@things-factory/auth-base 7.0.1-beta.8 → 7.0.1-rc.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-client/auth.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +5 -5
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/profiled.js.map +1 -1
- package/dist-client/reducers/auth.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/constants/error-code.d.ts +1 -0
- package/dist-server/constants/error-code.js +2 -1
- package/dist-server/constants/error-code.js.map +1 -1
- package/dist-server/controllers/change-pwd.js +1 -2
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.js +1 -2
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.js +2 -3
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.js +4 -5
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.js +1 -2
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.js +2 -3
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.js +1 -2
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.js +1 -2
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.js +2 -3
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/utils/make-invitation-token.js +1 -2
- package/dist-server/controllers/utils/make-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/make-verification-token.js +1 -2
- package/dist-server/controllers/utils/make-verification-token.js.map +1 -1
- package/dist-server/controllers/utils/password-rule.js +10 -10
- package/dist-server/controllers/utils/password-rule.js.map +1 -1
- package/dist-server/controllers/utils/save-invitation-token.js +1 -2
- package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/save-verification-token.js +1 -2
- package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
- package/dist-server/controllers/verification.js +3 -4
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/index.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +1 -2
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.js +1 -2
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/graphql-authenticate-middleware.js +1 -2
- package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.js +1 -2
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +1 -2
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +1 -2
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/middlewares/webauthn-middleware.js +9 -3
- package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/oauth2/passport-oauth2-client-password.js +1 -2
- package/dist-server/router/oauth2/passport-oauth2-client-password.js.map +1 -1
- package/dist-server/router/oauth2/passport-refresh-token.js +1 -2
- package/dist-server/router/oauth2/passport-refresh-token.js.map +1 -1
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-mutation.js +2 -2
- package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-query.js +3 -3
- package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.js +2 -2
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.js +2 -2
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.js +2 -2
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-query.js +4 -4
- package/dist-server/service/appliance/appliance-query.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.js +6 -6
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.js +2 -2
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/application/application-mutation.js +2 -2
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-query.js +3 -3
- package/dist-server/service/application/application-query.js.map +1 -1
- package/dist-server/service/application/application-types.js +8 -8
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.js +6 -6
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-mutation.js +2 -2
- package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-parameter-spec.js +2 -2
- package/dist-server/service/auth-provider/auth-provider-parameter-spec.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-query.js +3 -3
- package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.js +6 -6
- package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider.js +6 -6
- package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +2 -2
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.js +6 -6
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-mutation.js +6 -6
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-query.js +2 -2
- package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.js +2 -2
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.js +2 -2
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-query.js +2 -2
- package/dist-server/service/invitation/invitation-query.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.js +2 -2
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.js +2 -2
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/login-history-query.js +3 -3
- package/dist-server/service/login-history/login-history-query.js.map +1 -1
- package/dist-server/service/login-history/login-history-type.js +2 -2
- package/dist-server/service/login-history/login-history-type.js.map +1 -1
- package/dist-server/service/login-history/login-history.js +2 -2
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.js +2 -2
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-query.js +4 -4
- package/dist-server/service/partner/partner-query.js.map +1 -1
- package/dist-server/service/partner/partner-types.js +2 -2
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.js +2 -2
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/password-history.js +2 -2
- package/dist-server/service/password-history/password-history.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.js +2 -2
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.js +3 -3
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege-types.js +8 -8
- package/dist-server/service/privilege/privilege-types.js.map +1 -1
- package/dist-server/service/privilege/privilege.js +6 -6
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/role-mutation.js +2 -2
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.js +3 -3
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.js +10 -10
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.js +2 -2
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/domain-query.js +2 -2
- package/dist-server/service/user/domain-query.js.map +1 -1
- package/dist-server/service/user/user-mutation.js +2 -2
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.js +3 -3
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.js +6 -6
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.js +5 -5
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/users-auth-providers/users-auth-providers.js +2 -2
- package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
- package/dist-server/service/verification-token/verification-token.js +3 -3
- package/dist-server/service/verification-token/verification-token.js.map +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.js +2 -2
- package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
- package/dist-server/templates/account-unlock-email.js +1 -2
- package/dist-server/templates/account-unlock-email.js.map +1 -1
- package/dist-server/templates/invitation-email.js +1 -2
- package/dist-server/templates/invitation-email.js.map +1 -1
- package/dist-server/templates/reset-password-email.js +1 -2
- package/dist-server/templates/reset-password-email.js.map +1 -1
- package/dist-server/templates/verification-email.js +1 -2
- package/dist-server/templates/verification-email.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/utils/accepts.js +1 -2
- package/dist-server/utils/accepts.js.map +1 -1
- package/dist-server/utils/access-token-cookie.js +4 -5
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-permission.js +1 -2
- package/dist-server/utils/check-permission.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.js +1 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/encrypt-state.js +2 -3
- package/dist-server/utils/encrypt-state.js.map +1 -1
- package/dist-server/utils/get-aes-256-key.js.map +1 -1
- package/dist-server/utils/get-domain-from-hostname.js +1 -2
- package/dist-server/utils/get-domain-from-hostname.js.map +1 -1
- package/dist-server/utils/get-domain-users.js +2 -3
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-secret.js.map +1 -1
- package/dist-server/utils/get-user-domains.js +4 -5
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/helps/config/SECRET.ja.md +13 -0
- package/helps/config/SECRET.ko.md +13 -0
- package/helps/config/SECRET.md +3 -3
- package/helps/config/SECRET.ms.md +13 -0
- package/helps/config/SECRET.zh.md +13 -0
- package/helps/config/accessTokenCookieKey.ja.md +11 -0
- package/helps/config/accessTokenCookieKey.ko.md +11 -0
- package/helps/config/accessTokenCookieKey.md +1 -1
- package/helps/config/accessTokenCookieKey.ms.md +11 -0
- package/helps/config/accessTokenCookieKey.zh.md +11 -0
- package/helps/config/applianceJwtExpiresIn.ja.md +26 -0
- package/helps/config/applianceJwtExpiresIn.ko.md +26 -0
- package/helps/config/applianceJwtExpiresIn.md +18 -15
- package/helps/config/applianceJwtExpiresIn.ms.md +30 -0
- package/helps/config/applianceJwtExpiresIn.zh.md +26 -0
- package/helps/config/disableUserSignupProcess.ja.md +22 -0
- package/helps/config/disableUserSignupProcess.ko.md +22 -0
- package/helps/config/disableUserSignupProcess.md +3 -3
- package/helps/config/disableUserSignupProcess.ms.md +22 -0
- package/helps/config/disableUserSignupProcess.zh.md +22 -0
- package/helps/config/i18n.ja.md +44 -0
- package/helps/config/i18n.ko.md +44 -0
- package/helps/config/i18n.md +6 -6
- package/helps/config/i18n.ms.md +44 -0
- package/helps/config/i18n.zh.md +44 -0
- package/helps/config/password.ja.md +53 -0
- package/helps/config/password.ko.md +65 -0
- package/helps/config/password.md +8 -36
- package/helps/config/password.ms.md +65 -0
- package/helps/config/password.zh.md +65 -0
- package/helps/config/publicHomeRoute.ja.md +14 -0
- package/helps/config/publicHomeRoute.ko.md +14 -0
- package/helps/config/publicHomeRoute.md +3 -3
- package/helps/config/publicHomeRoute.ms.md +14 -0
- package/helps/config/publicHomeRoute.zh.md +14 -0
- package/helps/config/session.ja.md +45 -0
- package/helps/config/session.ko.md +49 -0
- package/helps/config/session.md +10 -10
- package/helps/config/session.ms.md +46 -0
- package/helps/config/session.zh.md +49 -0
- package/package.json +6 -6
- package/server/constants/error-code.ts +1 -0
- package/server/middlewares/webauthn-middleware.ts +6 -1
- package/server/service/app-binding/app-binding-query.ts +1 -1
- package/server/service/appliance/appliance-query.ts +5 -2
- package/server/service/application/application-query.ts +1 -1
- package/server/service/application/application.ts +2 -2
- package/server/service/auth-provider/auth-provider-query.ts +4 -1
- package/server/service/login-history/login-history-query.ts +4 -1
- package/server/service/partner/partner-query.ts +5 -2
- package/server/service/privilege/privilege-query.ts +14 -3
- package/server/service/role/role-query.ts +1 -1
- package/server/service/user/user-query.ts +1 -1
- package/translations/en.json +1 -0
- package/translations/ja.json +1 -0
- package/translations/ko.json +1 -0
- package/translations/ms.json +1 -0
- package/translations/zh.json +1 -0
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
# publicHomeRoute
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
specifies the path of the page to be displayed when a user who is not logged in first accesses the application URL.
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
usually routed to the '/public/home' path to display the intro screen.
|
|
6
|
+
if you want to go directly to the login page, set this to '/auth/signin'.
|
|
7
7
|
|
|
8
8
|
## default
|
|
9
9
|
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# publicHomeRoute
|
|
2
|
+
|
|
3
|
+
menentukan laluan halaman yang akan dipaparkan apabila pengguna yang belum log masuk mengakses URL aplikasi buat kali pertama.
|
|
4
|
+
|
|
5
|
+
biasanya akan dilalukan ke laluan '/public/home' untuk memaparkan skrin pengenalan.
|
|
6
|
+
jika ingin terus ke halaman log masuk, tetapkan ini ke '/auth/signin'.
|
|
7
|
+
|
|
8
|
+
## default
|
|
9
|
+
|
|
10
|
+
```
|
|
11
|
+
module.exports = {
|
|
12
|
+
publicHomeRoute: '/public/home',
|
|
13
|
+
}
|
|
14
|
+
```
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# session
|
|
2
|
+
|
|
3
|
+
セッション有効期間に関する設定を行うことができます。
|
|
4
|
+
|
|
5
|
+
- expirySeconds: セッション有効時間(秒単位)
|
|
6
|
+
|
|
7
|
+
- この値は、ユーザーセッションが非アクティブの後に何秒で期限切れになるかを定義します。
|
|
8
|
+
- これを1800に設定すると、30分の非アクティブ後にセッションが期限切れになります。
|
|
9
|
+
|
|
10
|
+
- expiryPolicy: セッション有効期限ポリシー
|
|
11
|
+
|
|
12
|
+
- この設定は、セッションのタイムアウトをどのように管理するかを決定します。
|
|
13
|
+
- オプション:
|
|
14
|
+
|
|
15
|
+
- 'rolling' - セッションのタイムアウトはユーザーのアクティビティに基づいて延長されます。
|
|
16
|
+
各新しいリクエストは、タイマーを指定されたタイムアウト期間にリセットします。
|
|
17
|
+
- 'fixed' - セッションのタイムアウトは固定されて
|
|
18
|
+
|
|
19
|
+
## default
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
module.exports = {
|
|
23
|
+
session: {
|
|
24
|
+
/*
|
|
25
|
+
Session Expiry Time in Seconds
|
|
26
|
+
This value defines the duration in seconds after which a user session will expire due to inactivity.
|
|
27
|
+
Setting this to 1800 means the session will expire after 30 minutes of inactivity.
|
|
28
|
+
*/
|
|
29
|
+
expirySeconds: 60 * 60 * 24 * 7,
|
|
30
|
+
/*
|
|
31
|
+
Session Expiry Policy
|
|
32
|
+
This setting determines how the session timeout is managed.
|
|
33
|
+
Options:
|
|
34
|
+
'rolling' - The session timeout is extended based on user activity.
|
|
35
|
+
Each new request resets the timer to the specified timeout duration.
|
|
36
|
+
'fixed' - The session timeout is fixed and based on the initial login time.
|
|
37
|
+
The session will expire after the specified duration, regardless of user activity.
|
|
38
|
+
|
|
39
|
+
Example:
|
|
40
|
+
expiryPolicy: 'rolling' or 'fixed'
|
|
41
|
+
*/
|
|
42
|
+
expiryPolicy: 'fixed'
|
|
43
|
+
},
|
|
44
|
+
}
|
|
45
|
+
```
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# session
|
|
2
|
+
|
|
3
|
+
세션 유효기간과 관련한 설정을 할 수 있다.
|
|
4
|
+
|
|
5
|
+
- expirySeconds: Session Expiry Time in Seconds
|
|
6
|
+
|
|
7
|
+
- This value defines the duration in seconds after which a user session will expire due to inactivity.
|
|
8
|
+
- Setting this to 1800 means the session will expire after 30 minutes of inactivity.
|
|
9
|
+
|
|
10
|
+
- expiryPolicy: Session Expiry Policy
|
|
11
|
+
|
|
12
|
+
- This setting determines how the session timeout is managed.
|
|
13
|
+
- Options:
|
|
14
|
+
|
|
15
|
+
- 'rolling' - The session timeout is extended based on user activity.
|
|
16
|
+
Each new request resets the timer to the specified timeout duration.
|
|
17
|
+
- 'fixed' - The session timeout is fixed and based on the initial login time.
|
|
18
|
+
The session will expire after the specified duration, regardless of user activity.
|
|
19
|
+
|
|
20
|
+
Example:
|
|
21
|
+
expiryPolicy: 'rolling' or 'fixed'
|
|
22
|
+
|
|
23
|
+
## default
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
module.exports = {
|
|
27
|
+
session: {
|
|
28
|
+
/*
|
|
29
|
+
Session Expiry Time in Seconds
|
|
30
|
+
This value defines the duration in seconds after which a user session will expire due to inactivity.
|
|
31
|
+
Setting this to 1800 means the session will expire after 30 minutes of inactivity.
|
|
32
|
+
*/
|
|
33
|
+
expirySeconds: 60 * 60 * 24 * 7,
|
|
34
|
+
/*
|
|
35
|
+
Session Expiry Policy
|
|
36
|
+
This setting determines how the session timeout is managed.
|
|
37
|
+
Options:
|
|
38
|
+
'rolling' - The session timeout is extended based on user activity.
|
|
39
|
+
Each new request resets the timer to the specified timeout duration.
|
|
40
|
+
'fixed' - The session timeout is fixed and based on the initial login time.
|
|
41
|
+
The session will expire after the specified duration, regardless of user activity.
|
|
42
|
+
|
|
43
|
+
Example:
|
|
44
|
+
expiryPolicy: 'rolling' or 'fixed'
|
|
45
|
+
*/
|
|
46
|
+
expiryPolicy: 'fixed'
|
|
47
|
+
},
|
|
48
|
+
}
|
|
49
|
+
```
|
package/helps/config/session.md
CHANGED
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
# session
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
you can set the session expiration settings.
|
|
4
4
|
|
|
5
5
|
- expirySeconds: Session Expiry Time in Seconds
|
|
6
6
|
|
|
7
|
-
-
|
|
8
|
-
-
|
|
7
|
+
- this value defines the duration in seconds after which a user session will expire due to inactivity.
|
|
8
|
+
- setting this to 1800 means the session will expire after 30 minutes of inactivity.
|
|
9
9
|
|
|
10
10
|
- expiryPolicy: Session Expiry Policy
|
|
11
11
|
|
|
12
|
-
-
|
|
13
|
-
-
|
|
12
|
+
- this setting determines how the session timeout is managed.
|
|
13
|
+
- options:
|
|
14
14
|
|
|
15
|
-
- 'rolling' -
|
|
16
|
-
|
|
17
|
-
- 'fixed' -
|
|
18
|
-
|
|
15
|
+
- 'rolling' - the session timeout is extended based on user activity.
|
|
16
|
+
each new request resets the timer to the specified timeout duration.
|
|
17
|
+
- 'fixed' - the session timeout is fixed and based on the initial login time.
|
|
18
|
+
the session will expire after the specified duration, regardless of user activity.
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
example:
|
|
21
21
|
expiryPolicy: 'rolling' or 'fixed'
|
|
22
22
|
|
|
23
23
|
## default
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# session
|
|
2
|
+
|
|
3
|
+
boleh menetapkan tetapan berkaitan tempoh sah sesi.
|
|
4
|
+
|
|
5
|
+
- expirySeconds: Masa Tamat Sesi dalam Detik
|
|
6
|
+
|
|
7
|
+
- nilai ini menentukan tempoh dalam detik selepas mana sesi pengguna akan tamat akibat ketidakaktifan.
|
|
8
|
+
- menetapkan ini kepada 1800 bermaksud sesi akan tamat selepas 30 minit ketidakaktifan.
|
|
9
|
+
|
|
10
|
+
- expiryPolicy: Polisi Tamat Sesi
|
|
11
|
+
|
|
12
|
+
- tetapan ini menentukan bagaimana masa tamat sesi diuruskan.
|
|
13
|
+
- pilihan:
|
|
14
|
+
|
|
15
|
+
- 'rolling' - masa tamat sesi dilanjutkan berdasarkan aktiviti pengguna.
|
|
16
|
+
setiap permintaan baru menetapkan semula pemasa kepada tempoh tamat yang ditentukan.
|
|
17
|
+
- 'fixed' - masa tamat sesi adalah tetap dan berdasarkan masa log masuk awal.
|
|
18
|
+
sesi akan tamat selepas tempoh yang dit
|
|
19
|
+
|
|
20
|
+
## default
|
|
21
|
+
|
|
22
|
+
```
|
|
23
|
+
module.exports = {
|
|
24
|
+
session: {
|
|
25
|
+
/*
|
|
26
|
+
Session Expiry Time in Seconds
|
|
27
|
+
This value defines the duration in seconds after which a user session will expire due to inactivity.
|
|
28
|
+
Setting this to 1800 means the session will expire after 30 minutes of inactivity.
|
|
29
|
+
*/
|
|
30
|
+
expirySeconds: 60 * 60 * 24 * 7,
|
|
31
|
+
/*
|
|
32
|
+
Session Expiry Policy
|
|
33
|
+
This setting determines how the session timeout is managed.
|
|
34
|
+
Options:
|
|
35
|
+
'rolling' - The session timeout is extended based on user activity.
|
|
36
|
+
Each new request resets the timer to the specified timeout duration.
|
|
37
|
+
'fixed' - The session timeout is fixed and based on the initial login time.
|
|
38
|
+
The session will expire after the specified duration, regardless of user activity.
|
|
39
|
+
|
|
40
|
+
Example:
|
|
41
|
+
expiryPolicy: 'rolling' or 'fixed'
|
|
42
|
+
*/
|
|
43
|
+
expiryPolicy: 'fixed'
|
|
44
|
+
},
|
|
45
|
+
}
|
|
46
|
+
```
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# session
|
|
2
|
+
|
|
3
|
+
可以设置与会话有效期相关的设置。
|
|
4
|
+
|
|
5
|
+
- expirySeconds: Session Expiry Time in Seconds
|
|
6
|
+
|
|
7
|
+
- 此值定义由于不活动,用户会话将在多少秒后过期。
|
|
8
|
+
- 将此值设置为1800意味着会话将在30分钟不活动后过期。
|
|
9
|
+
|
|
10
|
+
- expiryPolicy: Session Expiry Policy
|
|
11
|
+
|
|
12
|
+
- 此设置确定如何管理会话超时。
|
|
13
|
+
- 选项:
|
|
14
|
+
|
|
15
|
+
- 'rolling' - 会话超时基于用户活动延长。
|
|
16
|
+
每个新请求将计时器重置为指定的超时持续时间。
|
|
17
|
+
- 'fixed' - 会话超时是固定的,基于初始登录时间。
|
|
18
|
+
无论用户活动如何,会话将在指定的持续时间后过期。
|
|
19
|
+
|
|
20
|
+
例子:
|
|
21
|
+
expiryPolicy: 'rolling' or 'fixed'
|
|
22
|
+
|
|
23
|
+
## default
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
module.exports = {
|
|
27
|
+
session: {
|
|
28
|
+
/*
|
|
29
|
+
Session Expiry Time in Seconds
|
|
30
|
+
This value defines the duration in seconds after which a user session will expire due to inactivity.
|
|
31
|
+
Setting this to 1800 means the session will expire after 30 minutes of inactivity.
|
|
32
|
+
*/
|
|
33
|
+
expirySeconds: 60 * 60 * 24 * 7,
|
|
34
|
+
/*
|
|
35
|
+
Session Expiry Policy
|
|
36
|
+
This setting determines how the session timeout is managed.
|
|
37
|
+
Options:
|
|
38
|
+
'rolling' - The session timeout is extended based on user activity.
|
|
39
|
+
Each new request resets the timer to the specified timeout duration.
|
|
40
|
+
'fixed' - The session timeout is fixed and based on the initial login time.
|
|
41
|
+
The session will expire after the specified duration, regardless of user activity.
|
|
42
|
+
|
|
43
|
+
Example:
|
|
44
|
+
expiryPolicy: 'rolling' or 'fixed'
|
|
45
|
+
*/
|
|
46
|
+
expiryPolicy: 'fixed'
|
|
47
|
+
},
|
|
48
|
+
}
|
|
49
|
+
```
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "7.0.1-
|
|
3
|
+
"version": "7.0.1-rc.0",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "dist-client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -30,10 +30,10 @@
|
|
|
30
30
|
"migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@things-factory/email-base": "^7.0.1-
|
|
34
|
-
"@things-factory/env": "^7.0.1-
|
|
35
|
-
"@things-factory/shell": "^7.0.1-
|
|
36
|
-
"@things-factory/utils": "^7.0.1-
|
|
33
|
+
"@things-factory/email-base": "^7.0.1-rc.0",
|
|
34
|
+
"@things-factory/env": "^7.0.1-rc.0",
|
|
35
|
+
"@things-factory/shell": "^7.0.1-rc.0",
|
|
36
|
+
"@things-factory/utils": "^7.0.1-rc.0",
|
|
37
37
|
"@types/webappsec-credential-management": "^0.6.8",
|
|
38
38
|
"jsonwebtoken": "^9.0.0",
|
|
39
39
|
"koa-passport": "^6.0.0",
|
|
@@ -45,5 +45,5 @@
|
|
|
45
45
|
"passport-local": "^1.0.0",
|
|
46
46
|
"popsicle-cookie-jar": "^1.0.0"
|
|
47
47
|
},
|
|
48
|
-
"gitHead": "
|
|
48
|
+
"gitHead": "45476b164b69aef2c211d9a5257897f42d8e2f5f"
|
|
49
49
|
}
|
|
@@ -17,3 +17,4 @@ export const PASSWORD_USED_PAST = 'password used in the past'
|
|
|
17
17
|
export const VERIFICATION_ERROR = 'user or verification token not found'
|
|
18
18
|
export const USER_CREDENTIAL_NOT_FOUND = 'user credential not found'
|
|
19
19
|
export const AUTH_ERROR = 'auth error'
|
|
20
|
+
export const FIDO2_CERT_UNSUPPORTED = 'fido2 certificate unsupported'
|
|
@@ -24,7 +24,12 @@ passport.use(
|
|
|
24
24
|
return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
try {
|
|
28
|
+
return cb(null, user, credential.publicKey)
|
|
29
|
+
} catch (error) {
|
|
30
|
+
console.error(error)
|
|
31
|
+
return cb(null, false, { errorCode: AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED })
|
|
32
|
+
}
|
|
28
33
|
},
|
|
29
34
|
async function register(user, id, publicKey, cb) {
|
|
30
35
|
const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })
|
|
@@ -22,7 +22,7 @@ export class AppBindingQuery {
|
|
|
22
22
|
|
|
23
23
|
/* TODO optimize query */
|
|
24
24
|
@Query(returns => AppBindingList)
|
|
25
|
-
async appBindings(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
|
|
25
|
+
async appBindings(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
|
|
26
26
|
const { domain } = context.state
|
|
27
27
|
|
|
28
28
|
// const convertedParams = convertListParams(params)
|
|
@@ -17,7 +17,10 @@ export class ApplianceQuery {
|
|
|
17
17
|
|
|
18
18
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
19
19
|
@Query(returns => ApplianceList, { description: 'To fetch multiple appliance' })
|
|
20
|
-
async appliances(
|
|
20
|
+
async appliances(
|
|
21
|
+
@Args(type => ListParam) params: ListParam,
|
|
22
|
+
@Ctx() context: ResolverContext
|
|
23
|
+
): Promise<ApplianceList> {
|
|
21
24
|
const { domain } = context.state
|
|
22
25
|
|
|
23
26
|
const queryBuilder = getQueryBuilderFromListParams({
|
|
@@ -35,7 +38,7 @@ export class ApplianceQuery {
|
|
|
35
38
|
|
|
36
39
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
37
40
|
@Query(returns => ApplianceList, { description: 'To fetch multiple appliance' })
|
|
38
|
-
async edges(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<ApplianceList> {
|
|
41
|
+
async edges(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<ApplianceList> {
|
|
39
42
|
const { domain } = context.state
|
|
40
43
|
|
|
41
44
|
const queryBuilder = getQueryBuilderFromListParams({
|
|
@@ -24,7 +24,7 @@ export class ApplicationQuery {
|
|
|
24
24
|
|
|
25
25
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
26
26
|
@Query(returns => ApplicationList, { description: 'To fetch multiple application' })
|
|
27
|
-
async applications(@Args() params: ListParam, @Ctx() context: ResolverContext) {
|
|
27
|
+
async applications(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext) {
|
|
28
28
|
const { domain } = context.state
|
|
29
29
|
|
|
30
30
|
const queryBuilder = getQueryBuilderFromListParams({
|
|
@@ -131,14 +131,14 @@ export class Application {
|
|
|
131
131
|
updatedAt?: Date
|
|
132
132
|
|
|
133
133
|
@ManyToOne(type => User, { nullable: true })
|
|
134
|
-
@Field({ nullable: true })
|
|
134
|
+
@Field(type => User, { nullable: true })
|
|
135
135
|
creator?: User
|
|
136
136
|
|
|
137
137
|
@RelationId((application: Application) => application.creator)
|
|
138
138
|
creatorId?: string
|
|
139
139
|
|
|
140
140
|
@ManyToOne(type => User, { nullable: true })
|
|
141
|
-
@Field({ nullable: true })
|
|
141
|
+
@Field(type => User, { nullable: true })
|
|
142
142
|
updater?: User
|
|
143
143
|
|
|
144
144
|
@RelationId((application: Application) => application.updater)
|
|
@@ -25,7 +25,10 @@ export class AuthProviderQuery {
|
|
|
25
25
|
|
|
26
26
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
27
27
|
@Query(returns => AuthProviderList, { description: 'To fetch multiple AuthProviders' })
|
|
28
|
-
async authProviders(
|
|
28
|
+
async authProviders(
|
|
29
|
+
@Args(type => ListParam) params: ListParam,
|
|
30
|
+
@Ctx() context: ResolverContext
|
|
31
|
+
): Promise<AuthProviderList> {
|
|
29
32
|
const { domain } = context.state
|
|
30
33
|
|
|
31
34
|
const queryBuilder = getQueryBuilderFromListParams({
|
|
@@ -9,7 +9,10 @@ import { LoginHistoryList } from './login-history-type'
|
|
|
9
9
|
@Resolver(LoginHistory)
|
|
10
10
|
export class LoginHistoryQuery {
|
|
11
11
|
@Query(returns => LoginHistoryList, { description: 'To fetch multiple LoginHistories' })
|
|
12
|
-
async loginHistories(
|
|
12
|
+
async loginHistories(
|
|
13
|
+
@Args(type => ListParam) params: ListParam,
|
|
14
|
+
@Ctx() context: ResolverContext
|
|
15
|
+
): Promise<LoginHistoryList> {
|
|
13
16
|
const { domain } = context.state
|
|
14
17
|
|
|
15
18
|
const queryBuilder = getQueryBuilderFromListParams({
|
|
@@ -12,7 +12,7 @@ import { PartnerList } from './partner-types'
|
|
|
12
12
|
export class PartnerQuery {
|
|
13
13
|
@Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
|
|
14
14
|
@Query(returns => PartnerList)
|
|
15
|
-
async partners(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<PartnerList> {
|
|
15
|
+
async partners(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<PartnerList> {
|
|
16
16
|
if (await checkUserBelongsDomain(context.state.domain, context.state.user)) {
|
|
17
17
|
const { domain } = context.state
|
|
18
18
|
|
|
@@ -45,7 +45,10 @@ export class PartnerQuery {
|
|
|
45
45
|
|
|
46
46
|
@Directive('@privilege(category: "partner", privilege: "query")')
|
|
47
47
|
@Query(returns => DomainList)
|
|
48
|
-
async searchCustomers(
|
|
48
|
+
async searchCustomers(
|
|
49
|
+
@Args(type => ListParam) params: ListParam,
|
|
50
|
+
@Ctx() context: ResolverContext
|
|
51
|
+
): Promise<DomainList> {
|
|
49
52
|
const { domain } = context.state
|
|
50
53
|
const partners: Partner[] = await getRepository(Partner).find({
|
|
51
54
|
where: { domain: { id: domain.id } },
|
|
@@ -10,7 +10,10 @@ import { PrivilegeList } from './privilege-types'
|
|
|
10
10
|
export class PrivilegeQuery {
|
|
11
11
|
@Directive('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
12
12
|
@Query(returns => PrivilegeList, { description: 'To fetch multiple privileges' })
|
|
13
|
-
async privileges(
|
|
13
|
+
async privileges(
|
|
14
|
+
@Args(type => ListParam) params: ListParam,
|
|
15
|
+
@Ctx() context: ResolverContext
|
|
16
|
+
): Promise<PrivilegeList> {
|
|
14
17
|
const [items, total] = await getQueryBuilderFromListParams({
|
|
15
18
|
params,
|
|
16
19
|
repository: getRepository(Privilege),
|
|
@@ -29,13 +32,21 @@ export class PrivilegeQuery {
|
|
|
29
32
|
}
|
|
30
33
|
|
|
31
34
|
@Query(returns => Boolean, { description: 'To query whether I have the given permission' })
|
|
32
|
-
async hasPrivilege(
|
|
35
|
+
async hasPrivilege(
|
|
36
|
+
@Arg('privilege') privilege: string,
|
|
37
|
+
@Arg('category') category: string,
|
|
38
|
+
@Ctx() context: ResolverContext
|
|
39
|
+
): Promise<Boolean> {
|
|
33
40
|
const { domain, user } = context.state
|
|
34
41
|
return await User.hasPrivilege(privilege, category, domain, user)
|
|
35
42
|
}
|
|
36
43
|
|
|
37
44
|
@Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })
|
|
38
|
-
async domainsWithPrivilege(
|
|
45
|
+
async domainsWithPrivilege(
|
|
46
|
+
@Arg('privilege') privilege: string,
|
|
47
|
+
@Arg('category') category: string,
|
|
48
|
+
@Ctx() context: ResolverContext
|
|
49
|
+
): Promise<Partial<Domain>[]> {
|
|
39
50
|
const { user } = context.state
|
|
40
51
|
return await User.getDomainsWithPrivilege(privilege, category, user)
|
|
41
52
|
}
|
|
@@ -24,7 +24,7 @@ export class RoleQuery {
|
|
|
24
24
|
|
|
25
25
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
26
26
|
@Query(returns => RoleList, { description: 'To fetch multiple users' })
|
|
27
|
-
async roles(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<RoleList> {
|
|
27
|
+
async roles(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<RoleList> {
|
|
28
28
|
const { domain } = context.state
|
|
29
29
|
|
|
30
30
|
const [items, total] = await getQueryBuilderFromListParams({
|
|
@@ -27,7 +27,7 @@ export class UserQuery {
|
|
|
27
27
|
|
|
28
28
|
@Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
|
|
29
29
|
@Query(returns => UserList, { description: 'To fetch multiple users' })
|
|
30
|
-
async users(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
|
|
30
|
+
async users(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
|
|
31
31
|
const { domain } = context.state
|
|
32
32
|
|
|
33
33
|
const qb = getQueryBuilderFromListParams({
|
package/translations/en.json
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
"error.domain mismatch": "certificate is not for this domain",
|
|
5
5
|
"error.domain not allowed": "user not allowed domain `{subdomain}`",
|
|
6
6
|
"error.failed to find x": "failed to find {x}",
|
|
7
|
+
"error.fido2 certificate unsupported": "FIDO2 certificate unsupported",
|
|
7
8
|
"error.password should match the rule": "password should match following rule. ${rule}",
|
|
8
9
|
"error.password used in the past": "password used in the past",
|
|
9
10
|
"error.subdomain not found": "domain not found",
|
package/translations/ja.json
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
"error.domain mismatch": "証明書のドメインと現在のドメインが一致しません.",
|
|
5
5
|
"error.domain not allowed": "'{subdomain}' 領域はこのユーザに許可されていません.",
|
|
6
6
|
"error.failed to find x": "{x}が見つかりません.",
|
|
7
|
+
"error.fido2 certificate unsupported": "fido2証明書はサポートされていません",
|
|
7
8
|
"error.password should match the rule": "パスワードは次の規則を守らなければなりません. {rule}",
|
|
8
9
|
"error.password used in the past": "過去に使用されたパスワードです.",
|
|
9
10
|
"error.subdomain not found": "サブドメインが見つかりません.",
|
package/translations/ko.json
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
"error.domain mismatch": "인증서의 도메인과 현재 도메인이 일치하지 않습니다.",
|
|
5
5
|
"error.domain not allowed": "'{subdomain}' 영역은 이 사용자에게 허가되지 않았습니다.",
|
|
6
6
|
"error.failed to find x": "{x}을(를) 찾을 수 없습니다.",
|
|
7
|
+
"error.fido2 certificate unsupported": "제공된 인증서가 올바르지 않거나 지원되지 않는 형식입니다. 다른 로그인 방법을 사용하세요.",
|
|
7
8
|
"error.password should match the rule": "비밀번호는 다음 규칙을 지켜야 합니다. {rule}",
|
|
8
9
|
"error.password used in the past": "과거에 사용된 비밀번호입니다.",
|
|
9
10
|
"error.subdomain not found": "서브도메인을 찾을 수 없습니다.",
|
package/translations/ms.json
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
"error.domain mismatch": "Sijil tidak sesuai untuk domain ini",
|
|
5
5
|
"error.domain not allowed": "Pengguna tidak dibenarkan domain `{subdomain}`",
|
|
6
6
|
"error.failed to find x": "Gagal mencari {x}",
|
|
7
|
+
"error.fido2 certificate unsupported": "sijil fido2 tidak disokong",
|
|
7
8
|
"error.password should match the rule": "Kata laluan harus mematuhi peraturan berikut. ${rule}",
|
|
8
9
|
"error.password used in the past": "Kata laluan telah digunakan dalam masa lampau",
|
|
9
10
|
"error.subdomain not found": "Domain tidak ditemui",
|
package/translations/zh.json
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
"error.domain mismatch": "证书不适用于该域!",
|
|
5
5
|
"error.domain not allowed": "用户无权限使用`{subdomain}`域!",
|
|
6
6
|
"error.failed to find x": "查询{x}失败!",
|
|
7
|
+
"error.fido2 certificate unsupported": "fido2证书不支持",
|
|
7
8
|
"error.password should match the rule": "密码应符合以下规则。${rule}",
|
|
8
9
|
"error.password used in the past": "使用过的密码!",
|
|
9
10
|
"error.subdomain not found": "用户域查询失败!",
|