp({\n lowerCase = true,\n upperCase = true,\n digit = true,\n specialCharacter = true,\n allowRepeat = false,\n useTightPattern = true,\n useLoosePattern = false,\n tightCharacterLength = 8,\n looseCharacterLength = 15\n} = {}) {\n var tightChecklist = useTightPattern\n ? [\n lowerCase ? '(?=.*[a-z])' : '', // has at least one lower case character\n upperCase ? '(?=.*[A-Z])' : '', // has at least one upper case character\n digit ? '(?=.*\\\\d)' : '', // has at least one digit\n specialCharacter ? '(?=.*[!@#$%^&*()])' : '', // has at least one special character\n !allowRepeat ? '(?!.*(.)\\\\1(?=\\\\1{1,}))' : '', // has not an repeated character more than twice\n `.{${tightCharacterLength},}` // has a length of 8 and more\n ]\n : []\n\n var looseChecklist = useLoosePattern\n ? [\n `.{${looseCharacterLength},}` // has a length of 15 and more\n ]\n : []\n\n var checkList = [\n '^', // from start\n ...tightChecklist,\n tightChecklist.length && looseChecklist.length ? '|' : '',\n ...looseChecklist,\n '$' //to the end\"\n ]\n\n return new RegExp(checkList.join(''))\n}\n\nexport function generatePasswordPatternHelp(\n {\n lowerCase = true,\n upperCase = true,\n digit = true,\n specialCharacter = true,\n allowRepeat = false,\n useTightPattern = true,\n useLoosePattern = false,\n tightCharacterLength = 8,\n looseCharacterLength = 15\n } = {},\n lng\n) {\n lng = lng || 'en-US'\n var descriptions = []\n\n const t = i18next.getFixedT(lng, 'translations')\n\n if (useLoosePattern) {\n descriptions.push(`more than ${looseCharacterLength} characters`)\n }\n\n if (useTightPattern) {\n !useLoosePattern &&\n descriptions.push(\n t('text.pattern_minimum_charaters', {\n length: tightCharacterLength\n })\n )\n lowerCase && descriptions.push(t('text.pattern_atleast_1_lowercase'))\n upperCase && descriptions.push(t('text.pattern_atleast_1_uppercase'))\n digit && descriptions.push(t('text.pattern_atleast_1_digit'))\n specialCharacter && descriptions.push(t('text.pattern_atleast_1_special'))\n !allowRepeat && descriptions.push(t('text.pattern_not_allowed'))\n }\n\n return descriptions.join(', ')\n}\n\nexport const passwordPattern = generatePasswordPatternRegExp(passwordConfig)\nexport function passwordHelp(lng) {\n return generatePasswordPatternHelp(passwordConfig, lng)\n}\n\nexport function validatePasswordByRule(password, lng) {\n if (!passwordPattern) {\n return\n }\n\n if (passwordPattern.test(password)) {\n return\n }\n\n const rule = generatePasswordPatternHelp(passwordConfig, lng)\n throw new AuthError({\n errorCode: PASSWORD_PATTERN_NOT_MATCHED,\n detail: {\n rule\n }\n })\n}\n"]}
package/dist-server/controllers/verification.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verification.js","sourceRoot":"","sources":["../../server/controllers/verification.ts"],"names":[],"mappings":";;;AAAA,6BAAyB;AAEzB,2DAAsD;AACtD,iDAAqD;AAErD,qDAAgD;AAChD,+CAAuD;AACvD,yFAAoF;AACpF,wEAA0E;AAC1E,6EAAuE;AACvE,6EAAuE;AAEhE,KAAK,UAAU,qBAAqB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;IAC3D,IAAI;QACF,IAAI,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;QACnC,IAAI,WAAW,GAAG,MAAM,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;QAE7D,IAAI,WAAW,EAAE;YACf,IAAI,UAAU,GAAG,IAAI,SAAG,CAAC,gBAAgB,KAAK,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACzE,MAAM,IAAA,sBAAS,EAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,KAAK;gBACpB,OAAO,EAAE,mBAAmB;gBAC5B,OAAO,EAAE,IAAA,6CAAwB,EAAC;oBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,UAAU;iBACtB,CAAC;aACH,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;SACZ;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,KAAK,CAAA;KACb;AACH,CAAC;AArBD,sDAqBC;AAEM,KAAK,UAAU,MAAM,CAAC,KAAK;IAChC,IAAI,YAAY,GAAG,MAAM,IAAA,qBAAa,EAAC,sCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;KACH;IAED,IAAI,QAAQ,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/E,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;KACH;IAED,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,iBAAU,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,iBAAU,CAAC,MAAM,CAAC,EAAE;QACrF,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;KACH;IAED,QAAQ,CAAC,MAAM,GAAG,iBAAU,CAAC,SAAS,CAAA;IACtC,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAA;IAEtB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACxC,MAAM,IAAA,qBAAa,EAAC,sCAAiB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;AAC7D,CAAC;AA/BD,wBA+BC;AAEM,KAAK,UAAU,uBAAuB,CAAC,KAAK,EAAE,OAAO;IAC1D,IAAI,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QAC3C,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IACvB,IAAI,IAAI,CAAC,MAAM,IAAI,iBAAU,CAAC,SAAS;QAAE,OAAO,KAAK,CAAA;IAErD,OAAO,MAAM,qBAAqB,CAAC;QACjC,IAAI;QACJ,OAAO;KACR,CAAC,CAAA;AACJ,CAAC;AAdD,0DAcC","sourcesContent":["import { URL } from 'url'\n\nimport { sendEmail } from '@things-factory/email-base'\nimport { getRepository } from '@things-factory/shell'\n\nimport { AuthError } from '../errors/auth-error'\nimport { User, UserStatus } from '../service/user/user'\nimport { VerificationToken } from '../service/verification-token/verification-token'\nimport { getVerificationEmailForm } from '../templates/verification-email'\nimport { makeVerificationToken } from './utils/make-verification-token'\nimport { saveVerificationToken } from './utils/save-verification-token'\n\nexport async function sendVerificationEmail({ user, context }) {\n try {\n var token = makeVerificationToken()\n var verifaction = await saveVerificationToken(user.id, token)\n\n if (verifaction) {\n var serviceUrl = new URL(`/auth/verify/${token}`, context.header.referer)\n await sendEmail({\n receiver: user.email,\n subject: 'Verify your email',\n content: getVerificationEmailForm({\n name: user.name,\n verifyUrl: serviceUrl\n })\n })\n\n return true\n }\n } catch (e) {\n return false\n }\n}\n\nexport async function verify(token) {\n var verification = await getRepository(VerificationToken).findOne({\n where: {\n token\n }\n })\n\n if (!verification) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR\n })\n }\n\n var userInfo = await getRepository(User).findOneBy({ id: verification.userId })\n if (!userInfo) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR\n })\n }\n\n if (!(userInfo.status == UserStatus.INACTIVE || userInfo.status == UserStatus.LOCKED)) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR\n })\n }\n\n userInfo.status = UserStatus.ACTIVATED\n userInfo.failCount = 0\n\n await getRepository(User).save(userInfo)\n await getRepository(VerificationToken).delete(verification)\n}\n\nexport async function resendVerificationEmail(email, context) {\n var user = await getRepository(User).findOne({\n where: {\n email\n }\n })\n\n if (!user) return false\n if (user.status == UserStatus.ACTIVATED) return false\n\n return await sendVerificationEmail({\n user,\n context\n })\n}\n"]}
1
+ {"version":3,"file":"verification.js","sourceRoot":"","sources":["../../server/controllers/verification.ts"],"names":[],"mappings":";;;AAAA,6BAAyB;AAEzB,2DAAsD;AACtD,iDAAqD;AAErD,qDAAgD;AAChD,+CAAuD;AACvD,yFAAoF;AACpF,wEAA0E;AAC1E,6EAAuE;AACvE,6EAAuE;AAEhE,KAAK,UAAU,qBAAqB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;IAC3D,IAAI,CAAC;QACH,IAAI,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;QACnC,IAAI,WAAW,GAAG,MAAM,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;QAE7D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,UAAU,GAAG,IAAI,SAAG,CAAC,gBAAgB,KAAK,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACzE,MAAM,IAAA,sBAAS,EAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,KAAK;gBACpB,OAAO,EAAE,mBAAmB;gBAC5B,OAAO,EAAE,IAAA,6CAAwB,EAAC;oBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,UAAU;iBACtB,CAAC;aACH,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AArBD,sDAqBC;AAEM,KAAK,UAAU,MAAM,CAAC,KAAK;IAChC,IAAI,YAAY,GAAG,MAAM,IAAA,qBAAa,EAAC,sCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,QAAQ,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,iBAAU,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,iBAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACtF,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;IACJ,CAAC;IAED,QAAQ,CAAC,MAAM,GAAG,iBAAU,CAAC,SAAS,CAAA;IACtC,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAA;IAEtB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACxC,MAAM,IAAA,qBAAa,EAAC,sCAAiB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;AAC7D,CAAC;AA/BD,wBA+BC;AAEM,KAAK,UAAU,uBAAuB,CAAC,KAAK,EAAE,OAAO;IAC1D,IAAI,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QAC3C,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IACvB,IAAI,IAAI,CAAC,MAAM,IAAI,iBAAU,CAAC,SAAS;QAAE,OAAO,KAAK,CAAA;IAErD,OAAO,MAAM,qBAAqB,CAAC;QACjC,IAAI;QACJ,OAAO;KACR,CAAC,CAAA;AACJ,CAAC;AAdD,0DAcC","sourcesContent":["import { URL } from 'url'\n\nimport { sendEmail } from '@things-factory/email-base'\nimport { getRepository } from '@things-factory/shell'\n\nimport { AuthError } from '../errors/auth-error'\nimport { User, UserStatus } from '../service/user/user'\nimport { VerificationToken } from '../service/verification-token/verification-token'\nimport { getVerificationEmailForm } from '../templates/verification-email'\nimport { makeVerificationToken } from './utils/make-verification-token'\nimport { saveVerificationToken } from './utils/save-verification-token'\n\nexport async function sendVerificationEmail({ user, context }) {\n try {\n var token = makeVerificationToken()\n var verifaction = await saveVerificationToken(user.id, token)\n\n if (verifaction) {\n var serviceUrl = new URL(`/auth/verify/${token}`, context.header.referer)\n await sendEmail({\n receiver: user.email,\n subject: 'Verify your email',\n content: getVerificationEmailForm({\n name: user.name,\n verifyUrl: serviceUrl\n })\n })\n\n return true\n }\n } catch (e) {\n return false\n }\n}\n\nexport async function verify(token) {\n var verification = await getRepository(VerificationToken).findOne({\n where: {\n token\n }\n })\n\n if (!verification) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR\n })\n }\n\n var userInfo = await getRepository(User).findOneBy({ id: verification.userId })\n if (!userInfo) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR\n })\n }\n\n if (!(userInfo.status == UserStatus.INACTIVE || userInfo.status == UserStatus.LOCKED)) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR\n })\n }\n\n userInfo.status = UserStatus.ACTIVATED\n userInfo.failCount = 0\n\n await getRepository(User).save(userInfo)\n await getRepository(VerificationToken).delete(verification)\n}\n\nexport async function resendVerificationEmail(email, context) {\n var user = await getRepository(User).findOne({\n where: {\n email\n }\n })\n\n if (!user) return false\n if (user.status == UserStatus.ACTIVATED) return false\n\n return await sendVerificationEmail({\n user,\n context\n })\n}\n"]}
package/dist-server/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../server/index.ts"],"names":[],"mappings":";;;AAAA,iDAAqD;AACrD,6DAAyD;AAEzD,oBAAiB;AAEjB,oDAAyB;AACzB,uDAA4B;AAE5B,wDAA6B;AAC7B,mDAAwB;AACxB,mDAAwB;AAExB,mEAAwC;AACxC,mEAAwC;AACxC,6DAAkC;AAClC,4EAAiD;AACjD,sEAA2C;AAC3C,gEAAqC;AACrC,mEAAwC;AAExC,mDAAwB;AAExB,kDAAuB;AAEvB,OAAO,CAAC,EAAE,CAAC,wBAA+B,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAO,EAAE,EAAE;IACjF,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;IACxC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAA;IAEpD,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE;QAC5E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE;YACzE,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;SACnD;KACF;IAED,OAAO,CAAC,GAAG,CAAC,2EAA2E,CAAC,CAAA;AAC1F,CAAC,CAAC,CAAA","sourcesContent":["import { getRepository } from '@things-factory/shell'\nimport { Privilege } from './service/privilege/privilege'\n\nimport './routes'\n\nexport * from './service'\nexport * from './migrations'\n\nexport * from './middlewares'\nexport * from './routes'\nexport * from './router'\n\nexport * from './utils/get-domain-users'\nexport * from './utils/get-user-domains'\nexport * from './utils/get-secret'\nexport * from './utils/check-user-belongs-domain'\nexport * from './utils/access-token-cookie'\nexport * from './utils/encrypt-state'\nexport * from './utils/check-permission'\n\nexport * from './errors'\n\nexport * from './types'\n\nprocess.on('bootstrap-module-start' as any, async ({ app, config, client }: any) => {\n const privileges = process['PRIVILEGES']\n const privilegeRepository = getRepository(Privilege)\n\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n\n console.log('[auth-base:bootstrap] Synchronization for privilege master has just done.')\n})\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../server/index.ts"],"names":[],"mappings":";;;AAAA,iDAAqD;AACrD,6DAAyD;AAEzD,oBAAiB;AAEjB,oDAAyB;AACzB,uDAA4B;AAE5B,wDAA6B;AAC7B,mDAAwB;AACxB,mDAAwB;AAExB,mEAAwC;AACxC,mEAAwC;AACxC,6DAAkC;AAClC,4EAAiD;AACjD,sEAA2C;AAC3C,gEAAqC;AACrC,mEAAwC;AAExC,mDAAwB;AAExB,kDAAuB;AAEvB,OAAO,CAAC,EAAE,CAAC,wBAA+B,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAO,EAAE,EAAE;IACjF,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;IACxC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAA;IAEpD,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE,CAAC;QAC7E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QACpD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,2EAA2E,CAAC,CAAA;AAC1F,CAAC,CAAC,CAAA","sourcesContent":["import { getRepository } from '@things-factory/shell'\nimport { Privilege } from './service/privilege/privilege'\n\nimport './routes'\n\nexport * from './service'\nexport * from './migrations'\n\nexport * from './middlewares'\nexport * from './routes'\nexport * from './router'\n\nexport * from './utils/get-domain-users'\nexport * from './utils/get-user-domains'\nexport * from './utils/get-secret'\nexport * from './utils/check-user-belongs-domain'\nexport * from './utils/access-token-cookie'\nexport * from './utils/encrypt-state'\nexport * from './utils/check-permission'\n\nexport * from './errors'\n\nexport * from './types'\n\nprocess.on('bootstrap-module-start' as any, async ({ app, config, client }: any) => {\n const privileges = process['PRIVILEGES']\n const privilegeRepository = getRepository(Privilege)\n\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n\n console.log('[auth-base:bootstrap] Synchronization for privilege master has just done.')\n})\n"]}
package/dist-server/middlewares/authenticate-401-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authenticate-401-middleware.js","sourceRoot":"","sources":["../../server/middlewares/authenticate-401-middleware.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAE5C,wDAA8G;AAC9G,qDAAgD;AAChD,8CAA0C;AAE1C,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAE9C,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,IAAI;QACF,MAAM,IAAI,EAAE,CAAA;KACb;IAAC,OAAO,GAAG,EAAE;QACZ,IAAI,OAAO,CAAA;QAEX,IAAI,GAAG,YAAY,sBAAS,EAAE;YAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,SAAS,EAAE,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAA;SAChG;aAAM;YACL,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,MAAK,GAAG,EAAE;gBACvB,MAAM,GAAG,CAAA;aACV;YAED,OAAO,GAAG,GAAG,CAAC,OAAO,CAAA;SACtB;QAED,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB;;;;WAIG;QAEH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;QAErD,IAAI,MAAM,IAAI,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YACnD,IAAI,GAAG,CAAC,SAAS,IAAI,+BAAkB,EAAE;gBACvC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;aACrB;YACD,OAAM;SACP;QAED,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YACjD,OAAM;SACP;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QACrC,MAAM,EAAE,UAAU,GAAG,WAAW,IAAI,WAAW,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;QAE9E,QAAQ,GAAG,CAAC,SAAS,EAAE;YACrB,KAAK,+BAAkB;gBACrB,OAAO,CAAC,QAAQ,CAAC,6BAA6B,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBAC/E,MAAK;YAEP,KAAK,wBAAW;gBACd,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,eAAe;oBAC5B,aAAa,EAAE,mBAAmB;oBAClC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO;wBACP,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;YAEJ,KAAK,+BAAkB;gBACrB,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,eAAe;oBAC5B,aAAa,EAAE,mBAAmB;oBAClC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO;wBACP,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;YAEJ,KAAK,4BAAe;gBAClB,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,aAAa;oBAC1B,aAAa,EAAE,iBAAiB;oBAChC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO;wBACP,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;YAEJ;gBACE,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,aAAa;oBAC1B,aAAa,EAAE,iBAAiB;oBAChC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO,EAAE,GAAG,YAAY,sBAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAChD,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;SACL;KACF;AACH,CAAC;AAvGD,8DAuGC","sourcesContent":["import { config } from '@things-factory/env'\n\nimport { SUBDOMAIN_NOTFOUND, USER_DUPLICATED, USER_LOCKED, USER_NOT_ACTIVATED } from '../constants/error-code'\nimport { AuthError } from '../errors/auth-error'\nimport { accepts } from '../utils/accepts'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nexport async function authenticate401Middleware(context, next) {\n try {\n await next()\n } catch (err) {\n var message\n\n if (err instanceof AuthError) {\n message = (context.t && context.t(`error.${err.errorCode}`, err.detail || {})) || err.errorCode\n } else {\n if (err?.status !== 401) {\n throw err\n }\n\n message = err.message\n }\n\n context.status = 401\n context.body = message\n\n /*\n * 클라이언트 라우팅을 위한 ApiHistoryFallback의 상황과,\n * 서버라우팅의 상황에서 발생하는 던져지는 401 에러인 경우에는\n * error code에 맞춰서 적절하게 rewriting 되도록 한다.\n */\n\n const { method, header, path, originalUrl } = context\n\n if (method == 'POST' && path.startsWith('/graphql')) {\n if (err.errorCode == SUBDOMAIN_NOTFOUND) {\n context.status = 403\n }\n return\n }\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n return\n }\n\n const { redirect_to } = context.query\n const { redirectTo = redirect_to || originalUrl } = context.request.body || {}\n\n switch (err.errorCode) {\n case SUBDOMAIN_NOTFOUND:\n context.redirect(`/auth/checkin?redirect_to=${encodeURIComponent(redirectTo)}`)\n break\n\n case USER_LOCKED:\n return await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n ...err.detail,\n message,\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n\n case USER_NOT_ACTIVATED:\n return await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n ...err.detail,\n message,\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n\n case USER_DUPLICATED:\n return await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n ...err.detail,\n message,\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n\n default:\n return await context.render('auth-page', {\n pageElement: 'auth-signin',\n elementScript: '/auth/signin.js',\n data: {\n ...err.detail,\n message: err instanceof AuthError ? message : '',\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n }\n}\n"]}
1
+ {"version":3,"file":"authenticate-401-middleware.js","sourceRoot":"","sources":["../../server/middlewares/authenticate-401-middleware.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAE5C,wDAA8G;AAC9G,qDAAgD;AAChD,8CAA0C;AAE1C,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAE9C,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,IAAI,CAAC;QACH,MAAM,IAAI,EAAE,CAAA;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,OAAO,CAAA;QAEX,IAAI,GAAG,YAAY,sBAAS,EAAE,CAAC;YAC7B,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,SAAS,EAAE,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAA;QACjG,CAAC;aAAM,CAAC;YACN,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,MAAK,GAAG,EAAE,CAAC;gBACxB,MAAM,GAAG,CAAA;YACX,CAAC;YAED,OAAO,GAAG,GAAG,CAAC,OAAO,CAAA;QACvB,CAAC;QAED,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB;;;;WAIG;QAEH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;QAErD,IAAI,MAAM,IAAI,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACpD,IAAI,GAAG,CAAC,SAAS,IAAI,+BAAkB,EAAE,CAAC;gBACxC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACtB,CAAC;YACD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YAClD,OAAM;QACR,CAAC;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QACrC,MAAM,EAAE,UAAU,GAAG,WAAW,IAAI,WAAW,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;QAE9E,QAAQ,GAAG,CAAC,SAAS,EAAE,CAAC;YACtB,KAAK,+BAAkB;gBACrB,OAAO,CAAC,QAAQ,CAAC,6BAA6B,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBAC/E,MAAK;YAEP,KAAK,wBAAW;gBACd,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,eAAe;oBAC5B,aAAa,EAAE,mBAAmB;oBAClC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO;wBACP,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;YAEJ,KAAK,+BAAkB;gBACrB,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,eAAe;oBAC5B,aAAa,EAAE,mBAAmB;oBAClC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO;wBACP,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;YAEJ,KAAK,4BAAe;gBAClB,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,aAAa;oBAC1B,aAAa,EAAE,iBAAiB;oBAChC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO;wBACP,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;YAEJ;gBACE,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,aAAa;oBAC1B,aAAa,EAAE,iBAAiB;oBAChC,IAAI,kCACC,GAAG,CAAC,MAAM,KACb,OAAO,EAAE,GAAG,YAAY,sBAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAChD,UAAU;wBACV,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS,GACV;iBACF,CAAC,CAAA;QACN,CAAC;IACH,CAAC;AACH,CAAC;AAvGD,8DAuGC","sourcesContent":["import { config } from '@things-factory/env'\n\nimport { SUBDOMAIN_NOTFOUND, USER_DUPLICATED, USER_LOCKED, USER_NOT_ACTIVATED } from '../constants/error-code'\nimport { AuthError } from '../errors/auth-error'\nimport { accepts } from '../utils/accepts'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nexport async function authenticate401Middleware(context, next) {\n try {\n await next()\n } catch (err) {\n var message\n\n if (err instanceof AuthError) {\n message = (context.t && context.t(`error.${err.errorCode}`, err.detail || {})) || err.errorCode\n } else {\n if (err?.status !== 401) {\n throw err\n }\n\n message = err.message\n }\n\n context.status = 401\n context.body = message\n\n /*\n * 클라이언트 라우팅을 위한 ApiHistoryFallback의 상황과,\n * 서버라우팅의 상황에서 발생하는 던져지는 401 에러인 경우에는\n * error code에 맞춰서 적절하게 rewriting 되도록 한다.\n */\n\n const { method, header, path, originalUrl } = context\n\n if (method == 'POST' && path.startsWith('/graphql')) {\n if (err.errorCode == SUBDOMAIN_NOTFOUND) {\n context.status = 403\n }\n return\n }\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n return\n }\n\n const { redirect_to } = context.query\n const { redirectTo = redirect_to || originalUrl } = context.request.body || {}\n\n switch (err.errorCode) {\n case SUBDOMAIN_NOTFOUND:\n context.redirect(`/auth/checkin?redirect_to=${encodeURIComponent(redirectTo)}`)\n break\n\n case USER_LOCKED:\n return await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n ...err.detail,\n message,\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n\n case USER_NOT_ACTIVATED:\n return await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n ...err.detail,\n message,\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n\n case USER_DUPLICATED:\n return await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n ...err.detail,\n message,\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n\n default:\n return await context.render('auth-page', {\n pageElement: 'auth-signin',\n elementScript: '/auth/signin.js',\n data: {\n ...err.detail,\n message: err instanceof AuthError ? message : '',\n redirectTo,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n }\n}\n"]}
package/dist-server/middlewares/domain-authenticate-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"domain-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/domain-authenticate-middleware.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAC5C,iDAA6D;AAE7D,qDAAgD;AAChD,+CAA2C;AAC3C,gEAA0D;AAE1D,MAAM,yBAAyB,GAAG,CAAC,CAAC,YAAM,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;AAC3E,MAAM,KAAK,GAAG,YAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;AACrC,MAAM,eAAe,GAAG,YAAM,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAA;AAW9D,OAAO,CAAC,kBAAkB,GAAG,KAAK,EAAE,MAAc,EAAE,IAAU,EAAoB,EAAE;IAClF,OAAO,IAAI,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAA;AACnD,CAAC,CAAA;AAED,OAAO,CAAC,gBAAgB,GAAG,KAAK,EAAE,MAAc,EAAE,IAAU,EAAoB,EAAE;IAChF,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,KAAK,CAAA;KACb;IAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;QACxB,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;YACvC,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,SAAS,EAAE,CAAC,SAAS,CAAC;SACvB,CAAC,CAAA;KACH;IAED,MAAM,YAAY,GAAW,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAA;IACjG,IAAI,CAAC,YAAY,EAAE;QACjB,OAAO,KAAK,CAAA;KACb;IAED,OAAO,YAAY,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAA;AACvC,CAAC,CAAA;AAED;;;;;;;;GAQG;AAEI,KAAK,UAAU,4BAA4B,CAAC,OAAY,EAAE,IAAS;IACxE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,SAAS,GAAW,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA;IAE3C,gCAAgC;IAChC,mBAAmB;IACnB,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;KACH;IAED,4BAA4B;IAC5B,MAAM,WAAW,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IACjE,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE;QAC/G,OAAO,MAAM,IAAI,EAAE,CAAA;KACpB;IAED,MAAM,IAAI,sBAAS,CAAC;QAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;KACpD,CAAC,CAAA;AACJ,CAAC;AAvBD,oEAuBC","sourcesContent":["import { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { AuthError } from '../errors/auth-error'\nimport { User } from '../service/user/user'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst useVirtualHostBasedDomain = !!config.get('useVirtualHostBasedDomain')\nconst fixed = config.get('subdomain')\nconst subdomainOffset = config.getNumber('subdomainOffset', 2)\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n domainOwnerGranted: (domain: Domain, user: User) => Promise<boolean>\n superUserGranted: (domain: Domain, user: User) => Promise<boolean>\n }\n }\n}\n\nprocess.domainOwnerGranted = async (domain: Domain, user: User): Promise<boolean> => {\n return user && domain && domain.owner === user.id\n}\n\nprocess.superUserGranted = async (domain: Domain, user: User): Promise<boolean> => {\n if (!user) {\n return false\n }\n\n if (!user.domains.length) {\n user = await getRepository(User).findOne({\n where: { id: user.id },\n relations: ['domains']\n })\n }\n\n const systemDomain: Domain = user.domains.find((domain: Domain) => domain.subdomain === 'system')\n if (!systemDomain) {\n return false\n }\n\n return systemDomain.owner === user.id\n}\n\n/*\n * 현재 subdomain 과 user의 domain list와의 비교를 통해서,\n * 인증 성공 또는 인증 에러를 발생시킬 것인지를 결정한다.\n * 1. 현재 subdomain 이 결정되지 않은 경우.\n * - checkin로 이동한다.\n * 2. superUser 판단\n * 3. 현재 subdomain 이 결정된 경우.\n * - user의 domains 리스트에 해당 subdomain이 없다면, 인증 오류를 발생한다.\n */\n\nexport async function domainAuthenticateMiddleware(context: any, next: any) {\n const { t } = context\n const { domain, user } = context.state\n\n const subdomain: string = domain?.subdomain\n\n // 1. 현재 subdomain 이 결정되지 않은 경우.\n // - checkin로 이동한다.\n if (!subdomain) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.SUBDOMAIN_NOTFOUND\n })\n }\n\n // 2. 현재 subdomain 이 결정된 경우.\n const userDomains: Partial<Domain>[] = await getUserDomains(user)\n if (userDomains.find(domain => domain.subdomain == subdomain) || (await process.superUserGranted(domain, user))) {\n return await next()\n }\n\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.SUBDOMAIN_NOTFOUND\n })\n}\n"]}
1
+ {"version":3,"file":"domain-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/domain-authenticate-middleware.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAC5C,iDAA6D;AAE7D,qDAAgD;AAChD,+CAA2C;AAC3C,gEAA0D;AAE1D,MAAM,yBAAyB,GAAG,CAAC,CAAC,YAAM,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;AAC3E,MAAM,KAAK,GAAG,YAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;AACrC,MAAM,eAAe,GAAG,YAAM,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAA;AAW9D,OAAO,CAAC,kBAAkB,GAAG,KAAK,EAAE,MAAc,EAAE,IAAU,EAAoB,EAAE;IAClF,OAAO,IAAI,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAA;AACnD,CAAC,CAAA;AAED,OAAO,CAAC,gBAAgB,GAAG,KAAK,EAAE,MAAc,EAAE,IAAU,EAAoB,EAAE;IAChF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACzB,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;YACvC,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,SAAS,EAAE,CAAC,SAAS,CAAC;SACvB,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,YAAY,GAAW,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAA;IACjG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAA;AACvC,CAAC,CAAA;AAED;;;;;;;;GAQG;AAEI,KAAK,UAAU,4BAA4B,CAAC,OAAY,EAAE,IAAS;IACxE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,SAAS,GAAW,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA;IAE3C,gCAAgC;IAChC,mBAAmB;IACnB,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;SACpD,CAAC,CAAA;IACJ,CAAC;IAED,4BAA4B;IAC5B,MAAM,WAAW,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IACjE,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC;QAChH,OAAO,MAAM,IAAI,EAAE,CAAA;IACrB,CAAC;IAED,MAAM,IAAI,sBAAS,CAAC;QAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,kBAAkB;KACpD,CAAC,CAAA;AACJ,CAAC;AAvBD,oEAuBC","sourcesContent":["import { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { AuthError } from '../errors/auth-error'\nimport { User } from '../service/user/user'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst useVirtualHostBasedDomain = !!config.get('useVirtualHostBasedDomain')\nconst fixed = config.get('subdomain')\nconst subdomainOffset = config.getNumber('subdomainOffset', 2)\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n domainOwnerGranted: (domain: Domain, user: User) => Promise<boolean>\n superUserGranted: (domain: Domain, user: User) => Promise<boolean>\n }\n }\n}\n\nprocess.domainOwnerGranted = async (domain: Domain, user: User): Promise<boolean> => {\n return user && domain && domain.owner === user.id\n}\n\nprocess.superUserGranted = async (domain: Domain, user: User): Promise<boolean> => {\n if (!user) {\n return false\n }\n\n if (!user.domains.length) {\n user = await getRepository(User).findOne({\n where: { id: user.id },\n relations: ['domains']\n })\n }\n\n const systemDomain: Domain = user.domains.find((domain: Domain) => domain.subdomain === 'system')\n if (!systemDomain) {\n return false\n }\n\n return systemDomain.owner === user.id\n}\n\n/*\n * 현재 subdomain 과 user의 domain list와의 비교를 통해서,\n * 인증 성공 또는 인증 에러를 발생시킬 것인지를 결정한다.\n * 1. 현재 subdomain 이 결정되지 않은 경우.\n * - checkin로 이동한다.\n * 2. superUser 판단\n * 3. 현재 subdomain 이 결정된 경우.\n * - user의 domains 리스트에 해당 subdomain이 없다면, 인증 오류를 발생한다.\n */\n\nexport async function domainAuthenticateMiddleware(context: any, next: any) {\n const { t } = context\n const { domain, user } = context.state\n\n const subdomain: string = domain?.subdomain\n\n // 1. 현재 subdomain 이 결정되지 않은 경우.\n // - checkin로 이동한다.\n if (!subdomain) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.SUBDOMAIN_NOTFOUND\n })\n }\n\n // 2. 현재 subdomain 이 결정된 경우.\n const userDomains: Partial<Domain>[] = await getUserDomains(user)\n if (userDomains.find(domain => domain.subdomain == subdomain) || (await process.superUserGranted(domain, user))) {\n return await next()\n }\n\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.SUBDOMAIN_NOTFOUND\n })\n}\n"]}
package/dist-server/middlewares/graphql-authenticate-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graphql-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/graphql-authenticate-middleware.ts"],"names":[],"mappings":";;;AAAA,qFAA+E;AAC/E,+EAAyE;AAElE,KAAK,UAAU,6BAA6B,CAAC,OAAO,EAAE,IAAI;IAC/D,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEhC,IAAI,MAAM,IAAI,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;QACnD,MAAM,IAAA,uDAAyB,EAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;QAClD,MAAM,IAAA,6DAA4B,EAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;KACtD;IAED,MAAM,IAAI,EAAE,CAAA;AACd,CAAC;AATD,sEASC","sourcesContent":["import { domainAuthenticateMiddleware } from './domain-authenticate-middleware'\nimport { jwtAuthenticateMiddleware } from './jwt-authenticate-middleware'\n\nexport async function graphqlAuthenticateMiddleware(context, next) {\n const { method, path } = context\n\n if (method == 'POST' && path.startsWith('/graphql')) {\n await jwtAuthenticateMiddleware(context, () => {})\n await domainAuthenticateMiddleware(context, () => {})\n }\n\n await next()\n}\n"]}
1
+ {"version":3,"file":"graphql-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/graphql-authenticate-middleware.ts"],"names":[],"mappings":";;;AAAA,qFAA+E;AAC/E,+EAAyE;AAElE,KAAK,UAAU,6BAA6B,CAAC,OAAO,EAAE,IAAI;IAC/D,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEhC,IAAI,MAAM,IAAI,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACpD,MAAM,IAAA,uDAAyB,EAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;QAClD,MAAM,IAAA,6DAA4B,EAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,IAAI,EAAE,CAAA;AACd,CAAC;AATD,sEASC","sourcesContent":["import { domainAuthenticateMiddleware } from './domain-authenticate-middleware'\nimport { jwtAuthenticateMiddleware } from './jwt-authenticate-middleware'\n\nexport async function graphqlAuthenticateMiddleware(context, next) {\n const { method, path } = context\n\n if (method == 'POST' && path.startsWith('/graphql')) {\n await jwtAuthenticateMiddleware(context, () => {})\n await domainAuthenticateMiddleware(context, () => {})\n }\n\n await next()\n}\n"]}
package/dist-server/middlewares/jwt-authenticate-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/jwt-authenticate-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,+CAAkE;AAElE,6CAA4C;AAE5C,0FAAoF;AACpF,0FAAoF;AACpF,+CAAuD;AACvD,yFAAwF;AACxF,sEAAiH;AACjH,oDAA4C;AAE5C,MAAM,mBAAmB,GAAG,YAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAA;AAEvE,sBAAQ,CAAC,GAAG,CACV,IAAI,uBAAW,CACb;IACE,WAAW,EAAE,mBAAM;IACnB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,yBAAU,CAAC,cAAc,CAAC;QACxC,yBAAU,CAAC,2BAA2B,EAAE;QACxC,yBAAU,CAAC,UAAU,CAAC,eAAe,CAAC;QACtC,yBAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;QACvC,yBAAU,CAAC,qBAAqB,CAAC,cAAc,CAAC;QAChD,yBAAU,CAAC,aAAa,CAAC,cAAc,CAAC;QACxC,GAAG,CAAC,EAAE;YACJ,IAAI,KAAK,GAAG,IAAI,CAAA;YAChB,KAAK,GAAG,IAAA,0CAAoB,EAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,CAAC,CAAA;YACtC,OAAO,KAAK,CAAA;QACd,CAAC;KACF,CAAC;CACH,EACD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/B,IAAI;QACF,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;KAC3B;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;KACnB;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IACxB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,IAAI,EAAE;QACR,OAAO,MAAM,IAAI,EAAE,CAAA;KACpB;IAED,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE;YACnB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,IAAI,IAAI,CAAC,CAAA;YAE7C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAE/B,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAA;SAC9B;aAAM;YACL,MAAM,UAAU,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;YAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAU,CAAC,kBAAkB,EAAE;gBACvD,IAAI;oBACF,MAAM,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;oBACrC,MAAM,IAAA,+CAAqB,EAAC,UAAU,CAAC,EAAE,EAAE,KAAK,EAAE,0CAAqB,CAAC,cAAc,CAAC,CAAA;oBACvF,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;oBAC/B,OAAO,CAAC,QAAQ,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAA;iBACxD;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,GAAG,CAAA;iBACV;aACF;iBAAM;gBACL,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,UAAU,CAAA;gBAC/B,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,OAAO,CAAA;gBAEpC,IAAI,mBAAmB,IAAI,SAAS,EAAE;oBACpC,6FAA6F;oBAE7F,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAA;oBACrC,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;iBACrC;gBAED,MAAM,IAAI,EAAE,CAAA;aACb;SACF;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAzCD,8DAyCC","sourcesContent":["import passport from 'koa-passport'\nimport { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'\n\nimport { config } from '@things-factory/env'\n\nimport { makeVerificationToken } from '../controllers/utils/make-verification-token'\nimport { saveVerificationToken } from '../controllers/utils/save-verification-token'\nimport { User, UserStatus } from '../service/user/user'\nimport { VerificationTokenType } from '../service/verification-token/verification-token'\nimport { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { SECRET } from '../utils/get-secret'\n\nconst sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')\n\npassport.use(\n new JWTstrategy(\n {\n secretOrKey: SECRET,\n passReqToCallback: true,\n jwtFromRequest: ExtractJwt.fromExtractors([\n ExtractJwt.fromAuthHeaderAsBearerToken(),\n ExtractJwt.fromHeader('authorization'),\n ExtractJwt.fromHeader('x-access-token'),\n ExtractJwt.fromUrlQueryParameter('access_token'),\n ExtractJwt.fromBodyField('access_token'),\n req => {\n var token = null\n token = getAccessTokenCookie(req?.ctx)\n return token\n }\n ])\n },\n async (request, decoded, done) => {\n try {\n return done(null, decoded)\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function jwtAuthenticateMiddleware(context, next) {\n const { path } = context\n const { user } = context.state\n if (user) {\n return await next()\n }\n\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (err || !decoded) {\n const e = (context.state.error = err || info)\n\n clearAccessTokenCookie(context)\n\n context.throw(401, e.message)\n } else {\n const userEntity = await User.checkAuth(decoded)\n\n if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {\n try {\n const token = makeVerificationToken()\n await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)\n clearAccessTokenCookie(context)\n context.redirect(`/auth/reset-password?token=${token}`)\n } catch (e) {\n throw err\n }\n } else {\n context.state.user = userEntity\n context.state.decodedToken = decoded\n\n if (sessionExpiryPolicy == 'rolling') {\n /* To renew the expiry time on each request, a token is issued and the session is updated. */\n\n const token = await userEntity.sign()\n setAccessTokenCookie(context, token)\n }\n\n await next()\n }\n }\n })(context, next)\n}\n"]}
1
+ {"version":3,"file":"jwt-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/jwt-authenticate-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,+CAAkE;AAElE,6CAA4C;AAE5C,0FAAoF;AACpF,0FAAoF;AACpF,+CAAuD;AACvD,yFAAwF;AACxF,sEAAiH;AACjH,oDAA4C;AAE5C,MAAM,mBAAmB,GAAG,YAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAA;AAEvE,sBAAQ,CAAC,GAAG,CACV,IAAI,uBAAW,CACb;IACE,WAAW,EAAE,mBAAM;IACnB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,yBAAU,CAAC,cAAc,CAAC;QACxC,yBAAU,CAAC,2BAA2B,EAAE;QACxC,yBAAU,CAAC,UAAU,CAAC,eAAe,CAAC;QACtC,yBAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;QACvC,yBAAU,CAAC,qBAAqB,CAAC,cAAc,CAAC;QAChD,yBAAU,CAAC,aAAa,CAAC,cAAc,CAAC;QACxC,GAAG,CAAC,EAAE;YACJ,IAAI,KAAK,GAAG,IAAI,CAAA;YAChB,KAAK,GAAG,IAAA,0CAAoB,EAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,CAAC,CAAA;YACtC,OAAO,KAAK,CAAA;QACd,CAAC;KACF,CAAC;CACH,EACD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IACxB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,MAAM,IAAI,EAAE,CAAA;IACrB,CAAC;IAED,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,IAAI,IAAI,CAAC,CAAA;YAE7C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAE/B,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;YAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAU,CAAC,kBAAkB,EAAE,CAAC;gBACxD,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;oBACrC,MAAM,IAAA,+CAAqB,EAAC,UAAU,CAAC,EAAE,EAAE,KAAK,EAAE,0CAAqB,CAAC,cAAc,CAAC,CAAA;oBACvF,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;oBAC/B,OAAO,CAAC,QAAQ,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAA;gBACzD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,UAAU,CAAA;gBAC/B,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,OAAO,CAAA;gBAEpC,IAAI,mBAAmB,IAAI,SAAS,EAAE,CAAC;oBACrC,6FAA6F;oBAE7F,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAA;oBACrC,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBACtC,CAAC;gBAED,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAzCD,8DAyCC","sourcesContent":["import passport from 'koa-passport'\nimport { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'\n\nimport { config } from '@things-factory/env'\n\nimport { makeVerificationToken } from '../controllers/utils/make-verification-token'\nimport { saveVerificationToken } from '../controllers/utils/save-verification-token'\nimport { User, UserStatus } from '../service/user/user'\nimport { VerificationTokenType } from '../service/verification-token/verification-token'\nimport { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { SECRET } from '../utils/get-secret'\n\nconst sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')\n\npassport.use(\n new JWTstrategy(\n {\n secretOrKey: SECRET,\n passReqToCallback: true,\n jwtFromRequest: ExtractJwt.fromExtractors([\n ExtractJwt.fromAuthHeaderAsBearerToken(),\n ExtractJwt.fromHeader('authorization'),\n ExtractJwt.fromHeader('x-access-token'),\n ExtractJwt.fromUrlQueryParameter('access_token'),\n ExtractJwt.fromBodyField('access_token'),\n req => {\n var token = null\n token = getAccessTokenCookie(req?.ctx)\n return token\n }\n ])\n },\n async (request, decoded, done) => {\n try {\n return done(null, decoded)\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function jwtAuthenticateMiddleware(context, next) {\n const { path } = context\n const { user } = context.state\n if (user) {\n return await next()\n }\n\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (err || !decoded) {\n const e = (context.state.error = err || info)\n\n clearAccessTokenCookie(context)\n\n context.throw(401, e.message)\n } else {\n const userEntity = await User.checkAuth(decoded)\n\n if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {\n try {\n const token = makeVerificationToken()\n await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)\n clearAccessTokenCookie(context)\n context.redirect(`/auth/reset-password?token=${token}`)\n } catch (e) {\n throw err\n }\n } else {\n context.state.user = userEntity\n context.state.decodedToken = decoded\n\n if (sessionExpiryPolicy == 'rolling') {\n /* To renew the expiry time on each request, a token is issued and the session is updated. */\n\n const token = await userEntity.sign()\n setAccessTokenCookie(context, token)\n }\n\n await next()\n }\n }\n })(context, next)\n}\n"]}
package/dist-server/middlewares/signin-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"signin-middleware.js","sourceRoot":"","sources":["../../server/middlewares/signin-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,mDAA0D;AAE1D,kDAA8C;AAE9C,sBAAQ,CAAC,GAAG,CACV,QAAQ,EACR,IAAI,yBAAa,CACf;IACE,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,UAAU;CAC1B,EACD,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;IAC9B,IAAI;QACF,MAAM,EACJ,IAAI,EAAE,QAAQ,EACd,KAAK,EACL,OAAO,EACR,GAAG,MAAM,IAAA,eAAM,EAAC;YACf,KAAK;YACL,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,IAAI,CACT,IAAI,EACJ;YACE,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,OAAO;SACR,EACD;YACE,OAAO,EAAE,wBAAwB;SAClC,CACF,CAAA;KACF;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;KACnB;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAAO,EAAE,IAAI;IAClD,OAAO,sBAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACnF,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;YAChB,MAAM,GAAG,CAAA;SACV;aAAM;YACL,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAEtC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAA;YAC7B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;YAE3B,MAAM,IAAI,EAAE,CAAA;SACb;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAbD,4CAaC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as localStrategy } from 'passport-local'\n\nimport { signin } from '../controllers/signin'\n\npassport.use(\n 'signin',\n new localStrategy(\n {\n usernameField: 'email',\n passwordField: 'password'\n },\n async (email, password, done) => {\n try {\n const {\n user: userInfo,\n token,\n domains\n } = await signin({\n email,\n password\n })\n\n return done(\n null,\n {\n user: userInfo,\n token,\n domains\n },\n {\n message: 'Logged in Successfully'\n }\n )\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function signinMiddleware(context, next) {\n return passport.authenticate('signin', { session: false }, async (err, user, info) => {\n if (err || !user) {\n throw err\n } else {\n const { user: userInfo, token } = user\n\n context.state.user = userInfo\n context.state.token = token\n\n await next()\n }\n })(context, next)\n}\n"]}
1
+ {"version":3,"file":"signin-middleware.js","sourceRoot":"","sources":["../../server/middlewares/signin-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,mDAA0D;AAE1D,kDAA8C;AAE9C,sBAAQ,CAAC,GAAG,CACV,QAAQ,EACR,IAAI,yBAAa,CACf;IACE,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,UAAU;CAC1B,EACD,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;IAC9B,IAAI,CAAC;QACH,MAAM,EACJ,IAAI,EAAE,QAAQ,EACd,KAAK,EACL,OAAO,EACR,GAAG,MAAM,IAAA,eAAM,EAAC;YACf,KAAK;YACL,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,IAAI,CACT,IAAI,EACJ;YACE,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,OAAO;SACR,EACD;YACE,OAAO,EAAE,wBAAwB;SAClC,CACF,CAAA;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAAO,EAAE,IAAI;IAClD,OAAO,sBAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACnF,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,GAAG,CAAA;QACX,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAEtC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAA;YAC7B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;YAE3B,MAAM,IAAI,EAAE,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAbD,4CAaC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as localStrategy } from 'passport-local'\n\nimport { signin } from '../controllers/signin'\n\npassport.use(\n 'signin',\n new localStrategy(\n {\n usernameField: 'email',\n passwordField: 'password'\n },\n async (email, password, done) => {\n try {\n const {\n user: userInfo,\n token,\n domains\n } = await signin({\n email,\n password\n })\n\n return done(\n null,\n {\n user: userInfo,\n token,\n domains\n },\n {\n message: 'Logged in Successfully'\n }\n )\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function signinMiddleware(context, next) {\n return passport.authenticate('signin', { session: false }, async (err, user, info) => {\n if (err || !user) {\n throw err\n } else {\n const { user: userInfo, token } = user\n\n context.state.user = userInfo\n context.state.token = token\n\n await next()\n }\n })(context, next)\n}\n"]}
package/dist-server/middlewares/webauthn-middleware.js CHANGED
@@ -20,7 +20,13 @@ koa_passport_1.default.use(new passport_fido2_webauthn_1.Strategy({ store: expor
20
20
  if (!credential) {
21
21
  return cb(null, false, { errorCode: auth_error_1.AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND });
22
22
  }
23
- return cb(null, user, credential.publicKey);
23
+ try {
24
+ return cb(null, user, credential.publicKey);
25
+ }
26
+ catch (error) {
27
+ console.error(error);
28
+ return cb(null, false, { errorCode: auth_error_1.AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED });
29
+ }
24
30
  }, async function register(user, id, publicKey, cb) {
25
31
  const userObject = await (0, shell_1.getRepository)(user_1.User).findOne({ where: { id: user.id.toString() } });
26
32
  const webAuthRepository = (0, shell_1.getRepository)(web_auth_credential_1.WebAuthCredential);
package/dist-server/middlewares/webauthn-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,qEAA6F;AAE7F,iDAAqD;AAErD,+CAA2C;AAC3C,qDAAgD;AAChD,4FAAsF;AAEzE,QAAA,KAAK,GAAG,IAAI,+CAAqB,EAAE,CAAA;AAEhD,sBAAQ,CAAC,GAAG,CACV,IAAI,kCAAgB,CAClB,EAAE,KAAK,EAAL,aAAK,EAAE,EACT,KAAK,UAAU,MAAM,CAAC,EAAU,EAAE,UAAsB,EAAE,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAA;KAC5E;IACD,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACnD,CAAC,CAAA;IACF,IAAI,CAAC,UAAU,EAAE;QACf,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,yBAAyB,EAAE,CAAC,CAAA;KACvF;IAED,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;AAC7C,CAAC,EACD,KAAK,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;IAC7C,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IAC3F,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAA;IAE1D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE;KAC7D,CAAC,CAAA;IAEF,0CAA0C;IAC1C,IAAI,aAAa,EAAE;QACjB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;KACjD;IAED,MAAM,iBAAiB,CAAC,IAAI,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,EAAE;QAChB,SAAS;QACT,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AAC7B,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;IACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,UAAU,EACV,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;YAChB,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,MAAM,IAAI,sBAAS,CAAC,IAAI,CAAC,CAAA;aAC1B;iBAAM;gBACL,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,UAAU;oBAC3C,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;aACH;SACF;aAAM;YACL,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAEzB,MAAM,IAAI,EAAE,CAAA;SACb;IACH,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC;AArBD,gDAqBC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as WebAuthnStrategy, SessionChallengeStore } from 'passport-fido2-webauthn'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { AuthError } from '../errors/auth-error'\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'\n\nexport const store = new SessionChallengeStore()\n\npassport.use(\n new WebAuthnStrategy(\n { store },\n async function verify(id: string, userHandle: Uint8Array, cb) {\n const user = await getRepository(User).findOne({ where: { id: userHandle.toString() } })\n if (!user) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND })\n }\n const credential = await getRepository(WebAuthCredential).findOne({\n where: { credentialId: id, user: { id: user.id } }\n })\n if (!credential) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })\n }\n\n return cb(null, user, credential.publicKey)\n },\n async function register(user, id, publicKey, cb) {\n const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })\n const webAuthRepository = getRepository(WebAuthCredential)\n\n const oldCredential = await webAuthRepository.findOne({\n where: { user: { id: userObject.id }, publicKey: publicKey }\n })\n\n /* TODO publicKey 비교로는 중복된 등록을 막을 수 없다. */\n if (oldCredential) {\n await webAuthRepository.delete(oldCredential.id)\n }\n\n await webAuthRepository.save({\n user: userObject,\n credentialId: id,\n publicKey,\n counter: 0\n })\n\n return cb(null, userObject)\n }\n )\n)\n\nexport async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n 'webauthn',\n { session: true, failureMessage: true, failWithError: true },\n async (err, user, info) => {\n if (err || !user) {\n if (info.errorCode) {\n throw new AuthError(info)\n } else {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTH_ERROR,\n detail: info\n })\n }\n } else {\n context.state.user = user\n\n await next()\n }\n }\n )(context, next)\n}\n"]}
1
+ {"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,qEAA6F;AAE7F,iDAAqD;AAErD,+CAA2C;AAC3C,qDAAgD;AAChD,4FAAsF;AAEzE,QAAA,KAAK,GAAG,IAAI,+CAAqB,EAAE,CAAA;AAEhD,sBAAQ,CAAC,GAAG,CACV,IAAI,kCAAgB,CAClB,EAAE,KAAK,EAAL,aAAK,EAAE,EACT,KAAK,UAAU,MAAM,CAAC,EAAU,EAAE,UAAsB,EAAE,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAA;IAC7E,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACnD,CAAC,CAAA;IACF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,yBAAyB,EAAE,CAAC,CAAA;IACxF,CAAC;IAED,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QACpB,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,sBAAsB,EAAE,CAAC,CAAA;IACrF,CAAC;AACH,CAAC,EACD,KAAK,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;IAC7C,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IAC3F,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAA;IAE1D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE;KAC7D,CAAC,CAAA;IAEF,0CAA0C;IAC1C,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,iBAAiB,CAAC,IAAI,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,EAAE;QAChB,SAAS;QACT,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AAC7B,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;IACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,UAAU,EACV,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,MAAM,IAAI,sBAAS,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,UAAU;oBAC3C,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAEzB,MAAM,IAAI,EAAE,CAAA;QACd,CAAC;IACH,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC;AArBD,gDAqBC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as WebAuthnStrategy, SessionChallengeStore } from 'passport-fido2-webauthn'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { AuthError } from '../errors/auth-error'\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'\n\nexport const store = new SessionChallengeStore()\n\npassport.use(\n new WebAuthnStrategy(\n { store },\n async function verify(id: string, userHandle: Uint8Array, cb) {\n const user = await getRepository(User).findOne({ where: { id: userHandle.toString() } })\n if (!user) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND })\n }\n const credential = await getRepository(WebAuthCredential).findOne({\n where: { credentialId: id, user: { id: user.id } }\n })\n if (!credential) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })\n }\n\n try {\n return cb(null, user, credential.publicKey)\n } catch (error) {\n console.error(error)\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED })\n }\n },\n async function register(user, id, publicKey, cb) {\n const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })\n const webAuthRepository = getRepository(WebAuthCredential)\n\n const oldCredential = await webAuthRepository.findOne({\n where: { user: { id: userObject.id }, publicKey: publicKey }\n })\n\n /* TODO publicKey 비교로는 중복된 등록을 막을 수 없다. */\n if (oldCredential) {\n await webAuthRepository.delete(oldCredential.id)\n }\n\n await webAuthRepository.save({\n user: userObject,\n credentialId: id,\n publicKey,\n counter: 0\n })\n\n return cb(null, userObject)\n }\n )\n)\n\nexport async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n 'webauthn',\n { session: true, failureMessage: true, failWithError: true },\n async (err, user, info) => {\n if (err || !user) {\n if (info.errorCode) {\n throw new AuthError(info)\n } else {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTH_ERROR,\n detail: info\n })\n }\n } else {\n context.state.user = user\n\n await next()\n }\n }\n )(context, next)\n}\n"]}
package/dist-server/migrations/1548206416130-SeedUser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"1548206416130-SeedUser.js","sourceRoot":"","sources":["../../server/migrations/1548206416130-SeedUser.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAEhE,6CAAoD;AACpD,iDAA6D;AAE7D,+CAAuD;AAEvD,MAAM,aAAa,GAAG,YAAM,CAAC,GAAG,CAAC,cAAc,EAAE;IAC/C,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,oBAAoB;IAC3B,QAAQ,EAAE,OAAO;CAClB,CAAC,CAAA;AAEF,MAAM,UAAU,GAAG;oCAEZ,aAAa,KAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAU,CAAC,SAAS;CAE/B,CAAA;AACD,MAAa,sBAAsB;IAC1B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,cAAc,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAA;QAE9C,MAAM,MAAM,GAAW,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAEpF,IAAI;YACF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gBAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,IAAI,GAAG,WAAI,CAAC,YAAY,EAAE,CAAA;gBAChC,MAAM,QAAQ,GAAG,WAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;gBAEjD,MAAM,cAAc,CAAC,IAAI,iCACpB,IAAI,KACP,IAAI;oBACJ,QAAQ,EACR,OAAO,EAAE,CAAC,MAAM,CAAC,IACjB,CAAA;aACH;SACF;QAAC,OAAO,CAAC,EAAE;YACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;SAChB;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAA;QAC7F,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,EAAE,CAAA;QAEvB,MAAM,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB;QACxC,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAEtC,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;YACxC,IAAI,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACrE,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAtCD,wDAsCC","sourcesContent":["import { ILike, MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { config, logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { User, UserStatus } from '../service/user/user'\n\nconst ADMIN_ACCOUNT = config.get('adminAccount', {\n name: 'Admin',\n email: 'admin@hatiolab.com',\n password: 'admin'\n})\n\nconst SEED_USERS = [\n {\n ...ADMIN_ACCOUNT,\n userType: 'user',\n status: UserStatus.ACTIVATED\n }\n]\nexport class SeedUsers1548206416130 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const userRepository = getRepository(User)\n const domainRepository = getRepository(Domain)\n\n const domain: Domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } })\n\n try {\n for (let i = 0; i < SEED_USERS.length; i++) {\n const user = SEED_USERS[i]\n const salt = User.generateSalt()\n const password = User.encode(user.password, salt)\n\n await userRepository.save({\n ...user,\n salt,\n password,\n domains: [domain]\n })\n }\n } catch (e) {\n logger.error(e)\n }\n\n const admin = await userRepository.findOne({ where: { email: ILike('admin@hatiolab.com') } })\n domain.owner = admin.id\n\n await domainRepository.save(domain)\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {\n const repository = getRepository(User)\n\n SEED_USERS.reverse().forEach(async user => {\n let record = await repository.findOneBy({ email: ILike(user.email) })\n await repository.remove(record)\n })\n }\n}\n"]}
1
+ {"version":3,"file":"1548206416130-SeedUser.js","sourceRoot":"","sources":["../../server/migrations/1548206416130-SeedUser.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAEhE,6CAAoD;AACpD,iDAA6D;AAE7D,+CAAuD;AAEvD,MAAM,aAAa,GAAG,YAAM,CAAC,GAAG,CAAC,cAAc,EAAE;IAC/C,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,oBAAoB;IAC3B,QAAQ,EAAE,OAAO;CAClB,CAAC,CAAA;AAEF,MAAM,UAAU,GAAG;oCAEZ,aAAa,KAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAU,CAAC,SAAS;CAE/B,CAAA;AACD,MAAa,sBAAsB;IAC1B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,cAAc,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAA;QAE9C,MAAM,MAAM,GAAW,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAEpF,IAAI,CAAC;YACH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,IAAI,GAAG,WAAI,CAAC,YAAY,EAAE,CAAA;gBAChC,MAAM,QAAQ,GAAG,WAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;gBAEjD,MAAM,cAAc,CAAC,IAAI,iCACpB,IAAI,KACP,IAAI;oBACJ,QAAQ,EACR,OAAO,EAAE,CAAC,MAAM,CAAC,IACjB,CAAA;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAA;QAC7F,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,EAAE,CAAA;QAEvB,MAAM,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB;QACxC,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAEtC,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;YACxC,IAAI,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACrE,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAtCD,wDAsCC","sourcesContent":["import { ILike, MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { config, logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { User, UserStatus } from '../service/user/user'\n\nconst ADMIN_ACCOUNT = config.get('adminAccount', {\n name: 'Admin',\n email: 'admin@hatiolab.com',\n password: 'admin'\n})\n\nconst SEED_USERS = [\n {\n ...ADMIN_ACCOUNT,\n userType: 'user',\n status: UserStatus.ACTIVATED\n }\n]\nexport class SeedUsers1548206416130 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const userRepository = getRepository(User)\n const domainRepository = getRepository(Domain)\n\n const domain: Domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } })\n\n try {\n for (let i = 0; i < SEED_USERS.length; i++) {\n const user = SEED_USERS[i]\n const salt = User.generateSalt()\n const password = User.encode(user.password, salt)\n\n await userRepository.save({\n ...user,\n salt,\n password,\n domains: [domain]\n })\n }\n } catch (e) {\n logger.error(e)\n }\n\n const admin = await userRepository.findOne({ where: { email: ILike('admin@hatiolab.com') } })\n domain.owner = admin.id\n\n await domainRepository.save(domain)\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {\n const repository = getRepository(User)\n\n SEED_USERS.reverse().forEach(async user => {\n let record = await repository.findOneBy({ email: ILike(user.email) })\n await repository.remove(record)\n })\n }\n}\n"]}
package/dist-server/migrations/1566805283882-SeedPrivilege.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"1566805283882-SeedPrivilege.js","sourceRoot":"","sources":["../../server/migrations/1566805283882-SeedPrivilege.ts"],"names":[],"mappings":";;;AAEA,6CAA4C;AAC5C,iDAAqD;AAErD,8DAA0D;AAE1D,MAAa,0BAA0B;IAC9B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,0CAA0C,CAAC,CAAA;QACtE,MAAM,MAAM,EAAE,CAAA;QACd,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;QAExC,IAAI;YACF,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE;gBAC5E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE;oBACzE,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;iBACnD;aACF;SACF;QAAC,OAAO,CAAC,EAAE;YACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;SAChB;IACH,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB,IAAiB,CAAC;CAC7D;AApBD,gEAoBC","sourcesContent":["import { MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { getRepository } from '@things-factory/shell'\n\nimport { Privilege } from '../service/privilege/privilege'\n\nexport class SeedPrivilege1566805283882 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const privilegeRepository = getRepository(Privilege)\n\n const { schema } = require('@things-factory/shell/dist-server/schema')\n await schema()\n const privileges = process['PRIVILEGES']\n\n try {\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n } catch (e) {\n logger.error(e)\n }\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {}\n}\n"]}
1
+ {"version":3,"file":"1566805283882-SeedPrivilege.js","sourceRoot":"","sources":["../../server/migrations/1566805283882-SeedPrivilege.ts"],"names":[],"mappings":";;;AAEA,6CAA4C;AAC5C,iDAAqD;AAErD,8DAA0D;AAE1D,MAAa,0BAA0B;IAC9B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,0CAA0C,CAAC,CAAA;QACtE,MAAM,MAAM,EAAE,CAAA;QACd,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;QAExC,IAAI,CAAC;YACH,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE,CAAC;gBAC7E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC1E,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;gBACpD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB,IAAiB,CAAC;CAC7D;AApBD,gEAoBC","sourcesContent":["import { MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { getRepository } from '@things-factory/shell'\n\nimport { Privilege } from '../service/privilege/privilege'\n\nexport class SeedPrivilege1566805283882 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const privilegeRepository = getRepository(Privilege)\n\n const { schema } = require('@things-factory/shell/dist-server/schema')\n await schema()\n const privileges = process['PRIVILEGES']\n\n try {\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n } catch (e) {\n logger.error(e)\n }\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {}\n}\n"]}
package/dist-server/router/auth-checkin-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-checkin-router.js","sourceRoot":"","sources":["../../server/router/auth-checkin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA+F;AAE/F,0EAAqE;AAErE,8CAA0C;AAC1C,sEAAqE;AACrE,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAE9B,QAAA,iBAAiB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE7C,yBAAiB,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAElC,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,IAAI,UAAU;QAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEtE,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QACjD,yCAAyC;QACzC,IAAI;YACF,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;YACrH,MAAM,aAAa,GAAgC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAA,CAAC,wCAAwC;YACxI,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;YAEnF,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;SACpB;QAAC,OAAO,CAAC,EAAE;YACV,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,MAAM,CAAC,CAAA;SACR;KACF;SAAM;QACL,qCAAqC;QACrC,MAAM,EAAE,WAAW,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEvD,IAAI;YACF,IAAI,OAAe,CAAA;YAEnB,IAAI,CAAC,SAAS,EAAE;gBACd,6CAA6C;gBAC7C,SAAS,GAAG,IAAA,6BAAqB,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;aACvD;YAED,IAAI,aAA8B,CAAA;YAClC,IAAI,SAAS,EAAE;gBACb,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;gBAC3D,IAAI,CAAC,aAAa;oBAAE,OAAO,GAAG,CAAC,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;aAC3E;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC/B,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;aAC3B;YAED,IAAI,aAAa,EAAE;gBACjB,OAAO,MAAM,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;aACzD;YAED,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,kBAAkB;gBACjC,IAAI,EAAE;oBACJ,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;oBAC1F,OAAO;oBACP,UAAU;oBACV,UAAU;oBACV,OAAO;iBACR;aACF,CAAC,CAAA;SACH;QAAC,OAAO,CAAC,EAAE;YACV,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,OAAO,CAAC,QAAQ,CACd,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CACrG,CAAA;SACF;KACF;AACH,CAAC,CAAC,CAAA;AAEF,yBAAiB,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAC,OAAO,EAAC,EAAE;IACrD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,OAAO,GAAG,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IACxC,IAAI,UAAU,EAAE;QACd,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;KACvD;IAED,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,KAAK,UAAU,OAAO,CACpB,aAA8B,EAC9B,UAAyB,EACzB,OAAwB;IAExB,MAAM,IAAI,GAAS,OAAO,CAAC,KAAK,CAAC,IAAI,CAAA;IACrC,MAAM,4BAAY,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;IAEnF,IAAI,UAAU,EAAE;QACd,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAA,gCAAwB,EAAC,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAA;KAChG;AACH,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, findSubdomainFromPath, getRedirectSubdomainPath } from '@things-factory/shell'\n\nimport { LoginHistory } from '../service/login-history/login-history'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\n\nexport const authCheckinRouter = new Router()\n\nauthCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {\n const { request, t } = context\n const header = request.header\n const { user } = context.state\n let { subdomain } = context.params\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n if (domainType) domains = domains.filter(d => d.extType == domainType)\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n // When request expects non html response\n try {\n if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain\n const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain\n if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))\n\n await checkIn(checkInDomain, null, context)\n context.body = true\n } catch (e) {\n clearAccessTokenCookie(context)\n throw e\n }\n } else {\n // When request expects html response\n const { redirect_to: redirectTo = '/' } = context.query\n\n try {\n let message: string\n\n if (!subdomain) {\n /* try to find domain from redirectTo path */\n subdomain = findSubdomainFromPath(context, redirectTo)\n }\n\n let checkInDomain: Partial<Domain>\n if (subdomain) {\n checkInDomain = domains.find(d => d.subdomain == subdomain)\n if (!checkInDomain) message = t('error.domain not allowed', { subdomain })\n } else if (domains.length === 1) {\n checkInDomain = domains[0]\n }\n\n if (checkInDomain) {\n return await checkIn(checkInDomain, redirectTo, context)\n }\n\n await context.render('auth-page', {\n pageElement: 'auth-checkin',\n elementScript: '/auth/checkin.js',\n data: {\n user: { email: user.email, locale: user.locale, name: user.name, userType: user.userType },\n domains,\n domainType,\n redirectTo,\n message\n }\n })\n } catch (e) {\n clearAccessTokenCookie(context)\n context.redirect(\n `/auth/signin?email=${encodeURIComponent(user.email)}&redirect_to=${encodeURIComponent(redirectTo)}`\n )\n }\n }\n})\n\nauthCheckinRouter.get('/auth/domains', async context => {\n const { user } = context.state\n var domains = await getUserDomains(user)\n if (domainType) {\n domains = domains.filter(d => d.extType == domainType)\n }\n\n context.body = domains\n})\n\nasync function checkIn(\n checkInDomain: Partial<Domain>,\n redirectTo: string | null,\n context: ResolverContext\n): Promise<void> {\n const user: User = context.state.user\n await LoginHistory.stamp(checkInDomain, user, context.req.connection.remoteAddress)\n\n if (redirectTo) {\n return context.redirect(getRedirectSubdomainPath(context, checkInDomain.subdomain, redirectTo))\n }\n}\n"]}
1
+ {"version":3,"file":"auth-checkin-router.js","sourceRoot":"","sources":["../../server/router/auth-checkin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA+F;AAE/F,0EAAqE;AAErE,8CAA0C;AAC1C,sEAAqE;AACrE,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAE9B,QAAA,iBAAiB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE7C,yBAAiB,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAElC,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,IAAI,UAAU;QAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEtE,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QAClD,yCAAyC;QACzC,IAAI,CAAC;YACH,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;YACrH,MAAM,aAAa,GAAgC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAA,CAAC,wCAAwC;YACxI,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;YAEnF,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;QACrB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,MAAM,CAAC,CAAA;QACT,CAAC;IACH,CAAC;SAAM,CAAC;QACN,qCAAqC;QACrC,MAAM,EAAE,WAAW,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEvD,IAAI,CAAC;YACH,IAAI,OAAe,CAAA;YAEnB,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,6CAA6C;gBAC7C,SAAS,GAAG,IAAA,6BAAqB,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YACxD,CAAC;YAED,IAAI,aAA8B,CAAA;YAClC,IAAI,SAAS,EAAE,CAAC;gBACd,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;gBAC3D,IAAI,CAAC,aAAa;oBAAE,OAAO,GAAG,CAAC,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;YAC5E,CAAC;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;YAC5B,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,MAAM,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,kBAAkB;gBACjC,IAAI,EAAE;oBACJ,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;oBAC1F,OAAO;oBACP,UAAU;oBACV,UAAU;oBACV,OAAO;iBACR;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,OAAO,CAAC,QAAQ,CACd,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CACrG,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,yBAAiB,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAC,OAAO,EAAC,EAAE;IACrD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,OAAO,GAAG,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IACxC,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IACxD,CAAC;IAED,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,KAAK,UAAU,OAAO,CACpB,aAA8B,EAC9B,UAAyB,EACzB,OAAwB;IAExB,MAAM,IAAI,GAAS,OAAO,CAAC,KAAK,CAAC,IAAI,CAAA;IACrC,MAAM,4BAAY,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;IAEnF,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAA,gCAAwB,EAAC,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAA;IACjG,CAAC;AACH,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, findSubdomainFromPath, getRedirectSubdomainPath } from '@things-factory/shell'\n\nimport { LoginHistory } from '../service/login-history/login-history'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\n\nexport const authCheckinRouter = new Router()\n\nauthCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {\n const { request, t } = context\n const header = request.header\n const { user } = context.state\n let { subdomain } = context.params\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n if (domainType) domains = domains.filter(d => d.extType == domainType)\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n // When request expects non html response\n try {\n if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain\n const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain\n if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))\n\n await checkIn(checkInDomain, null, context)\n context.body = true\n } catch (e) {\n clearAccessTokenCookie(context)\n throw e\n }\n } else {\n // When request expects html response\n const { redirect_to: redirectTo = '/' } = context.query\n\n try {\n let message: string\n\n if (!subdomain) {\n /* try to find domain from redirectTo path */\n subdomain = findSubdomainFromPath(context, redirectTo)\n }\n\n let checkInDomain: Partial<Domain>\n if (subdomain) {\n checkInDomain = domains.find(d => d.subdomain == subdomain)\n if (!checkInDomain) message = t('error.domain not allowed', { subdomain })\n } else if (domains.length === 1) {\n checkInDomain = domains[0]\n }\n\n if (checkInDomain) {\n return await checkIn(checkInDomain, redirectTo, context)\n }\n\n await context.render('auth-page', {\n pageElement: 'auth-checkin',\n elementScript: '/auth/checkin.js',\n data: {\n user: { email: user.email, locale: user.locale, name: user.name, userType: user.userType },\n domains,\n domainType,\n redirectTo,\n message\n }\n })\n } catch (e) {\n clearAccessTokenCookie(context)\n context.redirect(\n `/auth/signin?email=${encodeURIComponent(user.email)}&redirect_to=${encodeURIComponent(redirectTo)}`\n )\n }\n }\n})\n\nauthCheckinRouter.get('/auth/domains', async context => {\n const { user } = context.state\n var domains = await getUserDomains(user)\n if (domainType) {\n domains = domains.filter(d => d.extType == domainType)\n }\n\n context.body = domains\n})\n\nasync function checkIn(\n checkInDomain: Partial<Domain>,\n redirectTo: string | null,\n context: ResolverContext\n): Promise<void> {\n const user: User = context.state.user\n await LoginHistory.stamp(checkInDomain, user, context.req.connection.remoteAddress)\n\n if (redirectTo) {\n return context.redirect(getRedirectSubdomainPath(context, checkInDomain.subdomain, redirectTo))\n }\n}\n"]}
package/dist-server/router/auth-private-process-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-private-process-router.js","sourceRoot":"","sources":["../../server/router/auth-private-process-router.ts"],"names":[],"mappings":";;;;AAAA,qCAA+B;AAC/B,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA6D;AAE7D,0DAAqD;AACrD,4DAAuD;AACvD,oDAAsD;AACtD,+CAA2C;AAC3C,sEAA2F;AAC3F,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAC3C,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;AAEvC,QAAA,wBAAwB,GAAG,IAAI,oBAAM,CAAC;IACjD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,gCAAwB;KACrB,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEnE,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAS,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAA;IAEhG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;IAEtD,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;AACtC,CAAC,CAAC;KACD,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/C,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IACxC,MAAM,IAAA,uBAAa,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAEpD,IAAI,WAAW,CAAC,MAAM,EAAE;QACtB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAA;KAC1F;SAAM;QACL,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;KACtD;AACH,CAAC,CAAC;KACD,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC9B,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC5B,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,CAAA;IAE/B,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAE9C,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE;YACL,KAAK,EAAE,IAAA,eAAK,EAAC,SAAS,CAAC;SACxB;QACD,SAAS,EAAE,CAAC,SAAS,CAAC;KACvB,CAAC,CAAA;IAEF,IAAI,KAAK,IAAI,SAAS,IAAI,CAAC,WAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE;QAClF,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;KACP;IAED,MAAM,IAAA,wBAAU,EAAC,IAAI,CAAC,CAAA;IAEtB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;IAC/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;AACjC,CAAC,CAAC;KACD,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvC,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtE,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;KACP;IAED,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEhE,IAAI,UAAU,GAAG,MAAM,WAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAE/D,IAAI,oBAAoB,EAAE;QACxB,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;YACvD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;QACzF,CAAC,CAAC,CAAA;KACH;IAED,OAAO,CAAC,IAAI,GAAG;QACb,IAAI,EAAE;YACJ,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;YACrD,KAAK,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YACnD,QAAQ;YACR,UAAU;SACX;QACD,OAAO;QACP,MAAM,EAAE,MAAM,IAAI;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;QACD,SAAS;KACV,CAAA;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { ILike } from 'typeorm'\nimport Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { changePwd } from '../controllers/change-pwd'\nimport { deleteUser } from '../controllers/delete-user'\nimport { updateProfile } from '../controllers/profile'\nimport { User } from '../service/user/user'\nimport { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\nconst languages = config.get('i18n/languages') || []\n\nexport const authPrivateProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPrivateProcessRouter\n .post('/change-pass', async (context, next) => {\n const { t } = context\n let { current_pass, new_pass, confirm_pass } = context.request.body\n\n const token = await changePwd(context.state.user, current_pass, new_pass, confirm_pass, context)\n\n context.body = t('text.password changed successfully')\n\n setAccessTokenCookie(context, token)\n })\n .post('/update-profile', async (context, next) => {\n const { i18next, t } = context\n const newProfiles = context.request.body\n await updateProfile(context.state.user, newProfiles)\n\n if (newProfiles.locale) {\n context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully')\n } else {\n context.body = t('text.profile changed successfully')\n }\n })\n .post('/delete-user', async (context, next) => {\n const { t, session } = context\n var { user } = context.state\n var { email: userEmail } = user\n\n var { password, email } = context.request.body\n\n const userRepo = getRepository(User)\n const userInfo = await userRepo.findOne({\n where: {\n email: ILike(userEmail)\n },\n relations: ['domains']\n })\n\n if (email != userEmail || !User.verify(userInfo.password, password, userInfo.salt)) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n await deleteUser(user)\n\n context.body = t('text.delete account succeed')\n clearAccessTokenCookie(context)\n })\n .get('/profile', async (context, next) => {\n const { t } = context\n const { domain, user, unsafeIP, prohibitedPrivileges } = context.state\n\n if (!domain) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n domains = domains.filter((d: Domain) => d.extType == domainType)\n\n var privileges = await User.getPrivilegesByDomain(user, domain)\n\n if (prohibitedPrivileges) {\n prohibitedPrivileges.forEach(({ category, privilege }) => {\n privileges = privileges.filter(p => p.category != category || p.privilege != privilege)\n })\n }\n\n context.body = {\n user: {\n email: user.email,\n name: user.name,\n userType: user.userType,\n owner: await process.domainOwnerGranted(domain, user),\n super: await process.superUserGranted(domain, user),\n unsafeIP,\n privileges\n },\n domains,\n domain: domain && {\n name: domain.name,\n subdomain: domain.subdomain\n },\n languages\n }\n })\n"]}
1
+ {"version":3,"file":"auth-private-process-router.js","sourceRoot":"","sources":["../../server/router/auth-private-process-router.ts"],"names":[],"mappings":";;;;AAAA,qCAA+B;AAC/B,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA6D;AAE7D,0DAAqD;AACrD,4DAAuD;AACvD,oDAAsD;AACtD,+CAA2C;AAC3C,sEAA2F;AAC3F,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAC3C,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;AAEvC,QAAA,wBAAwB,GAAG,IAAI,oBAAM,CAAC;IACjD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,gCAAwB;KACrB,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEnE,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAS,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAA;IAEhG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;IAEtD,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;AACtC,CAAC,CAAC;KACD,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/C,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IACxC,MAAM,IAAA,uBAAa,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAEpD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAA;IAC3F,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;IACvD,CAAC;AACH,CAAC,CAAC;KACD,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC9B,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC5B,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,CAAA;IAE/B,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAE9C,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE;YACL,KAAK,EAAE,IAAA,eAAK,EAAC,SAAS,CAAC;SACxB;QACD,SAAS,EAAE,CAAC,SAAS,CAAC;KACvB,CAAC,CAAA;IAEF,IAAI,KAAK,IAAI,SAAS,IAAI,CAAC,WAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnF,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,MAAM,IAAA,wBAAU,EAAC,IAAI,CAAC,CAAA;IAEtB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;IAC/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;AACjC,CAAC,CAAC;KACD,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvC,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEhE,IAAI,UAAU,GAAG,MAAM,WAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAE/D,IAAI,oBAAoB,EAAE,CAAC;QACzB,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;YACvD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;QACzF,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,IAAI,EAAE;YACJ,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;YACrD,KAAK,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YACnD,QAAQ;YACR,UAAU;SACX;QACD,OAAO;QACP,MAAM,EAAE,MAAM,IAAI;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;QACD,SAAS;KACV,CAAA;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { ILike } from 'typeorm'\nimport Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { changePwd } from '../controllers/change-pwd'\nimport { deleteUser } from '../controllers/delete-user'\nimport { updateProfile } from '../controllers/profile'\nimport { User } from '../service/user/user'\nimport { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\nconst languages = config.get('i18n/languages') || []\n\nexport const authPrivateProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPrivateProcessRouter\n .post('/change-pass', async (context, next) => {\n const { t } = context\n let { current_pass, new_pass, confirm_pass } = context.request.body\n\n const token = await changePwd(context.state.user, current_pass, new_pass, confirm_pass, context)\n\n context.body = t('text.password changed successfully')\n\n setAccessTokenCookie(context, token)\n })\n .post('/update-profile', async (context, next) => {\n const { i18next, t } = context\n const newProfiles = context.request.body\n await updateProfile(context.state.user, newProfiles)\n\n if (newProfiles.locale) {\n context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully')\n } else {\n context.body = t('text.profile changed successfully')\n }\n })\n .post('/delete-user', async (context, next) => {\n const { t, session } = context\n var { user } = context.state\n var { email: userEmail } = user\n\n var { password, email } = context.request.body\n\n const userRepo = getRepository(User)\n const userInfo = await userRepo.findOne({\n where: {\n email: ILike(userEmail)\n },\n relations: ['domains']\n })\n\n if (email != userEmail || !User.verify(userInfo.password, password, userInfo.salt)) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n await deleteUser(user)\n\n context.body = t('text.delete account succeed')\n clearAccessTokenCookie(context)\n })\n .get('/profile', async (context, next) => {\n const { t } = context\n const { domain, user, unsafeIP, prohibitedPrivileges } = context.state\n\n if (!domain) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n domains = domains.filter((d: Domain) => d.extType == domainType)\n\n var privileges = await User.getPrivilegesByDomain(user, domain)\n\n if (prohibitedPrivileges) {\n prohibitedPrivileges.forEach(({ category, privilege }) => {\n privileges = privileges.filter(p => p.category != category || p.privilege != privilege)\n })\n }\n\n context.body = {\n user: {\n email: user.email,\n name: user.name,\n userType: user.userType,\n owner: await process.domainOwnerGranted(domain, user),\n super: await process.superUserGranted(domain, user),\n unsafeIP,\n privileges\n },\n domains,\n domain: domain && {\n name: domain.name,\n subdomain: domain.subdomain\n },\n languages\n }\n })\n"]}
package/dist-server/router/auth-public-process-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-public-process-router.js","sourceRoot":"","sources":["../../server/router/auth-public-process-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAAsE;AAEtE,0DAAiE;AACjE,kEAAqF;AACrF,4DAAuD;AACvD,8DAA6E;AAC7E,+CAA2C;AAC3C,8CAA0C;AAC1C,sEAAqE;AAErE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AACrD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,uBAAuB,GAAG,IAAI,oBAAM,CAAC;IAChD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;IAE5C,MAAM,IAAI,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACrD,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,EAAE;QACR,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;KAChD;SAAM;QACL,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;KAChD;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;IAE/B,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAA;IAE7C,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QAChD,OAAO,CAAC,QAAQ,CAAC,IAAA,uBAAe,EAAC,OAAO,CAAC,CAAC,CAAA;KAC3C;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,iBAAiB;QAC9B,aAAa,EAAE,0BAA0B;QACzC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,gBAAgB;QAC7B,aAAa,EAAE,yBAAyB;QACxC,IAAI,EAAE;YACJ,KAAK;YACL,YAAY;YACZ,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,sBAAsB;QACrC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAEhC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,eAAe;QAC5B,aAAa,EAAE,mBAAmB;QAClC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACpE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAI,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAA;IAEhC,MAAM,IAAA,qBAAM,EAAC,KAAK,CAAC,CAAA;IAEnB,IAAI,OAAO,GAAG,CAAC,CAAC,kCAAkC,CAAC,CAAA;IAEnD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IAEtB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO;gBACP,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;KACH;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,OAAO,GAAG,MAAM,IAAA,sCAAuB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC3D,IAAI,OAAO,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;KACvB;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/E,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEvD,IAAI,OAAO,GAAG,MAAM,IAAA,kCAAqB,EACvC;QACE,KAAK;QACL,SAAS;QACT,IAAI;KACL,EACD,OAAO,CACR,CAAA;IAED,IAAI,OAAO,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAA;IAE7C,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;KACvB;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,EAAE,CAAA;IAEzB,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QAClC,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,MAAM,IAAA,uCAAsB,EAAC;QAC3C,IAAI;QACJ,OAAO;KACR,CAAC,CAAA;IAEF,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gCAAgC,CAAC,CAAA;KACnD;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAE7B,IAAI;QACF,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE;YACxB,IAAI,OAAO,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;YAErD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACpB,OAAO,CAAC,IAAI,GAAG;gBACb,OAAO;aACR,CAAA;YAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;gBAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBAChC,WAAW,EAAE,gBAAgB;oBAC7B,aAAa,EAAE,yBAAyB;oBACxC,IAAI,EAAE;wBACJ,KAAK;wBACL,OAAO;wBACP,YAAY;wBACZ,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS;qBACV;iBACF,CAAC,CAAA;aACH;YAED,OAAM;SACP;QAED,MAAM,IAAA,8BAAa,EAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;QAE7C,IAAI,OAAO,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAC9C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;QAE/B,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;QAExB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;SACH;KACF;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACnE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE;QACxB,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;QAEtD,OAAM;KACP;IAED,IAAI,OAAO,GAAG,MAAM,IAAA,wBAAU,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAE/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;KAChC;IAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO,EAAE,CAAC,CAAC,6BAA6B,CAAC;gBACzC,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;KACH;AACH,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { getRepository, getSiteRootPath } from '@things-factory/shell'\n\nimport { resendInvitationEmail } from '../controllers/invitation'\nimport { resetPassword, sendPasswordResetEmail } from '../controllers/reset-password'\nimport { unlockUser } from '../controllers/unlock-user'\nimport { resendVerificationEmail, verify } from '../controllers/verification'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authPublicProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPublicProcessRouter.post('/join', async (context, next) => {\n const { email } = context.request.body || {}\n\n const user: User = await getRepository(User).findOneBy({\n email\n })\n\n if (user) {\n context.redirect(`/auth/signin?email=${email}`)\n } else {\n context.redirect(`/auth/signup?email=${email}`)\n }\n})\n\nauthPublicProcessRouter.all('/signout', async (context, next) => {\n const { header, t } = context\n clearAccessTokenCookie(context)\n\n context.body = t('text.signout successfully')\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n context.redirect(getSiteRootPath(context))\n }\n})\n\nauthPublicProcessRouter.get('/forgot-password', async (context, next) => {\n const { email } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'forgot-password',\n elementScript: '/auth/forgot-password.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/reset-password', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/unlock-user', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'unlock-user',\n elementScript: '/auth/unlock-user.js',\n data: {\n token,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/activate/:email', async (context, next) => {\n const { email } = context.params\n\n await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/verify/:token', async (context, next) => {\n const { header, t } = context\n var token = context.params.token\n\n await verify(token)\n\n var message = t('text.user activated successfully')\n\n context.body = message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n\nauthPublicProcessRouter.post('/resend-verification-email', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n var succeed = await resendVerificationEmail(email, context)\n var message = t('text.verification email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/resend-invitation-email', async (context, next) => {\n const { t } = context\n const { email, reference, type } = context.request.body\n\n var succeed = await resendInvitationEmail(\n {\n email,\n reference,\n type\n },\n context\n )\n\n var message = t('text.invitation email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/forgot-password', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n if (!email) return next()\n\n const userRepo = getRepository(User)\n const user = await userRepo.findOne({\n where: {\n email\n }\n })\n\n const succeed = await sendPasswordResetEmail({\n user,\n context\n })\n\n if (succeed) {\n context.status = 200\n context.body = t('text.password reset email sent')\n }\n})\n\nauthPublicProcessRouter.post('/reset-password', async (context, next) => {\n const { header, t } = context\n\n try {\n const { password, token } = context.request.body\n\n if (!(token && password)) {\n let message = t('error.token or password is invalid')\n\n context.status = 404\n context.body = {\n message\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n message,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n\n return\n }\n\n await resetPassword(token, password, context)\n\n var message = t('text.password reset succeed')\n context.body = message\n\n clearAccessTokenCookie(context)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n } catch (e) {\n context.status = 404\n context.body = e.message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: e.message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n }\n})\n\nauthPublicProcessRouter.post('/unlock-user', async (context, next) => {\n const { header, t } = context\n const { password, token } = context.request.body\n\n if (!(token || password)) {\n context.status = 404\n context.body = t('error.token or password is invalid')\n\n return\n }\n\n var succeed = await unlockUser(token, password)\n\n if (succeed) {\n context.body = t('text.password reset succeed')\n\n clearAccessTokenCookie(context)\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: t('text.account is reactivated'),\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n"]}
1
+ {"version":3,"file":"auth-public-process-router.js","sourceRoot":"","sources":["../../server/router/auth-public-process-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAAsE;AAEtE,0DAAiE;AACjE,kEAAqF;AACrF,4DAAuD;AACvD,8DAA6E;AAC7E,+CAA2C;AAC3C,8CAA0C;AAC1C,sEAAqE;AAErE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AACrD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,uBAAuB,GAAG,IAAI,oBAAM,CAAC;IAChD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;IAE5C,MAAM,IAAI,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACrD,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;IACjD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;IACjD,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;IAE/B,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAA;IAE7C,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,QAAQ,CAAC,IAAA,uBAAe,EAAC,OAAO,CAAC,CAAC,CAAA;IAC5C,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,iBAAiB;QAC9B,aAAa,EAAE,0BAA0B;QACzC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,gBAAgB;QAC7B,aAAa,EAAE,yBAAyB;QACxC,IAAI,EAAE;YACJ,KAAK;YACL,YAAY;YACZ,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,sBAAsB;QACrC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAEhC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,eAAe;QAC5B,aAAa,EAAE,mBAAmB;QAClC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACpE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAI,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAA;IAEhC,MAAM,IAAA,qBAAM,EAAC,KAAK,CAAC,CAAA;IAEnB,IAAI,OAAO,GAAG,CAAC,CAAC,kCAAkC,CAAC,CAAA;IAEnD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IAEtB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO;gBACP,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,OAAO,GAAG,MAAM,IAAA,sCAAuB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC3D,IAAI,OAAO,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IACxB,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/E,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEvD,IAAI,OAAO,GAAG,MAAM,IAAA,kCAAqB,EACvC;QACE,KAAK;QACL,SAAS;QACT,IAAI;KACL,EACD,OAAO,CACR,CAAA;IAED,IAAI,OAAO,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAA;IAE7C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IACxB,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,EAAE,CAAA;IAEzB,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QAClC,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,MAAM,IAAA,uCAAsB,EAAC;QAC3C,IAAI;QACJ,OAAO;KACR,CAAC,CAAA;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gCAAgC,CAAC,CAAA;IACpD,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAE7B,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAI,OAAO,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;YAErD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACpB,OAAO,CAAC,IAAI,GAAG;gBACb,OAAO;aACR,CAAA;YAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBAChC,WAAW,EAAE,gBAAgB;oBAC7B,aAAa,EAAE,yBAAyB;oBACxC,IAAI,EAAE;wBACJ,KAAK;wBACL,OAAO;wBACP,YAAY;wBACZ,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS;qBACV;iBACF,CAAC,CAAA;YACJ,CAAC;YAED,OAAM;QACR,CAAC;QAED,MAAM,IAAA,8BAAa,EAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;QAE7C,IAAI,OAAO,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAC9C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;QAE/B,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;QAExB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACnE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;QAEtD,OAAM;IACR,CAAC;IAED,IAAI,OAAO,GAAG,MAAM,IAAA,wBAAU,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAE/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;IACjC,CAAC;IAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO,EAAE,CAAC,CAAC,6BAA6B,CAAC;gBACzC,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { getRepository, getSiteRootPath } from '@things-factory/shell'\n\nimport { resendInvitationEmail } from '../controllers/invitation'\nimport { resetPassword, sendPasswordResetEmail } from '../controllers/reset-password'\nimport { unlockUser } from '../controllers/unlock-user'\nimport { resendVerificationEmail, verify } from '../controllers/verification'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authPublicProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPublicProcessRouter.post('/join', async (context, next) => {\n const { email } = context.request.body || {}\n\n const user: User = await getRepository(User).findOneBy({\n email\n })\n\n if (user) {\n context.redirect(`/auth/signin?email=${email}`)\n } else {\n context.redirect(`/auth/signup?email=${email}`)\n }\n})\n\nauthPublicProcessRouter.all('/signout', async (context, next) => {\n const { header, t } = context\n clearAccessTokenCookie(context)\n\n context.body = t('text.signout successfully')\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n context.redirect(getSiteRootPath(context))\n }\n})\n\nauthPublicProcessRouter.get('/forgot-password', async (context, next) => {\n const { email } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'forgot-password',\n elementScript: '/auth/forgot-password.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/reset-password', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/unlock-user', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'unlock-user',\n elementScript: '/auth/unlock-user.js',\n data: {\n token,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/activate/:email', async (context, next) => {\n const { email } = context.params\n\n await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/verify/:token', async (context, next) => {\n const { header, t } = context\n var token = context.params.token\n\n await verify(token)\n\n var message = t('text.user activated successfully')\n\n context.body = message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n\nauthPublicProcessRouter.post('/resend-verification-email', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n var succeed = await resendVerificationEmail(email, context)\n var message = t('text.verification email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/resend-invitation-email', async (context, next) => {\n const { t } = context\n const { email, reference, type } = context.request.body\n\n var succeed = await resendInvitationEmail(\n {\n email,\n reference,\n type\n },\n context\n )\n\n var message = t('text.invitation email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/forgot-password', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n if (!email) return next()\n\n const userRepo = getRepository(User)\n const user = await userRepo.findOne({\n where: {\n email\n }\n })\n\n const succeed = await sendPasswordResetEmail({\n user,\n context\n })\n\n if (succeed) {\n context.status = 200\n context.body = t('text.password reset email sent')\n }\n})\n\nauthPublicProcessRouter.post('/reset-password', async (context, next) => {\n const { header, t } = context\n\n try {\n const { password, token } = context.request.body\n\n if (!(token && password)) {\n let message = t('error.token or password is invalid')\n\n context.status = 404\n context.body = {\n message\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n message,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n\n return\n }\n\n await resetPassword(token, password, context)\n\n var message = t('text.password reset succeed')\n context.body = message\n\n clearAccessTokenCookie(context)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n } catch (e) {\n context.status = 404\n context.body = e.message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: e.message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n }\n})\n\nauthPublicProcessRouter.post('/unlock-user', async (context, next) => {\n const { header, t } = context\n const { password, token } = context.request.body\n\n if (!(token || password)) {\n context.status = 404\n context.body = t('error.token or password is invalid')\n\n return\n }\n\n var succeed = await unlockUser(token, password)\n\n if (succeed) {\n context.body = t('text.password reset succeed')\n\n clearAccessTokenCookie(context)\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: t('text.account is reactivated'),\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n"]}
package/dist-server/router/auth-signin-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-signin-router.js","sourceRoot":"","sources":["../../server/router/auth-signin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,gDAAiD;AACjD,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAS,CAAC,CAAA;AAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;KACtC,MAAM,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC;KAC1C,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;IACvB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AACxB,CAAC,CAAC,CAAA;AAES,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC3D,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE5C,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,iBAAiB;QAChC,IAAI,EAAE;YACJ,KAAK;YACL,UAAU,EAAE,WAAW;YACvB,QAAQ,EAAE,QAAQ;YAClB,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,8BAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC7C,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAEzC,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QACjD,OAAO,CAAC,IAAI,GAAG,KAAK,CAAA;QACpB,OAAM;KACP;IAED,IAAI,UAAU,GAAG,gBAAgB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,kBAAkB,CACrG,OAAO,CAAC,UAAU,IAAI,GAAG,CAC1B,EAAE,CAAA;IAEH,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAEpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;AAC9B,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { signinMiddleware } from '../middlewares'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst SSOConfig = config.get('sso', {} as any)\nconst SSOLinks = Object.values(SSOConfig)\n .filter(({ link, title }) => link && title)\n .map(({ link, title }) => {\n return { link, title }\n })\n\nexport const authSigninRouter = new Router()\n\nauthSigninRouter.get('/auth/signin', async (context, next) => {\n const { redirect_to, email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signin',\n elementScript: '/auth/signin.js',\n data: {\n email,\n redirectTo: redirect_to,\n ssoLinks: SSOLinks,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {\n const { request, t } = context\n const { token, user, domain } = context.state\n const { body: reqBody, header } = request\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n context.body = token\n return\n }\n\n var redirectTo = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(\n reqBody.redirectTo || '/'\n )}`\n\n setAccessTokenCookie(context, token)\n\n context.redirect(redirectTo)\n})\n"]}
1
+ {"version":3,"file":"auth-signin-router.js","sourceRoot":"","sources":["../../server/router/auth-signin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,gDAAiD;AACjD,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAS,CAAC,CAAA;AAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;KACtC,MAAM,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC;KAC1C,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;IACvB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AACxB,CAAC,CAAC,CAAA;AAES,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC3D,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE5C,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,iBAAiB;QAChC,IAAI,EAAE;YACJ,KAAK;YACL,UAAU,EAAE,WAAW;YACvB,QAAQ,EAAE,QAAQ;YAClB,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,8BAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC7C,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAEzC,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,GAAG,KAAK,CAAA;QACpB,OAAM;IACR,CAAC;IAED,IAAI,UAAU,GAAG,gBAAgB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,kBAAkB,CACrG,OAAO,CAAC,UAAU,IAAI,GAAG,CAC1B,EAAE,CAAA;IAEH,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAEpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;AAC9B,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { signinMiddleware } from '../middlewares'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst SSOConfig = config.get('sso', {} as any)\nconst SSOLinks = Object.values(SSOConfig)\n .filter(({ link, title }) => link && title)\n .map(({ link, title }) => {\n return { link, title }\n })\n\nexport const authSigninRouter = new Router()\n\nauthSigninRouter.get('/auth/signin', async (context, next) => {\n const { redirect_to, email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signin',\n elementScript: '/auth/signin.js',\n data: {\n email,\n redirectTo: redirect_to,\n ssoLinks: SSOLinks,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {\n const { request, t } = context\n const { token, user, domain } = context.state\n const { body: reqBody, header } = request\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n context.body = token\n return\n }\n\n var redirectTo = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(\n reqBody.redirectTo || '/'\n )}`\n\n setAccessTokenCookie(context, token)\n\n context.redirect(redirectTo)\n})\n"]}
package/dist-server/router/auth-signup-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-signup-router.js","sourceRoot":"","sources":["../../server/router/auth-signup-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAE5C,kDAA8C;AAC9C,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,IAAI,CAAC,wBAAwB,EAAE;IAC7B,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE/B,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC5D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEjC,QAAQ;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,eAAM,kCAEvB,IAAI,KACP,OAAO;YACP,MAAM,KAER,IAAI,CACL,CAAA;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;QACtD,OAAO,CAAC,IAAI,GAAG;YACb,OAAO;YACP,KAAK;SACN,CAAA;QAED,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAEpC,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;SACH;QACD,gBAAgB;QAChB,yBAAyB;QACzB,6BAA6B;QAE7B,wDAAwD;QACxD,0CAA0C;QAC1C,oCAAoC;QACpC,0CAA0C;QAC1C,gBAAgB;QAChB,iFAAiF;QACjF,uBAAuB;QACvB,UAAU;QACV,SAAS;QACT,MAAM;QACN,IAAI;IACN,CAAC,CAAC,CAAA;CACH","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\n\nimport { signup } from '../controllers/signup'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authSignupRouter = new Router()\n\nif (!disableUserSignupProcess) {\n authSignupRouter.get('/auth/signup', async (context, next) => {\n const { email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n email,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n })\n\n authSignupRouter.post('/auth/signup', async (context, next) => {\n const { header, t } = context\n const { domain } = context.state\n const user = context.request.body\n\n // try {\n const { token } = await signup(\n {\n ...user,\n context,\n domain\n },\n true\n )\n\n const message = t('text.user registered successfully')\n context.body = {\n message,\n token\n }\n\n setAccessTokenCookie(context, token)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n // } catch (e) {\n // context.status = 401\n // context.body = e.message\n\n // if (accepts(header.accept, ['text/html', '*/*'])) {\n // await context.render('auth-page', {\n // pageElement: 'auth-signup',\n // elementScript: '/auth/signup.js',\n // data: {\n // message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,\n // passwordRule\n // }\n // })\n // }\n // }\n })\n}\n"]}
1
+ {"version":3,"file":"auth-signup-router.js","sourceRoot":"","sources":["../../server/router/auth-signup-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAE5C,kDAA8C;AAC9C,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,IAAI,CAAC,wBAAwB,EAAE,CAAC;IAC9B,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE/B,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC5D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEjC,QAAQ;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,eAAM,kCAEvB,IAAI,KACP,OAAO;YACP,MAAM,KAER,IAAI,CACL,CAAA;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;QACtD,OAAO,CAAC,IAAI,GAAG;YACb,OAAO;YACP,KAAK;SACN,CAAA;QAED,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAEpC,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;QACD,gBAAgB;QAChB,yBAAyB;QACzB,6BAA6B;QAE7B,wDAAwD;QACxD,0CAA0C;QAC1C,oCAAoC;QACpC,0CAA0C;QAC1C,gBAAgB;QAChB,iFAAiF;QACjF,uBAAuB;QACvB,UAAU;QACV,SAAS;QACT,MAAM;QACN,IAAI;IACN,CAAC,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\n\nimport { signup } from '../controllers/signup'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authSignupRouter = new Router()\n\nif (!disableUserSignupProcess) {\n authSignupRouter.get('/auth/signup', async (context, next) => {\n const { email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n email,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n })\n\n authSignupRouter.post('/auth/signup', async (context, next) => {\n const { header, t } = context\n const { domain } = context.state\n const user = context.request.body\n\n // try {\n const { token } = await signup(\n {\n ...user,\n context,\n domain\n },\n true\n )\n\n const message = t('text.user registered successfully')\n context.body = {\n message,\n token\n }\n\n setAccessTokenCookie(context, token)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n // } catch (e) {\n // context.status = 401\n // context.body = e.message\n\n // if (accepts(header.accept, ['text/html', '*/*'])) {\n // await context.render('auth-page', {\n // pageElement: 'auth-signup',\n // elementScript: '/auth/signup.js',\n // data: {\n // message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,\n // passwordRule\n // }\n // })\n // }\n // }\n })\n}\n"]}
package/dist-server/router/oauth2/oauth2-authorize-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AACrD,6CAA4C;AAE5C,uEAAmE;AACnE,mDAAwE;AAE3D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,sBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,yBAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,yBAAS,CAAC,EAAE,EAAE;QACrC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;KACxD;IAED,IAAI;QACF,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,kCACD,MAAM,KACT,IAAI,EAAE;wBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;wBACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;qBACzB,GACF;gBACD,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;QACF,uCAAuC;QACvC,oBAAoB;QACpB,2HAA2H;QAC3H,oBAAoB;QACpB,KAAK;KACN;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { getRepository } from '@things-factory/shell'\nimport { config } from '@things-factory/env'\n\nimport { Application } from '../../service/application/application'\nimport { NonClient, server as oauth2orizeServer } from './oauth2-server'\n\nexport const oauth2AuthorizeRouter = new Router()\n\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\n// user authorization endpoint\n//\n// `authorization` middleware accepts a `validate` callback which is\n// responsible for validating the client making the authorization request. In\n// doing so, is recommended that the `redirectURI` be checked against a\n// registered value, although security requirements may vary accross\n// implementations. Once validated, the `done` callback must be invoked with\n// a `client` instance, as well as the `redirectURI` to which the user will be\n// redirected after an authorization decision is obtained.\n//\n// This middleware simply initializes a new authorization transaction. It is\n// the application's responsibility to authenticate the user and render a dialog\n// to obtain their approval (displaying details about the client requesting\n// authorization). We accomplish that here by routing through `ensureLoggedIn()`\n// first, and rendering the `dialog` view.\n\noauth2AuthorizeRouter.get(\n '/authorize',\n oauth2orizeServer.authorize(async function (clientID, redirectURI) {\n const client = await getRepository(Application).findOneBy({\n appKey: clientID\n })\n // CONFIRM-ME redirectUrl 의 허용 범위는 ?\n // if (!client.redirectUrl != redirectURI) {\n // return false\n // }\n\n return [client || NonClient, redirectURI]\n }),\n async function (context, next) {\n const { oauth2, user, domain } = context.state\n\n let pageElement: string = 'oauth2-decision'\n let elementScript: string = '/oauth2/oauth2-decision-page.js'\n\n if (oauth2.client.id === NonClient.id) {\n pageElement = 'oauth2-decision-error'\n elementScript = '/oauth2/oauth2-decision-error-page.js'\n }\n\n try {\n await context.render('oauth2-page', {\n pageElement,\n elementScript,\n data: {\n domain,\n oauth2: {\n ...oauth2,\n user: {\n id: oauth2.user.id,\n name: oauth2.user.name,\n email: oauth2.user.email\n }\n },\n disableUserFavoredLanguage,\n languages\n }\n })\n // await context.render(decisionPage, {\n // domain: domain,\n // ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals\n // availableScopes\n // })\n } catch (e) {\n throw e\n }\n }\n)\n"]}
1
+ {"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AACrD,6CAA4C;AAE5C,uEAAmE;AACnE,mDAAwE;AAE3D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,sBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,yBAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,yBAAS,CAAC,EAAE,EAAE,CAAC;QACtC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,kCACD,MAAM,KACT,IAAI,EAAE;wBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;wBACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;qBACzB,GACF;gBACD,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;QACF,uCAAuC;QACvC,oBAAoB;QACpB,2HAA2H;QAC3H,oBAAoB;QACpB,KAAK;IACP,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { getRepository } from '@things-factory/shell'\nimport { config } from '@things-factory/env'\n\nimport { Application } from '../../service/application/application'\nimport { NonClient, server as oauth2orizeServer } from './oauth2-server'\n\nexport const oauth2AuthorizeRouter = new Router()\n\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\n// user authorization endpoint\n//\n// `authorization` middleware accepts a `validate` callback which is\n// responsible for validating the client making the authorization request. In\n// doing so, is recommended that the `redirectURI` be checked against a\n// registered value, although security requirements may vary accross\n// implementations. Once validated, the `done` callback must be invoked with\n// a `client` instance, as well as the `redirectURI` to which the user will be\n// redirected after an authorization decision is obtained.\n//\n// This middleware simply initializes a new authorization transaction. It is\n// the application's responsibility to authenticate the user and render a dialog\n// to obtain their approval (displaying details about the client requesting\n// authorization). We accomplish that here by routing through `ensureLoggedIn()`\n// first, and rendering the `dialog` view.\n\noauth2AuthorizeRouter.get(\n '/authorize',\n oauth2orizeServer.authorize(async function (clientID, redirectURI) {\n const client = await getRepository(Application).findOneBy({\n appKey: clientID\n })\n // CONFIRM-ME redirectUrl 의 허용 범위는 ?\n // if (!client.redirectUrl != redirectURI) {\n // return false\n // }\n\n return [client || NonClient, redirectURI]\n }),\n async function (context, next) {\n const { oauth2, user, domain } = context.state\n\n let pageElement: string = 'oauth2-decision'\n let elementScript: string = '/oauth2/oauth2-decision-page.js'\n\n if (oauth2.client.id === NonClient.id) {\n pageElement = 'oauth2-decision-error'\n elementScript = '/oauth2/oauth2-decision-error-page.js'\n }\n\n try {\n await context.render('oauth2-page', {\n pageElement,\n elementScript,\n data: {\n domain,\n oauth2: {\n ...oauth2,\n user: {\n id: oauth2.user.id,\n name: oauth2.user.name,\n email: oauth2.user.email\n }\n },\n disableUserFavoredLanguage,\n languages\n }\n })\n // await context.render(decisionPage, {\n // domain: domain,\n // ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals\n // availableScopes\n // })\n } catch (e) {\n throw e\n }\n }\n)\n"]}
package/dist-server/router/oauth2/oauth2-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,mDAA6D;AAC7D,uEAAmE;AACnE,kDAA0D;AAC1D,yEAAsE;AACtE,uDAA+C;AAC/C,mDAA6D;AAC7D,uFAAsF;AAUzE,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,0CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,yBAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE;YAC/C,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;SACP;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,uCAAyB,EACzB,IAAA,qBAAO,EACL,sBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,sBAAiB,CAAC,KAAK,EAAE,EACzB,sBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;;IAC1D,MAAM,YAAY,GAAuB,MAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,0CAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACpE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI;QACF,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,0CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;KACzB;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE;QACzB,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;KAChE;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI;QACF,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE5B,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE;YACjD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;SACpC;aAAM;YACL,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,iBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACrC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CAAC,CAAA","sourcesContent":["import jwt from 'jsonwebtoken'\nimport compose from 'koa-compose'\nimport passport from 'koa-passport'\nimport Router from 'koa-router'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { jwtAuthenticateMiddleware } from '../../middlewares'\nimport { Application } from '../../service/application/application'\nimport { User, UserStatus } from '../../service/user/user'\nimport { setAccessTokenCookie } from '../../utils/access-token-cookie'\nimport { SECRET } from '../../utils/get-secret'\nimport { server as oauth2orizeServer } from './oauth2-server'\nimport { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password'\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n oauthDisconnect: (user: User) => Promise<void>\n }\n }\n}\n\nexport const oauth2Router = new Router()\n\npassport.use(\n 'oauth2-client-password',\n new ClientPasswordStrategy({}, (clientId, clientSecret, done) => {\n getRepository(Application)\n .findOneBy({\n appKey: clientId\n })\n .then(client => {\n if (!client || client.appSecret != clientSecret) {\n done(null, false)\n return\n }\n\n done(null, client)\n })\n .catch(err => done(err))\n })\n)\n\n// user decision endpoint\n//\n// `decision` middleware processes a user's decision to allow or deny access\n// requested by a client application. Based on the grant type requested by the\n// client, the above grant middleware configured above will be invoked to send\n// a response.\n\noauth2Router.post(\n '/decision',\n jwtAuthenticateMiddleware,\n compose(\n oauth2orizeServer.decision(async function (context) {\n const { request } = context\n\n return request.body\n })\n )\n)\n\n// token endpoint\n//\n// `token` middleware handles client requests to exchange authorization grants\n// for access tokens. Based on the grant type being exchanged, the above\n// exchange middleware will be invoked to handle the request. Clients must\n// authenticate when making requests to this endpoint.\n\noauth2Router.post(\n '/access-token',\n passport.authenticate('oauth2-client-password', { session: false }),\n oauth2orizeServer.token(),\n oauth2orizeServer.errorHandler()\n)\n\noauth2Router.post('/refresh-token', async (context, next) => {\n const refreshToken: string | undefined = context.request?.body?.refreshToken\n if (!refreshToken) throw new Error('Missing refresh token')\n\n const appUser: User | undefined = await getRepository(User).findOneBy({\n password: refreshToken\n })\n\n if (!appUser) throw new Error('App user is not found')\n\n try {\n jwt.verify(refreshToken, SECRET)\n const decoded = jwt.decode(refreshToken) as any\n const subdomain: string = decoded.domain.subdomain\n const domain: Domain | undefined = await getRepository(Domain).findOne({\n where: { subdomain }\n })\n if (!domain) throw new Error('Domain is not found')\n const appKey: string = decoded.application.appKey\n const scopes: any[] = decoded.scope\n\n const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)\n const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)\n\n appUser.password = newRefreshToken\n await getRepository(User).save(appUser)\n\n setAccessTokenCookie(context, newAccessToken)\n\n context.body = {\n accessToken: newAccessToken,\n refreshToken: newRefreshToken\n }\n } catch (e) {\n context.status = 401\n context.body = e.message\n }\n})\n\noauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const { name, description, email, userType: type, locale } = user\n const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {}\n\n var application = {}\n if (type == 'application') {\n /* user entity에 reference 필드가 추가되기 전까지, appKey취득 방법임. */\n application['appKey'] = email.substr(0, email.lastIndexOf('@'))\n }\n\n context.body = {\n profile: {\n name,\n description,\n email,\n type /* (admin|user|application|appliance) */,\n domain: {\n name: domainName,\n subdomain,\n brandName,\n brandImage,\n contentImage,\n timezone\n },\n application\n }\n }\n})\n\noauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next) => {\n try {\n let { user } = context.state\n\n if (typeof process.oauthDisconnect === 'function') {\n await process.oauthDisconnect(user)\n } else {\n user.domains = []\n user.roles = []\n user.status = UserStatus.DELETED\n await getRepository(User).save(user)\n }\n context.status = 200\n context.body = 'ok'\n } catch (e) {\n throw e\n }\n})\n"]}
1
+ {"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,mDAA6D;AAC7D,uEAAmE;AACnE,kDAA0D;AAC1D,yEAAsE;AACtE,uDAA+C;AAC/C,mDAA6D;AAC7D,uFAAsF;AAUzE,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,0CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,yBAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,uCAAyB,EACzB,IAAA,qBAAO,EACL,sBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,sBAAiB,CAAC,KAAK,EAAE,EACzB,sBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;;IAC1D,MAAM,YAAY,GAAuB,MAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,0CAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACpE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI,CAAC;QACH,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,0CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;IAC1B,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE,CAAC;QAC1B,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;IACjE,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI,CAAC;QACH,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE5B,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YAClD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;QACrC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,iBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtC,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;IACrB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import jwt from 'jsonwebtoken'\nimport compose from 'koa-compose'\nimport passport from 'koa-passport'\nimport Router from 'koa-router'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { jwtAuthenticateMiddleware } from '../../middlewares'\nimport { Application } from '../../service/application/application'\nimport { User, UserStatus } from '../../service/user/user'\nimport { setAccessTokenCookie } from '../../utils/access-token-cookie'\nimport { SECRET } from '../../utils/get-secret'\nimport { server as oauth2orizeServer } from './oauth2-server'\nimport { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password'\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n oauthDisconnect: (user: User) => Promise<void>\n }\n }\n}\n\nexport const oauth2Router = new Router()\n\npassport.use(\n 'oauth2-client-password',\n new ClientPasswordStrategy({}, (clientId, clientSecret, done) => {\n getRepository(Application)\n .findOneBy({\n appKey: clientId\n })\n .then(client => {\n if (!client || client.appSecret != clientSecret) {\n done(null, false)\n return\n }\n\n done(null, client)\n })\n .catch(err => done(err))\n })\n)\n\n// user decision endpoint\n//\n// `decision` middleware processes a user's decision to allow or deny access\n// requested by a client application. Based on the grant type requested by the\n// client, the above grant middleware configured above will be invoked to send\n// a response.\n\noauth2Router.post(\n '/decision',\n jwtAuthenticateMiddleware,\n compose(\n oauth2orizeServer.decision(async function (context) {\n const { request } = context\n\n return request.body\n })\n )\n)\n\n// token endpoint\n//\n// `token` middleware handles client requests to exchange authorization grants\n// for access tokens. Based on the grant type being exchanged, the above\n// exchange middleware will be invoked to handle the request. Clients must\n// authenticate when making requests to this endpoint.\n\noauth2Router.post(\n '/access-token',\n passport.authenticate('oauth2-client-password', { session: false }),\n oauth2orizeServer.token(),\n oauth2orizeServer.errorHandler()\n)\n\noauth2Router.post('/refresh-token', async (context, next) => {\n const refreshToken: string | undefined = context.request?.body?.refreshToken\n if (!refreshToken) throw new Error('Missing refresh token')\n\n const appUser: User | undefined = await getRepository(User).findOneBy({\n password: refreshToken\n })\n\n if (!appUser) throw new Error('App user is not found')\n\n try {\n jwt.verify(refreshToken, SECRET)\n const decoded = jwt.decode(refreshToken) as any\n const subdomain: string = decoded.domain.subdomain\n const domain: Domain | undefined = await getRepository(Domain).findOne({\n where: { subdomain }\n })\n if (!domain) throw new Error('Domain is not found')\n const appKey: string = decoded.application.appKey\n const scopes: any[] = decoded.scope\n\n const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)\n const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)\n\n appUser.password = newRefreshToken\n await getRepository(User).save(appUser)\n\n setAccessTokenCookie(context, newAccessToken)\n\n context.body = {\n accessToken: newAccessToken,\n refreshToken: newRefreshToken\n }\n } catch (e) {\n context.status = 401\n context.body = e.message\n }\n})\n\noauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const { name, description, email, userType: type, locale } = user\n const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {}\n\n var application = {}\n if (type == 'application') {\n /* user entity에 reference 필드가 추가되기 전까지, appKey취득 방법임. */\n application['appKey'] = email.substr(0, email.lastIndexOf('@'))\n }\n\n context.body = {\n profile: {\n name,\n description,\n email,\n type /* (admin|user|application|appliance) */,\n domain: {\n name: domainName,\n subdomain,\n brandName,\n brandImage,\n contentImage,\n timezone\n },\n application\n }\n }\n})\n\noauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next) => {\n try {\n let { user } = context.state\n\n if (typeof process.oauthDisconnect === 'function') {\n await process.oauthDisconnect(user)\n } else {\n user.domains = []\n user.roles = []\n user.status = UserStatus.DELETED\n await getRepository(User).save(user)\n }\n context.status = 200\n context.body = 'ok'\n } catch (e) {\n throw e\n }\n})\n"]}