@things-factory/auth-base 7.0.1-beta.8 → 7.0.1-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (256) hide show
  1. package/dist-client/auth.js.map +1 -1
  2. package/dist-client/directive/privileged.d.ts +5 -5
  3. package/dist-client/directive/privileged.js.map +1 -1
  4. package/dist-client/profiled.js.map +1 -1
  5. package/dist-client/reducers/auth.js.map +1 -1
  6. package/dist-client/tsconfig.tsbuildinfo +1 -1
  7. package/dist-server/constants/error-code.d.ts +1 -0
  8. package/dist-server/constants/error-code.js +2 -1
  9. package/dist-server/constants/error-code.js.map +1 -1
  10. package/dist-server/controllers/change-pwd.js +1 -2
  11. package/dist-server/controllers/change-pwd.js.map +1 -1
  12. package/dist-server/controllers/checkin.js +1 -2
  13. package/dist-server/controllers/checkin.js.map +1 -1
  14. package/dist-server/controllers/delete-user.js +2 -3
  15. package/dist-server/controllers/delete-user.js.map +1 -1
  16. package/dist-server/controllers/invitation.js +4 -5
  17. package/dist-server/controllers/invitation.js.map +1 -1
  18. package/dist-server/controllers/profile.js +1 -2
  19. package/dist-server/controllers/profile.js.map +1 -1
  20. package/dist-server/controllers/reset-password.js +2 -3
  21. package/dist-server/controllers/reset-password.js.map +1 -1
  22. package/dist-server/controllers/signin.js +1 -2
  23. package/dist-server/controllers/signin.js.map +1 -1
  24. package/dist-server/controllers/signup.js +1 -2
  25. package/dist-server/controllers/signup.js.map +1 -1
  26. package/dist-server/controllers/unlock-user.js +2 -3
  27. package/dist-server/controllers/unlock-user.js.map +1 -1
  28. package/dist-server/controllers/utils/make-invitation-token.js +1 -2
  29. package/dist-server/controllers/utils/make-invitation-token.js.map +1 -1
  30. package/dist-server/controllers/utils/make-verification-token.js +1 -2
  31. package/dist-server/controllers/utils/make-verification-token.js.map +1 -1
  32. package/dist-server/controllers/utils/password-rule.js +10 -10
  33. package/dist-server/controllers/utils/password-rule.js.map +1 -1
  34. package/dist-server/controllers/utils/save-invitation-token.js +1 -2
  35. package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
  36. package/dist-server/controllers/utils/save-verification-token.js +1 -2
  37. package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
  38. package/dist-server/controllers/verification.js +3 -4
  39. package/dist-server/controllers/verification.js.map +1 -1
  40. package/dist-server/index.js.map +1 -1
  41. package/dist-server/middlewares/authenticate-401-middleware.js +1 -2
  42. package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
  43. package/dist-server/middlewares/domain-authenticate-middleware.js +1 -2
  44. package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
  45. package/dist-server/middlewares/graphql-authenticate-middleware.js +1 -2
  46. package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
  47. package/dist-server/middlewares/index.js +1 -2
  48. package/dist-server/middlewares/index.js.map +1 -1
  49. package/dist-server/middlewares/jwt-authenticate-middleware.js +1 -2
  50. package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
  51. package/dist-server/middlewares/signin-middleware.js +1 -2
  52. package/dist-server/middlewares/signin-middleware.js.map +1 -1
  53. package/dist-server/middlewares/webauthn-middleware.js +9 -3
  54. package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
  55. package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
  56. package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
  57. package/dist-server/router/auth-checkin-router.js.map +1 -1
  58. package/dist-server/router/auth-private-process-router.js.map +1 -1
  59. package/dist-server/router/auth-public-process-router.js.map +1 -1
  60. package/dist-server/router/auth-signin-router.js.map +1 -1
  61. package/dist-server/router/auth-signup-router.js.map +1 -1
  62. package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
  63. package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
  64. package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
  65. package/dist-server/router/oauth2/passport-oauth2-client-password.js +1 -2
  66. package/dist-server/router/oauth2/passport-oauth2-client-password.js.map +1 -1
  67. package/dist-server/router/oauth2/passport-refresh-token.js +1 -2
  68. package/dist-server/router/oauth2/passport-refresh-token.js.map +1 -1
  69. package/dist-server/router/site-root-router.js.map +1 -1
  70. package/dist-server/routes.js.map +1 -1
  71. package/dist-server/service/app-binding/app-binding-mutation.js +2 -2
  72. package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
  73. package/dist-server/service/app-binding/app-binding-query.js +3 -3
  74. package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
  75. package/dist-server/service/app-binding/app-binding-types.js +2 -2
  76. package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
  77. package/dist-server/service/app-binding/app-binding.js +2 -2
  78. package/dist-server/service/app-binding/app-binding.js.map +1 -1
  79. package/dist-server/service/appliance/appliance-mutation.js +2 -2
  80. package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
  81. package/dist-server/service/appliance/appliance-query.js +4 -4
  82. package/dist-server/service/appliance/appliance-query.js.map +1 -1
  83. package/dist-server/service/appliance/appliance-types.js +6 -6
  84. package/dist-server/service/appliance/appliance-types.js.map +1 -1
  85. package/dist-server/service/appliance/appliance.js +2 -2
  86. package/dist-server/service/appliance/appliance.js.map +1 -1
  87. package/dist-server/service/application/application-mutation.js +2 -2
  88. package/dist-server/service/application/application-mutation.js.map +1 -1
  89. package/dist-server/service/application/application-query.js +3 -3
  90. package/dist-server/service/application/application-query.js.map +1 -1
  91. package/dist-server/service/application/application-types.js +8 -8
  92. package/dist-server/service/application/application-types.js.map +1 -1
  93. package/dist-server/service/application/application.js +6 -6
  94. package/dist-server/service/application/application.js.map +1 -1
  95. package/dist-server/service/auth-provider/auth-provider-mutation.js +2 -2
  96. package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
  97. package/dist-server/service/auth-provider/auth-provider-parameter-spec.js +2 -2
  98. package/dist-server/service/auth-provider/auth-provider-parameter-spec.js.map +1 -1
  99. package/dist-server/service/auth-provider/auth-provider-query.js +3 -3
  100. package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
  101. package/dist-server/service/auth-provider/auth-provider-type.js +6 -6
  102. package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
  103. package/dist-server/service/auth-provider/auth-provider.js +6 -6
  104. package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
  105. package/dist-server/service/domain-generator/domain-generator-mutation.js +2 -2
  106. package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
  107. package/dist-server/service/domain-generator/domain-generator-types.js +6 -6
  108. package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
  109. package/dist-server/service/granted-role/granted-role-mutation.js +6 -6
  110. package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
  111. package/dist-server/service/granted-role/granted-role-query.js +2 -2
  112. package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
  113. package/dist-server/service/granted-role/granted-role.js +2 -2
  114. package/dist-server/service/granted-role/granted-role.js.map +1 -1
  115. package/dist-server/service/invitation/invitation-mutation.js +2 -2
  116. package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
  117. package/dist-server/service/invitation/invitation-query.js +2 -2
  118. package/dist-server/service/invitation/invitation-query.js.map +1 -1
  119. package/dist-server/service/invitation/invitation-types.js +2 -2
  120. package/dist-server/service/invitation/invitation-types.js.map +1 -1
  121. package/dist-server/service/invitation/invitation.js +2 -2
  122. package/dist-server/service/invitation/invitation.js.map +1 -1
  123. package/dist-server/service/login-history/login-history-query.js +3 -3
  124. package/dist-server/service/login-history/login-history-query.js.map +1 -1
  125. package/dist-server/service/login-history/login-history-type.js +2 -2
  126. package/dist-server/service/login-history/login-history-type.js.map +1 -1
  127. package/dist-server/service/login-history/login-history.js +2 -2
  128. package/dist-server/service/login-history/login-history.js.map +1 -1
  129. package/dist-server/service/partner/partner-mutation.js +2 -2
  130. package/dist-server/service/partner/partner-mutation.js.map +1 -1
  131. package/dist-server/service/partner/partner-query.js +4 -4
  132. package/dist-server/service/partner/partner-query.js.map +1 -1
  133. package/dist-server/service/partner/partner-types.js +2 -2
  134. package/dist-server/service/partner/partner-types.js.map +1 -1
  135. package/dist-server/service/partner/partner.js +2 -2
  136. package/dist-server/service/partner/partner.js.map +1 -1
  137. package/dist-server/service/password-history/password-history.js +2 -2
  138. package/dist-server/service/password-history/password-history.js.map +1 -1
  139. package/dist-server/service/privilege/privilege-directive.js.map +1 -1
  140. package/dist-server/service/privilege/privilege-mutation.js +2 -2
  141. package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
  142. package/dist-server/service/privilege/privilege-query.js +3 -3
  143. package/dist-server/service/privilege/privilege-query.js.map +1 -1
  144. package/dist-server/service/privilege/privilege-types.js +8 -8
  145. package/dist-server/service/privilege/privilege-types.js.map +1 -1
  146. package/dist-server/service/privilege/privilege.js +6 -6
  147. package/dist-server/service/privilege/privilege.js.map +1 -1
  148. package/dist-server/service/role/role-mutation.js +2 -2
  149. package/dist-server/service/role/role-mutation.js.map +1 -1
  150. package/dist-server/service/role/role-query.js +3 -3
  151. package/dist-server/service/role/role-query.js.map +1 -1
  152. package/dist-server/service/role/role-types.js +10 -10
  153. package/dist-server/service/role/role-types.js.map +1 -1
  154. package/dist-server/service/role/role.js +2 -2
  155. package/dist-server/service/role/role.js.map +1 -1
  156. package/dist-server/service/user/domain-query.js +2 -2
  157. package/dist-server/service/user/domain-query.js.map +1 -1
  158. package/dist-server/service/user/user-mutation.js +2 -2
  159. package/dist-server/service/user/user-mutation.js.map +1 -1
  160. package/dist-server/service/user/user-query.js +3 -3
  161. package/dist-server/service/user/user-query.js.map +1 -1
  162. package/dist-server/service/user/user-types.js +6 -6
  163. package/dist-server/service/user/user-types.js.map +1 -1
  164. package/dist-server/service/user/user.js +5 -5
  165. package/dist-server/service/user/user.js.map +1 -1
  166. package/dist-server/service/users-auth-providers/users-auth-providers.js +2 -2
  167. package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
  168. package/dist-server/service/verification-token/verification-token.js +3 -3
  169. package/dist-server/service/verification-token/verification-token.js.map +1 -1
  170. package/dist-server/service/web-auth-credential/web-auth-credential.js +2 -2
  171. package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
  172. package/dist-server/templates/account-unlock-email.js +1 -2
  173. package/dist-server/templates/account-unlock-email.js.map +1 -1
  174. package/dist-server/templates/invitation-email.js +1 -2
  175. package/dist-server/templates/invitation-email.js.map +1 -1
  176. package/dist-server/templates/reset-password-email.js +1 -2
  177. package/dist-server/templates/reset-password-email.js.map +1 -1
  178. package/dist-server/templates/verification-email.js +1 -2
  179. package/dist-server/templates/verification-email.js.map +1 -1
  180. package/dist-server/tsconfig.tsbuildinfo +1 -1
  181. package/dist-server/utils/accepts.js +1 -2
  182. package/dist-server/utils/accepts.js.map +1 -1
  183. package/dist-server/utils/access-token-cookie.js +4 -5
  184. package/dist-server/utils/access-token-cookie.js.map +1 -1
  185. package/dist-server/utils/check-permission.js +1 -2
  186. package/dist-server/utils/check-permission.js.map +1 -1
  187. package/dist-server/utils/check-user-belongs-domain.js +1 -2
  188. package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
  189. package/dist-server/utils/encrypt-state.js +2 -3
  190. package/dist-server/utils/encrypt-state.js.map +1 -1
  191. package/dist-server/utils/get-aes-256-key.js.map +1 -1
  192. package/dist-server/utils/get-domain-from-hostname.js +1 -2
  193. package/dist-server/utils/get-domain-from-hostname.js.map +1 -1
  194. package/dist-server/utils/get-domain-users.js +2 -3
  195. package/dist-server/utils/get-domain-users.js.map +1 -1
  196. package/dist-server/utils/get-secret.js.map +1 -1
  197. package/dist-server/utils/get-user-domains.js +4 -5
  198. package/dist-server/utils/get-user-domains.js.map +1 -1
  199. package/helps/config/SECRET.ja.md +13 -0
  200. package/helps/config/SECRET.ko.md +13 -0
  201. package/helps/config/SECRET.md +3 -3
  202. package/helps/config/SECRET.ms.md +13 -0
  203. package/helps/config/SECRET.zh.md +13 -0
  204. package/helps/config/accessTokenCookieKey.ja.md +11 -0
  205. package/helps/config/accessTokenCookieKey.ko.md +11 -0
  206. package/helps/config/accessTokenCookieKey.md +1 -1
  207. package/helps/config/accessTokenCookieKey.ms.md +11 -0
  208. package/helps/config/accessTokenCookieKey.zh.md +11 -0
  209. package/helps/config/applianceJwtExpiresIn.ja.md +26 -0
  210. package/helps/config/applianceJwtExpiresIn.ko.md +26 -0
  211. package/helps/config/applianceJwtExpiresIn.md +18 -15
  212. package/helps/config/applianceJwtExpiresIn.ms.md +30 -0
  213. package/helps/config/applianceJwtExpiresIn.zh.md +26 -0
  214. package/helps/config/disableUserSignupProcess.ja.md +22 -0
  215. package/helps/config/disableUserSignupProcess.ko.md +22 -0
  216. package/helps/config/disableUserSignupProcess.md +3 -3
  217. package/helps/config/disableUserSignupProcess.ms.md +22 -0
  218. package/helps/config/disableUserSignupProcess.zh.md +22 -0
  219. package/helps/config/i18n.ja.md +44 -0
  220. package/helps/config/i18n.ko.md +44 -0
  221. package/helps/config/i18n.md +6 -6
  222. package/helps/config/i18n.ms.md +44 -0
  223. package/helps/config/i18n.zh.md +44 -0
  224. package/helps/config/password.ja.md +53 -0
  225. package/helps/config/password.ko.md +65 -0
  226. package/helps/config/password.md +8 -36
  227. package/helps/config/password.ms.md +65 -0
  228. package/helps/config/password.zh.md +65 -0
  229. package/helps/config/publicHomeRoute.ja.md +14 -0
  230. package/helps/config/publicHomeRoute.ko.md +14 -0
  231. package/helps/config/publicHomeRoute.md +3 -3
  232. package/helps/config/publicHomeRoute.ms.md +14 -0
  233. package/helps/config/publicHomeRoute.zh.md +14 -0
  234. package/helps/config/session.ja.md +45 -0
  235. package/helps/config/session.ko.md +49 -0
  236. package/helps/config/session.md +10 -10
  237. package/helps/config/session.ms.md +46 -0
  238. package/helps/config/session.zh.md +49 -0
  239. package/package.json +6 -6
  240. package/server/constants/error-code.ts +1 -0
  241. package/server/middlewares/webauthn-middleware.ts +6 -1
  242. package/server/service/app-binding/app-binding-query.ts +1 -1
  243. package/server/service/appliance/appliance-query.ts +5 -2
  244. package/server/service/application/application-query.ts +1 -1
  245. package/server/service/application/application.ts +2 -2
  246. package/server/service/auth-provider/auth-provider-query.ts +4 -1
  247. package/server/service/login-history/login-history-query.ts +4 -1
  248. package/server/service/partner/partner-query.ts +5 -2
  249. package/server/service/privilege/privilege-query.ts +14 -3
  250. package/server/service/role/role-query.ts +1 -1
  251. package/server/service/user/user-query.ts +1 -1
  252. package/translations/en.json +1 -0
  253. package/translations/ja.json +1 -0
  254. package/translations/ko.json +1 -0
  255. package/translations/ms.json +1 -0
  256. package/translations/zh.json +1 -0
package/dist-server/middlewares/jwt-authenticate-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/jwt-authenticate-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,+CAAkE;AAElE,6CAA4C;AAE5C,0FAAoF;AACpF,0FAAoF;AACpF,+CAAuD;AACvD,yFAAwF;AACxF,sEAAiH;AACjH,oDAA4C;AAE5C,MAAM,mBAAmB,GAAG,YAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAA;AAEvE,sBAAQ,CAAC,GAAG,CACV,IAAI,uBAAW,CACb;IACE,WAAW,EAAE,mBAAM;IACnB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,yBAAU,CAAC,cAAc,CAAC;QACxC,yBAAU,CAAC,2BAA2B,EAAE;QACxC,yBAAU,CAAC,UAAU,CAAC,eAAe,CAAC;QACtC,yBAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;QACvC,yBAAU,CAAC,qBAAqB,CAAC,cAAc,CAAC;QAChD,yBAAU,CAAC,aAAa,CAAC,cAAc,CAAC;QACxC,GAAG,CAAC,EAAE;YACJ,IAAI,KAAK,GAAG,IAAI,CAAA;YAChB,KAAK,GAAG,IAAA,0CAAoB,EAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,CAAC,CAAA;YACtC,OAAO,KAAK,CAAA;QACd,CAAC;KACF,CAAC;CACH,EACD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/B,IAAI;QACF,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;KAC3B;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;KACnB;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IACxB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,IAAI,EAAE;QACR,OAAO,MAAM,IAAI,EAAE,CAAA;KACpB;IAED,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE;YACnB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,IAAI,IAAI,CAAC,CAAA;YAE7C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAE/B,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAA;SAC9B;aAAM;YACL,MAAM,UAAU,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;YAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAU,CAAC,kBAAkB,EAAE;gBACvD,IAAI;oBACF,MAAM,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;oBACrC,MAAM,IAAA,+CAAqB,EAAC,UAAU,CAAC,EAAE,EAAE,KAAK,EAAE,0CAAqB,CAAC,cAAc,CAAC,CAAA;oBACvF,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;oBAC/B,OAAO,CAAC,QAAQ,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAA;iBACxD;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,GAAG,CAAA;iBACV;aACF;iBAAM;gBACL,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,UAAU,CAAA;gBAC/B,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,OAAO,CAAA;gBAEpC,IAAI,mBAAmB,IAAI,SAAS,EAAE;oBACpC,6FAA6F;oBAE7F,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAA;oBACrC,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;iBACrC;gBAED,MAAM,IAAI,EAAE,CAAA;aACb;SACF;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAzCD,8DAyCC","sourcesContent":["import passport from 'koa-passport'\nimport { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'\n\nimport { config } from '@things-factory/env'\n\nimport { makeVerificationToken } from '../controllers/utils/make-verification-token'\nimport { saveVerificationToken } from '../controllers/utils/save-verification-token'\nimport { User, UserStatus } from '../service/user/user'\nimport { VerificationTokenType } from '../service/verification-token/verification-token'\nimport { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { SECRET } from '../utils/get-secret'\n\nconst sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')\n\npassport.use(\n new JWTstrategy(\n {\n secretOrKey: SECRET,\n passReqToCallback: true,\n jwtFromRequest: ExtractJwt.fromExtractors([\n ExtractJwt.fromAuthHeaderAsBearerToken(),\n ExtractJwt.fromHeader('authorization'),\n ExtractJwt.fromHeader('x-access-token'),\n ExtractJwt.fromUrlQueryParameter('access_token'),\n ExtractJwt.fromBodyField('access_token'),\n req => {\n var token = null\n token = getAccessTokenCookie(req?.ctx)\n return token\n }\n ])\n },\n async (request, decoded, done) => {\n try {\n return done(null, decoded)\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function jwtAuthenticateMiddleware(context, next) {\n const { path } = context\n const { user } = context.state\n if (user) {\n return await next()\n }\n\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (err || !decoded) {\n const e = (context.state.error = err || info)\n\n clearAccessTokenCookie(context)\n\n context.throw(401, e.message)\n } else {\n const userEntity = await User.checkAuth(decoded)\n\n if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {\n try {\n const token = makeVerificationToken()\n await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)\n clearAccessTokenCookie(context)\n context.redirect(`/auth/reset-password?token=${token}`)\n } catch (e) {\n throw err\n }\n } else {\n context.state.user = userEntity\n context.state.decodedToken = decoded\n\n if (sessionExpiryPolicy == 'rolling') {\n /* To renew the expiry time on each request, a token is issued and the session is updated. */\n\n const token = await userEntity.sign()\n setAccessTokenCookie(context, token)\n }\n\n await next()\n }\n }\n })(context, next)\n}\n"]}
1
+ {"version":3,"file":"jwt-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/jwt-authenticate-middleware.ts"],"names":[],"mappings":";;AA0CA,8DAyCC;;AAnFD,wEAAmC;AACnC,+CAAkE;AAElE,6CAA4C;AAE5C,0FAAoF;AACpF,0FAAoF;AACpF,+CAAuD;AACvD,yFAAwF;AACxF,sEAAiH;AACjH,oDAA4C;AAE5C,MAAM,mBAAmB,GAAG,YAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAA;AAEvE,sBAAQ,CAAC,GAAG,CACV,IAAI,uBAAW,CACb;IACE,WAAW,EAAE,mBAAM;IACnB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,yBAAU,CAAC,cAAc,CAAC;QACxC,yBAAU,CAAC,2BAA2B,EAAE;QACxC,yBAAU,CAAC,UAAU,CAAC,eAAe,CAAC;QACtC,yBAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;QACvC,yBAAU,CAAC,qBAAqB,CAAC,cAAc,CAAC;QAChD,yBAAU,CAAC,aAAa,CAAC,cAAc,CAAC;QACxC,GAAG,CAAC,EAAE;YACJ,IAAI,KAAK,GAAG,IAAI,CAAA;YAChB,KAAK,GAAG,IAAA,0CAAoB,EAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,CAAC,CAAA;YACtC,OAAO,KAAK,CAAA;QACd,CAAC;KACF,CAAC;CACH,EACD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IACxB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,MAAM,IAAI,EAAE,CAAA;IACrB,CAAC;IAED,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,IAAI,IAAI,CAAC,CAAA;YAE7C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAE/B,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;YAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAU,CAAC,kBAAkB,EAAE,CAAC;gBACxD,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;oBACrC,MAAM,IAAA,+CAAqB,EAAC,UAAU,CAAC,EAAE,EAAE,KAAK,EAAE,0CAAqB,CAAC,cAAc,CAAC,CAAA;oBACvF,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;oBAC/B,OAAO,CAAC,QAAQ,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAA;gBACzD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,UAAU,CAAA;gBAC/B,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,OAAO,CAAA;gBAEpC,IAAI,mBAAmB,IAAI,SAAS,EAAE,CAAC;oBACrC,6FAA6F;oBAE7F,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAA;oBACrC,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBACtC,CAAC;gBAED,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC","sourcesContent":["import passport from 'koa-passport'\nimport { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'\n\nimport { config } from '@things-factory/env'\n\nimport { makeVerificationToken } from '../controllers/utils/make-verification-token'\nimport { saveVerificationToken } from '../controllers/utils/save-verification-token'\nimport { User, UserStatus } from '../service/user/user'\nimport { VerificationTokenType } from '../service/verification-token/verification-token'\nimport { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { SECRET } from '../utils/get-secret'\n\nconst sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')\n\npassport.use(\n new JWTstrategy(\n {\n secretOrKey: SECRET,\n passReqToCallback: true,\n jwtFromRequest: ExtractJwt.fromExtractors([\n ExtractJwt.fromAuthHeaderAsBearerToken(),\n ExtractJwt.fromHeader('authorization'),\n ExtractJwt.fromHeader('x-access-token'),\n ExtractJwt.fromUrlQueryParameter('access_token'),\n ExtractJwt.fromBodyField('access_token'),\n req => {\n var token = null\n token = getAccessTokenCookie(req?.ctx)\n return token\n }\n ])\n },\n async (request, decoded, done) => {\n try {\n return done(null, decoded)\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function jwtAuthenticateMiddleware(context, next) {\n const { path } = context\n const { user } = context.state\n if (user) {\n return await next()\n }\n\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (err || !decoded) {\n const e = (context.state.error = err || info)\n\n clearAccessTokenCookie(context)\n\n context.throw(401, e.message)\n } else {\n const userEntity = await User.checkAuth(decoded)\n\n if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {\n try {\n const token = makeVerificationToken()\n await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)\n clearAccessTokenCookie(context)\n context.redirect(`/auth/reset-password?token=${token}`)\n } catch (e) {\n throw err\n }\n } else {\n context.state.user = userEntity\n context.state.decodedToken = decoded\n\n if (sessionExpiryPolicy == 'rolling') {\n /* To renew the expiry time on each request, a token is issued and the session is updated. */\n\n const token = await userEntity.sign()\n setAccessTokenCookie(context, token)\n }\n\n await next()\n }\n }\n })(context, next)\n}\n"]}
package/dist-server/middlewares/signin-middleware.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.signinMiddleware = void 0;
3
+ exports.signinMiddleware = signinMiddleware;
4
4
  const tslib_1 = require("tslib");
5
5
  const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
6
6
  const passport_local_1 = require("passport-local");
@@ -39,5 +39,4 @@ async function signinMiddleware(context, next) {
39
39
  }
40
40
  })(context, next);
41
41
  }
42
- exports.signinMiddleware = signinMiddleware;
43
42
  //# sourceMappingURL=signin-middleware.js.map
package/dist-server/middlewares/signin-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"signin-middleware.js","sourceRoot":"","sources":["../../server/middlewares/signin-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,mDAA0D;AAE1D,kDAA8C;AAE9C,sBAAQ,CAAC,GAAG,CACV,QAAQ,EACR,IAAI,yBAAa,CACf;IACE,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,UAAU;CAC1B,EACD,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;IAC9B,IAAI;QACF,MAAM,EACJ,IAAI,EAAE,QAAQ,EACd,KAAK,EACL,OAAO,EACR,GAAG,MAAM,IAAA,eAAM,EAAC;YACf,KAAK;YACL,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,IAAI,CACT,IAAI,EACJ;YACE,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,OAAO;SACR,EACD;YACE,OAAO,EAAE,wBAAwB;SAClC,CACF,CAAA;KACF;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;KACnB;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAAO,EAAE,IAAI;IAClD,OAAO,sBAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACnF,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;YAChB,MAAM,GAAG,CAAA;SACV;aAAM;YACL,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAEtC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAA;YAC7B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;YAE3B,MAAM,IAAI,EAAE,CAAA;SACb;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAbD,4CAaC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as localStrategy } from 'passport-local'\n\nimport { signin } from '../controllers/signin'\n\npassport.use(\n 'signin',\n new localStrategy(\n {\n usernameField: 'email',\n passwordField: 'password'\n },\n async (email, password, done) => {\n try {\n const {\n user: userInfo,\n token,\n domains\n } = await signin({\n email,\n password\n })\n\n return done(\n null,\n {\n user: userInfo,\n token,\n domains\n },\n {\n message: 'Logged in Successfully'\n }\n )\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function signinMiddleware(context, next) {\n return passport.authenticate('signin', { session: false }, async (err, user, info) => {\n if (err || !user) {\n throw err\n } else {\n const { user: userInfo, token } = user\n\n context.state.user = userInfo\n context.state.token = token\n\n await next()\n }\n })(context, next)\n}\n"]}
1
+ {"version":3,"file":"signin-middleware.js","sourceRoot":"","sources":["../../server/middlewares/signin-middleware.ts"],"names":[],"mappings":";;AAyCA,4CAaC;;AAtDD,wEAAmC;AACnC,mDAA0D;AAE1D,kDAA8C;AAE9C,sBAAQ,CAAC,GAAG,CACV,QAAQ,EACR,IAAI,yBAAa,CACf;IACE,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,UAAU;CAC1B,EACD,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;IAC9B,IAAI,CAAC;QACH,MAAM,EACJ,IAAI,EAAE,QAAQ,EACd,KAAK,EACL,OAAO,EACR,GAAG,MAAM,IAAA,eAAM,EAAC;YACf,KAAK;YACL,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,IAAI,CACT,IAAI,EACJ;YACE,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,OAAO;SACR,EACD;YACE,OAAO,EAAE,wBAAwB;SAClC,CACF,CAAA;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAAO,EAAE,IAAI;IAClD,OAAO,sBAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACnF,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,GAAG,CAAA;QACX,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAEtC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAA;YAC7B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;YAE3B,MAAM,IAAI,EAAE,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as localStrategy } from 'passport-local'\n\nimport { signin } from '../controllers/signin'\n\npassport.use(\n 'signin',\n new localStrategy(\n {\n usernameField: 'email',\n passwordField: 'password'\n },\n async (email, password, done) => {\n try {\n const {\n user: userInfo,\n token,\n domains\n } = await signin({\n email,\n password\n })\n\n return done(\n null,\n {\n user: userInfo,\n token,\n domains\n },\n {\n message: 'Logged in Successfully'\n }\n )\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function signinMiddleware(context, next) {\n return passport.authenticate('signin', { session: false }, async (err, user, info) => {\n if (err || !user) {\n throw err\n } else {\n const { user: userInfo, token } = user\n\n context.state.user = userInfo\n context.state.token = token\n\n await next()\n }\n })(context, next)\n}\n"]}
package/dist-server/middlewares/webauthn-middleware.js CHANGED
@@ -1,6 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.webAuthnMiddleware = exports.store = void 0;
3
+ exports.store = void 0;
4
+ exports.webAuthnMiddleware = webAuthnMiddleware;
4
5
  const tslib_1 = require("tslib");
5
6
  const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
6
7
  const passport_fido2_webauthn_1 = require("passport-fido2-webauthn");
@@ -20,7 +21,13 @@ koa_passport_1.default.use(new passport_fido2_webauthn_1.Strategy({ store: expor
20
21
  if (!credential) {
21
22
  return cb(null, false, { errorCode: auth_error_1.AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND });
22
23
  }
23
- return cb(null, user, credential.publicKey);
24
+ try {
25
+ return cb(null, user, credential.publicKey);
26
+ }
27
+ catch (error) {
28
+ console.error(error);
29
+ return cb(null, false, { errorCode: auth_error_1.AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED });
30
+ }
24
31
  }, async function register(user, id, publicKey, cb) {
25
32
  const userObject = await (0, shell_1.getRepository)(user_1.User).findOne({ where: { id: user.id.toString() } });
26
33
  const webAuthRepository = (0, shell_1.getRepository)(web_auth_credential_1.WebAuthCredential);
@@ -58,5 +65,4 @@ async function webAuthnMiddleware(context, next) {
58
65
  }
59
66
  })(context, next);
60
67
  }
61
- exports.webAuthnMiddleware = webAuthnMiddleware;
62
68
  //# sourceMappingURL=webauthn-middleware.js.map
package/dist-server/middlewares/webauthn-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,qEAA6F;AAE7F,iDAAqD;AAErD,+CAA2C;AAC3C,qDAAgD;AAChD,4FAAsF;AAEzE,QAAA,KAAK,GAAG,IAAI,+CAAqB,EAAE,CAAA;AAEhD,sBAAQ,CAAC,GAAG,CACV,IAAI,kCAAgB,CAClB,EAAE,KAAK,EAAL,aAAK,EAAE,EACT,KAAK,UAAU,MAAM,CAAC,EAAU,EAAE,UAAsB,EAAE,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAA;KAC5E;IACD,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACnD,CAAC,CAAA;IACF,IAAI,CAAC,UAAU,EAAE;QACf,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,yBAAyB,EAAE,CAAC,CAAA;KACvF;IAED,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;AAC7C,CAAC,EACD,KAAK,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;IAC7C,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IAC3F,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAA;IAE1D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE;KAC7D,CAAC,CAAA;IAEF,0CAA0C;IAC1C,IAAI,aAAa,EAAE;QACjB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;KACjD;IAED,MAAM,iBAAiB,CAAC,IAAI,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,EAAE;QAChB,SAAS;QACT,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AAC7B,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;IACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,UAAU,EACV,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE;YAChB,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,MAAM,IAAI,sBAAS,CAAC,IAAI,CAAC,CAAA;aAC1B;iBAAM;gBACL,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,UAAU;oBAC3C,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;aACH;SACF;aAAM;YACL,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAEzB,MAAM,IAAI,EAAE,CAAA;SACb;IACH,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC;AArBD,gDAqBC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as WebAuthnStrategy, SessionChallengeStore } from 'passport-fido2-webauthn'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { AuthError } from '../errors/auth-error'\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'\n\nexport const store = new SessionChallengeStore()\n\npassport.use(\n new WebAuthnStrategy(\n { store },\n async function verify(id: string, userHandle: Uint8Array, cb) {\n const user = await getRepository(User).findOne({ where: { id: userHandle.toString() } })\n if (!user) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND })\n }\n const credential = await getRepository(WebAuthCredential).findOne({\n where: { credentialId: id, user: { id: user.id } }\n })\n if (!credential) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })\n }\n\n return cb(null, user, credential.publicKey)\n },\n async function register(user, id, publicKey, cb) {\n const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })\n const webAuthRepository = getRepository(WebAuthCredential)\n\n const oldCredential = await webAuthRepository.findOne({\n where: { user: { id: userObject.id }, publicKey: publicKey }\n })\n\n /* TODO publicKey 비교로는 중복된 등록을 막을 수 없다. */\n if (oldCredential) {\n await webAuthRepository.delete(oldCredential.id)\n }\n\n await webAuthRepository.save({\n user: userObject,\n credentialId: id,\n publicKey,\n counter: 0\n })\n\n return cb(null, userObject)\n }\n )\n)\n\nexport async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n 'webauthn',\n { session: true, failureMessage: true, failWithError: true },\n async (err, user, info) => {\n if (err || !user) {\n if (info.errorCode) {\n throw new AuthError(info)\n } else {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTH_ERROR,\n detail: info\n })\n }\n } else {\n context.state.user = user\n\n await next()\n }\n }\n )(context, next)\n}\n"]}
1
+ {"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;;AA0DA,gDAqBC;;AA/ED,wEAAmC;AACnC,qEAA6F;AAE7F,iDAAqD;AAErD,+CAA2C;AAC3C,qDAAgD;AAChD,4FAAsF;AAEzE,QAAA,KAAK,GAAG,IAAI,+CAAqB,EAAE,CAAA;AAEhD,sBAAQ,CAAC,GAAG,CACV,IAAI,kCAAgB,CAClB,EAAE,KAAK,EAAL,aAAK,EAAE,EACT,KAAK,UAAU,MAAM,CAAC,EAAU,EAAE,UAAsB,EAAE,EAAE;IAC1D,MAAM,IAAI,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAA;IAC7E,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAC,OAAO,CAAC;QAChE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACnD,CAAC,CAAA;IACF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,yBAAyB,EAAE,CAAC,CAAA;IACxF,CAAC;IAED,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAA;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QACpB,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,sBAAsB,EAAE,CAAC,CAAA;IACrF,CAAC;AACH,CAAC,EACD,KAAK,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;IAC7C,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAA;IAC3F,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,uCAAiB,CAAC,CAAA;IAE1D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE;KAC7D,CAAC,CAAA;IAEF,0CAA0C;IAC1C,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,iBAAiB,CAAC,IAAI,CAAC;QAC3B,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,EAAE;QAChB,SAAS;QACT,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AAC7B,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;IACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,UAAU,EACV,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,MAAM,IAAI,sBAAS,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,sBAAS,CAAC,WAAW,CAAC,UAAU;oBAC3C,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAEzB,MAAM,IAAI,EAAE,CAAA;QACd,CAAC;IACH,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAClB,CAAC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as WebAuthnStrategy, SessionChallengeStore } from 'passport-fido2-webauthn'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { User } from '../service/user/user'\nimport { AuthError } from '../errors/auth-error'\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'\n\nexport const store = new SessionChallengeStore()\n\npassport.use(\n new WebAuthnStrategy(\n { store },\n async function verify(id: string, userHandle: Uint8Array, cb) {\n const user = await getRepository(User).findOne({ where: { id: userHandle.toString() } })\n if (!user) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND })\n }\n const credential = await getRepository(WebAuthCredential).findOne({\n where: { credentialId: id, user: { id: user.id } }\n })\n if (!credential) {\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.USER_CREDENTIAL_NOT_FOUND })\n }\n\n try {\n return cb(null, user, credential.publicKey)\n } catch (error) {\n console.error(error)\n return cb(null, false, { errorCode: AuthError.ERROR_CODES.FIDO2_CERT_UNSUPPORTED })\n }\n },\n async function register(user, id, publicKey, cb) {\n const userObject = await getRepository(User).findOne({ where: { id: user.id.toString() } })\n const webAuthRepository = getRepository(WebAuthCredential)\n\n const oldCredential = await webAuthRepository.findOne({\n where: { user: { id: userObject.id }, publicKey: publicKey }\n })\n\n /* TODO publicKey 비교로는 중복된 등록을 막을 수 없다. */\n if (oldCredential) {\n await webAuthRepository.delete(oldCredential.id)\n }\n\n await webAuthRepository.save({\n user: userObject,\n credentialId: id,\n publicKey,\n counter: 0\n })\n\n return cb(null, userObject)\n }\n )\n)\n\nexport async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n 'webauthn',\n { session: true, failureMessage: true, failWithError: true },\n async (err, user, info) => {\n if (err || !user) {\n if (info.errorCode) {\n throw new AuthError(info)\n } else {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTH_ERROR,\n detail: info\n })\n }\n } else {\n context.state.user = user\n\n await next()\n }\n }\n )(context, next)\n}\n"]}
package/dist-server/migrations/1548206416130-SeedUser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"1548206416130-SeedUser.js","sourceRoot":"","sources":["../../server/migrations/1548206416130-SeedUser.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAEhE,6CAAoD;AACpD,iDAA6D;AAE7D,+CAAuD;AAEvD,MAAM,aAAa,GAAG,YAAM,CAAC,GAAG,CAAC,cAAc,EAAE;IAC/C,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,oBAAoB;IAC3B,QAAQ,EAAE,OAAO;CAClB,CAAC,CAAA;AAEF,MAAM,UAAU,GAAG;oCAEZ,aAAa,KAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAU,CAAC,SAAS;CAE/B,CAAA;AACD,MAAa,sBAAsB;IAC1B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,cAAc,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAA;QAE9C,MAAM,MAAM,GAAW,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAEpF,IAAI;YACF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gBAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,IAAI,GAAG,WAAI,CAAC,YAAY,EAAE,CAAA;gBAChC,MAAM,QAAQ,GAAG,WAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;gBAEjD,MAAM,cAAc,CAAC,IAAI,iCACpB,IAAI,KACP,IAAI;oBACJ,QAAQ,EACR,OAAO,EAAE,CAAC,MAAM,CAAC,IACjB,CAAA;aACH;SACF;QAAC,OAAO,CAAC,EAAE;YACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;SAChB;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAA;QAC7F,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,EAAE,CAAA;QAEvB,MAAM,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB;QACxC,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAEtC,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;YACxC,IAAI,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACrE,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAtCD,wDAsCC","sourcesContent":["import { ILike, MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { config, logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { User, UserStatus } from '../service/user/user'\n\nconst ADMIN_ACCOUNT = config.get('adminAccount', {\n name: 'Admin',\n email: 'admin@hatiolab.com',\n password: 'admin'\n})\n\nconst SEED_USERS = [\n {\n ...ADMIN_ACCOUNT,\n userType: 'user',\n status: UserStatus.ACTIVATED\n }\n]\nexport class SeedUsers1548206416130 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const userRepository = getRepository(User)\n const domainRepository = getRepository(Domain)\n\n const domain: Domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } })\n\n try {\n for (let i = 0; i < SEED_USERS.length; i++) {\n const user = SEED_USERS[i]\n const salt = User.generateSalt()\n const password = User.encode(user.password, salt)\n\n await userRepository.save({\n ...user,\n salt,\n password,\n domains: [domain]\n })\n }\n } catch (e) {\n logger.error(e)\n }\n\n const admin = await userRepository.findOne({ where: { email: ILike('admin@hatiolab.com') } })\n domain.owner = admin.id\n\n await domainRepository.save(domain)\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {\n const repository = getRepository(User)\n\n SEED_USERS.reverse().forEach(async user => {\n let record = await repository.findOneBy({ email: ILike(user.email) })\n await repository.remove(record)\n })\n }\n}\n"]}
1
+ {"version":3,"file":"1548206416130-SeedUser.js","sourceRoot":"","sources":["../../server/migrations/1548206416130-SeedUser.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAEhE,6CAAoD;AACpD,iDAA6D;AAE7D,+CAAuD;AAEvD,MAAM,aAAa,GAAG,YAAM,CAAC,GAAG,CAAC,cAAc,EAAE;IAC/C,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,oBAAoB;IAC3B,QAAQ,EAAE,OAAO;CAClB,CAAC,CAAA;AAEF,MAAM,UAAU,GAAG;oCAEZ,aAAa,KAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAU,CAAC,SAAS;CAE/B,CAAA;AACD,MAAa,sBAAsB;IAC1B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,cAAc,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAA;QAE9C,MAAM,MAAM,GAAW,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAEpF,IAAI,CAAC;YACH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,IAAI,GAAG,WAAI,CAAC,YAAY,EAAE,CAAA;gBAChC,MAAM,QAAQ,GAAG,WAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;gBAEjD,MAAM,cAAc,CAAC,IAAI,iCACpB,IAAI,KACP,IAAI;oBACJ,QAAQ,EACR,OAAO,EAAE,CAAC,MAAM,CAAC,IACjB,CAAA;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,oBAAoB,CAAC,EAAE,EAAE,CAAC,CAAA;QAC7F,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,EAAE,CAAA;QAEvB,MAAM,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB;QACxC,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;QAEtC,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;YACxC,IAAI,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACrE,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAtCD,wDAsCC","sourcesContent":["import { ILike, MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { config, logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { User, UserStatus } from '../service/user/user'\n\nconst ADMIN_ACCOUNT = config.get('adminAccount', {\n name: 'Admin',\n email: 'admin@hatiolab.com',\n password: 'admin'\n})\n\nconst SEED_USERS = [\n {\n ...ADMIN_ACCOUNT,\n userType: 'user',\n status: UserStatus.ACTIVATED\n }\n]\nexport class SeedUsers1548206416130 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const userRepository = getRepository(User)\n const domainRepository = getRepository(Domain)\n\n const domain: Domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } })\n\n try {\n for (let i = 0; i < SEED_USERS.length; i++) {\n const user = SEED_USERS[i]\n const salt = User.generateSalt()\n const password = User.encode(user.password, salt)\n\n await userRepository.save({\n ...user,\n salt,\n password,\n domains: [domain]\n })\n }\n } catch (e) {\n logger.error(e)\n }\n\n const admin = await userRepository.findOne({ where: { email: ILike('admin@hatiolab.com') } })\n domain.owner = admin.id\n\n await domainRepository.save(domain)\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {\n const repository = getRepository(User)\n\n SEED_USERS.reverse().forEach(async user => {\n let record = await repository.findOneBy({ email: ILike(user.email) })\n await repository.remove(record)\n })\n }\n}\n"]}
package/dist-server/migrations/1566805283882-SeedPrivilege.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"1566805283882-SeedPrivilege.js","sourceRoot":"","sources":["../../server/migrations/1566805283882-SeedPrivilege.ts"],"names":[],"mappings":";;;AAEA,6CAA4C;AAC5C,iDAAqD;AAErD,8DAA0D;AAE1D,MAAa,0BAA0B;IAC9B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,0CAA0C,CAAC,CAAA;QACtE,MAAM,MAAM,EAAE,CAAA;QACd,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;QAExC,IAAI;YACF,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE;gBAC5E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE;oBACzE,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;iBACnD;aACF;SACF;QAAC,OAAO,CAAC,EAAE;YACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;SAChB;IACH,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB,IAAiB,CAAC;CAC7D;AApBD,gEAoBC","sourcesContent":["import { MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { getRepository } from '@things-factory/shell'\n\nimport { Privilege } from '../service/privilege/privilege'\n\nexport class SeedPrivilege1566805283882 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const privilegeRepository = getRepository(Privilege)\n\n const { schema } = require('@things-factory/shell/dist-server/schema')\n await schema()\n const privileges = process['PRIVILEGES']\n\n try {\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n } catch (e) {\n logger.error(e)\n }\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {}\n}\n"]}
1
+ {"version":3,"file":"1566805283882-SeedPrivilege.js","sourceRoot":"","sources":["../../server/migrations/1566805283882-SeedPrivilege.ts"],"names":[],"mappings":";;;AAEA,6CAA4C;AAC5C,iDAAqD;AAErD,8DAA0D;AAE1D,MAAa,0BAA0B;IAC9B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,qBAAS,CAAC,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,0CAA0C,CAAC,CAAA;QACtE,MAAM,MAAM,EAAE,CAAA;QACd,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;QAExC,IAAI,CAAC;YACH,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE,CAAC;gBAC7E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC1E,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;gBACpD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB,IAAiB,CAAC;CAC7D;AApBD,gEAoBC","sourcesContent":["import { MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { getRepository } from '@things-factory/shell'\n\nimport { Privilege } from '../service/privilege/privilege'\n\nexport class SeedPrivilege1566805283882 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const privilegeRepository = getRepository(Privilege)\n\n const { schema } = require('@things-factory/shell/dist-server/schema')\n await schema()\n const privileges = process['PRIVILEGES']\n\n try {\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n } catch (e) {\n logger.error(e)\n }\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {}\n}\n"]}
package/dist-server/router/auth-checkin-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-checkin-router.js","sourceRoot":"","sources":["../../server/router/auth-checkin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA+F;AAE/F,0EAAqE;AAErE,8CAA0C;AAC1C,sEAAqE;AACrE,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAE9B,QAAA,iBAAiB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE7C,yBAAiB,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAElC,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,IAAI,UAAU;QAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEtE,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QACjD,yCAAyC;QACzC,IAAI;YACF,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;YACrH,MAAM,aAAa,GAAgC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAA,CAAC,wCAAwC;YACxI,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;YAEnF,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;SACpB;QAAC,OAAO,CAAC,EAAE;YACV,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,MAAM,CAAC,CAAA;SACR;KACF;SAAM;QACL,qCAAqC;QACrC,MAAM,EAAE,WAAW,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEvD,IAAI;YACF,IAAI,OAAe,CAAA;YAEnB,IAAI,CAAC,SAAS,EAAE;gBACd,6CAA6C;gBAC7C,SAAS,GAAG,IAAA,6BAAqB,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;aACvD;YAED,IAAI,aAA8B,CAAA;YAClC,IAAI,SAAS,EAAE;gBACb,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;gBAC3D,IAAI,CAAC,aAAa;oBAAE,OAAO,GAAG,CAAC,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;aAC3E;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC/B,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;aAC3B;YAED,IAAI,aAAa,EAAE;gBACjB,OAAO,MAAM,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;aACzD;YAED,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,kBAAkB;gBACjC,IAAI,EAAE;oBACJ,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;oBAC1F,OAAO;oBACP,UAAU;oBACV,UAAU;oBACV,OAAO;iBACR;aACF,CAAC,CAAA;SACH;QAAC,OAAO,CAAC,EAAE;YACV,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,OAAO,CAAC,QAAQ,CACd,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CACrG,CAAA;SACF;KACF;AACH,CAAC,CAAC,CAAA;AAEF,yBAAiB,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAC,OAAO,EAAC,EAAE;IACrD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,OAAO,GAAG,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IACxC,IAAI,UAAU,EAAE;QACd,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;KACvD;IAED,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,KAAK,UAAU,OAAO,CACpB,aAA8B,EAC9B,UAAyB,EACzB,OAAwB;IAExB,MAAM,IAAI,GAAS,OAAO,CAAC,KAAK,CAAC,IAAI,CAAA;IACrC,MAAM,4BAAY,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;IAEnF,IAAI,UAAU,EAAE;QACd,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAA,gCAAwB,EAAC,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAA;KAChG;AACH,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, findSubdomainFromPath, getRedirectSubdomainPath } from '@things-factory/shell'\n\nimport { LoginHistory } from '../service/login-history/login-history'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\n\nexport const authCheckinRouter = new Router()\n\nauthCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {\n const { request, t } = context\n const header = request.header\n const { user } = context.state\n let { subdomain } = context.params\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n if (domainType) domains = domains.filter(d => d.extType == domainType)\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n // When request expects non html response\n try {\n if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain\n const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain\n if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))\n\n await checkIn(checkInDomain, null, context)\n context.body = true\n } catch (e) {\n clearAccessTokenCookie(context)\n throw e\n }\n } else {\n // When request expects html response\n const { redirect_to: redirectTo = '/' } = context.query\n\n try {\n let message: string\n\n if (!subdomain) {\n /* try to find domain from redirectTo path */\n subdomain = findSubdomainFromPath(context, redirectTo)\n }\n\n let checkInDomain: Partial<Domain>\n if (subdomain) {\n checkInDomain = domains.find(d => d.subdomain == subdomain)\n if (!checkInDomain) message = t('error.domain not allowed', { subdomain })\n } else if (domains.length === 1) {\n checkInDomain = domains[0]\n }\n\n if (checkInDomain) {\n return await checkIn(checkInDomain, redirectTo, context)\n }\n\n await context.render('auth-page', {\n pageElement: 'auth-checkin',\n elementScript: '/auth/checkin.js',\n data: {\n user: { email: user.email, locale: user.locale, name: user.name, userType: user.userType },\n domains,\n domainType,\n redirectTo,\n message\n }\n })\n } catch (e) {\n clearAccessTokenCookie(context)\n context.redirect(\n `/auth/signin?email=${encodeURIComponent(user.email)}&redirect_to=${encodeURIComponent(redirectTo)}`\n )\n }\n }\n})\n\nauthCheckinRouter.get('/auth/domains', async context => {\n const { user } = context.state\n var domains = await getUserDomains(user)\n if (domainType) {\n domains = domains.filter(d => d.extType == domainType)\n }\n\n context.body = domains\n})\n\nasync function checkIn(\n checkInDomain: Partial<Domain>,\n redirectTo: string | null,\n context: ResolverContext\n): Promise<void> {\n const user: User = context.state.user\n await LoginHistory.stamp(checkInDomain, user, context.req.connection.remoteAddress)\n\n if (redirectTo) {\n return context.redirect(getRedirectSubdomainPath(context, checkInDomain.subdomain, redirectTo))\n }\n}\n"]}
1
+ {"version":3,"file":"auth-checkin-router.js","sourceRoot":"","sources":["../../server/router/auth-checkin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA+F;AAE/F,0EAAqE;AAErE,8CAA0C;AAC1C,sEAAqE;AACrE,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAE9B,QAAA,iBAAiB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE7C,yBAAiB,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAElC,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,IAAI,UAAU;QAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEtE,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QAClD,yCAAyC;QACzC,IAAI,CAAC;YACH,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;YACrH,MAAM,aAAa,GAAgC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAA,CAAC,wCAAwC;YACxI,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;YAEnF,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;QACrB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,MAAM,CAAC,CAAA;QACT,CAAC;IACH,CAAC;SAAM,CAAC;QACN,qCAAqC;QACrC,MAAM,EAAE,WAAW,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEvD,IAAI,CAAC;YACH,IAAI,OAAe,CAAA;YAEnB,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,6CAA6C;gBAC7C,SAAS,GAAG,IAAA,6BAAqB,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YACxD,CAAC;YAED,IAAI,aAA8B,CAAA;YAClC,IAAI,SAAS,EAAE,CAAC;gBACd,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;gBAC3D,IAAI,CAAC,aAAa;oBAAE,OAAO,GAAG,CAAC,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;YAC5E,CAAC;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;YAC5B,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,MAAM,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,kBAAkB;gBACjC,IAAI,EAAE;oBACJ,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;oBAC1F,OAAO;oBACP,UAAU;oBACV,UAAU;oBACV,OAAO;iBACR;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,OAAO,CAAC,QAAQ,CACd,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CACrG,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,yBAAiB,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAC,OAAO,EAAC,EAAE;IACrD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,OAAO,GAAG,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IACxC,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IACxD,CAAC;IAED,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,KAAK,UAAU,OAAO,CACpB,aAA8B,EAC9B,UAAyB,EACzB,OAAwB;IAExB,MAAM,IAAI,GAAS,OAAO,CAAC,KAAK,CAAC,IAAI,CAAA;IACrC,MAAM,4BAAY,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;IAEnF,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAA,gCAAwB,EAAC,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAA;IACjG,CAAC;AACH,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, findSubdomainFromPath, getRedirectSubdomainPath } from '@things-factory/shell'\n\nimport { LoginHistory } from '../service/login-history/login-history'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\n\nexport const authCheckinRouter = new Router()\n\nauthCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {\n const { request, t } = context\n const header = request.header\n const { user } = context.state\n let { subdomain } = context.params\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n if (domainType) domains = domains.filter(d => d.extType == domainType)\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n // When request expects non html response\n try {\n if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain\n const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain\n if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))\n\n await checkIn(checkInDomain, null, context)\n context.body = true\n } catch (e) {\n clearAccessTokenCookie(context)\n throw e\n }\n } else {\n // When request expects html response\n const { redirect_to: redirectTo = '/' } = context.query\n\n try {\n let message: string\n\n if (!subdomain) {\n /* try to find domain from redirectTo path */\n subdomain = findSubdomainFromPath(context, redirectTo)\n }\n\n let checkInDomain: Partial<Domain>\n if (subdomain) {\n checkInDomain = domains.find(d => d.subdomain == subdomain)\n if (!checkInDomain) message = t('error.domain not allowed', { subdomain })\n } else if (domains.length === 1) {\n checkInDomain = domains[0]\n }\n\n if (checkInDomain) {\n return await checkIn(checkInDomain, redirectTo, context)\n }\n\n await context.render('auth-page', {\n pageElement: 'auth-checkin',\n elementScript: '/auth/checkin.js',\n data: {\n user: { email: user.email, locale: user.locale, name: user.name, userType: user.userType },\n domains,\n domainType,\n redirectTo,\n message\n }\n })\n } catch (e) {\n clearAccessTokenCookie(context)\n context.redirect(\n `/auth/signin?email=${encodeURIComponent(user.email)}&redirect_to=${encodeURIComponent(redirectTo)}`\n )\n }\n }\n})\n\nauthCheckinRouter.get('/auth/domains', async context => {\n const { user } = context.state\n var domains = await getUserDomains(user)\n if (domainType) {\n domains = domains.filter(d => d.extType == domainType)\n }\n\n context.body = domains\n})\n\nasync function checkIn(\n checkInDomain: Partial<Domain>,\n redirectTo: string | null,\n context: ResolverContext\n): Promise<void> {\n const user: User = context.state.user\n await LoginHistory.stamp(checkInDomain, user, context.req.connection.remoteAddress)\n\n if (redirectTo) {\n return context.redirect(getRedirectSubdomainPath(context, checkInDomain.subdomain, redirectTo))\n }\n}\n"]}
package/dist-server/router/auth-private-process-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-private-process-router.js","sourceRoot":"","sources":["../../server/router/auth-private-process-router.ts"],"names":[],"mappings":";;;;AAAA,qCAA+B;AAC/B,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA6D;AAE7D,0DAAqD;AACrD,4DAAuD;AACvD,oDAAsD;AACtD,+CAA2C;AAC3C,sEAA2F;AAC3F,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAC3C,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;AAEvC,QAAA,wBAAwB,GAAG,IAAI,oBAAM,CAAC;IACjD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,gCAAwB;KACrB,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEnE,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAS,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAA;IAEhG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;IAEtD,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;AACtC,CAAC,CAAC;KACD,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/C,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IACxC,MAAM,IAAA,uBAAa,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAEpD,IAAI,WAAW,CAAC,MAAM,EAAE;QACtB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAA;KAC1F;SAAM;QACL,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;KACtD;AACH,CAAC,CAAC;KACD,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC9B,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC5B,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,CAAA;IAE/B,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAE9C,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE;YACL,KAAK,EAAE,IAAA,eAAK,EAAC,SAAS,CAAC;SACxB;QACD,SAAS,EAAE,CAAC,SAAS,CAAC;KACvB,CAAC,CAAA;IAEF,IAAI,KAAK,IAAI,SAAS,IAAI,CAAC,WAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE;QAClF,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;KACP;IAED,MAAM,IAAA,wBAAU,EAAC,IAAI,CAAC,CAAA;IAEtB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;IAC/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;AACjC,CAAC,CAAC;KACD,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvC,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtE,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;KACP;IAED,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEhE,IAAI,UAAU,GAAG,MAAM,WAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAE/D,IAAI,oBAAoB,EAAE;QACxB,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;YACvD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;QACzF,CAAC,CAAC,CAAA;KACH;IAED,OAAO,CAAC,IAAI,GAAG;QACb,IAAI,EAAE;YACJ,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;YACrD,KAAK,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YACnD,QAAQ;YACR,UAAU;SACX;QACD,OAAO;QACP,MAAM,EAAE,MAAM,IAAI;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;QACD,SAAS;KACV,CAAA;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { ILike } from 'typeorm'\nimport Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { changePwd } from '../controllers/change-pwd'\nimport { deleteUser } from '../controllers/delete-user'\nimport { updateProfile } from '../controllers/profile'\nimport { User } from '../service/user/user'\nimport { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\nconst languages = config.get('i18n/languages') || []\n\nexport const authPrivateProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPrivateProcessRouter\n .post('/change-pass', async (context, next) => {\n const { t } = context\n let { current_pass, new_pass, confirm_pass } = context.request.body\n\n const token = await changePwd(context.state.user, current_pass, new_pass, confirm_pass, context)\n\n context.body = t('text.password changed successfully')\n\n setAccessTokenCookie(context, token)\n })\n .post('/update-profile', async (context, next) => {\n const { i18next, t } = context\n const newProfiles = context.request.body\n await updateProfile(context.state.user, newProfiles)\n\n if (newProfiles.locale) {\n context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully')\n } else {\n context.body = t('text.profile changed successfully')\n }\n })\n .post('/delete-user', async (context, next) => {\n const { t, session } = context\n var { user } = context.state\n var { email: userEmail } = user\n\n var { password, email } = context.request.body\n\n const userRepo = getRepository(User)\n const userInfo = await userRepo.findOne({\n where: {\n email: ILike(userEmail)\n },\n relations: ['domains']\n })\n\n if (email != userEmail || !User.verify(userInfo.password, password, userInfo.salt)) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n await deleteUser(user)\n\n context.body = t('text.delete account succeed')\n clearAccessTokenCookie(context)\n })\n .get('/profile', async (context, next) => {\n const { t } = context\n const { domain, user, unsafeIP, prohibitedPrivileges } = context.state\n\n if (!domain) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n domains = domains.filter((d: Domain) => d.extType == domainType)\n\n var privileges = await User.getPrivilegesByDomain(user, domain)\n\n if (prohibitedPrivileges) {\n prohibitedPrivileges.forEach(({ category, privilege }) => {\n privileges = privileges.filter(p => p.category != category || p.privilege != privilege)\n })\n }\n\n context.body = {\n user: {\n email: user.email,\n name: user.name,\n userType: user.userType,\n owner: await process.domainOwnerGranted(domain, user),\n super: await process.superUserGranted(domain, user),\n unsafeIP,\n privileges\n },\n domains,\n domain: domain && {\n name: domain.name,\n subdomain: domain.subdomain\n },\n languages\n }\n })\n"]}
1
+ {"version":3,"file":"auth-private-process-router.js","sourceRoot":"","sources":["../../server/router/auth-private-process-router.ts"],"names":[],"mappings":";;;;AAAA,qCAA+B;AAC/B,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA6D;AAE7D,0DAAqD;AACrD,4DAAuD;AACvD,oDAAsD;AACtD,+CAA2C;AAC3C,sEAA2F;AAC3F,gEAA0D;AAE1D,MAAM,UAAU,GAAG,YAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;AAC3C,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;AAEvC,QAAA,wBAAwB,GAAG,IAAI,oBAAM,CAAC;IACjD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,gCAAwB;KACrB,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEnE,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAS,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAA;IAEhG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;IAEtD,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;AACtC,CAAC,CAAC;KACD,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/C,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IACxC,MAAM,IAAA,uBAAa,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAEpD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAA;IAC3F,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;IACvD,CAAC;AACH,CAAC,CAAC;KACD,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC9B,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC5B,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,CAAA;IAE/B,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAE9C,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE;YACL,KAAK,EAAE,IAAA,eAAK,EAAC,SAAS,CAAC;SACxB;QACD,SAAS,EAAE,CAAC,SAAS,CAAC;KACvB,CAAC,CAAA;IAEF,IAAI,KAAK,IAAI,SAAS,IAAI,CAAC,WAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnF,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,MAAM,IAAA,wBAAU,EAAC,IAAI,CAAC,CAAA;IAEtB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;IAC/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;AACjC,CAAC,CAAC;KACD,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvC,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,IAAI,OAAO,GAAsB,MAAM,IAAA,iCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,UAAU,CAAC,CAAA;IAEhE,IAAI,UAAU,GAAG,MAAM,WAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAE/D,IAAI,oBAAoB,EAAE,CAAC;QACzB,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;YACvD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;QACzF,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,IAAI,EAAE;YACJ,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;YACrD,KAAK,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YACnD,QAAQ;YACR,UAAU;SACX;QACD,OAAO;QACP,MAAM,EAAE,MAAM,IAAI;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;QACD,SAAS;KACV,CAAA;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { ILike } from 'typeorm'\nimport Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { changePwd } from '../controllers/change-pwd'\nimport { deleteUser } from '../controllers/delete-user'\nimport { updateProfile } from '../controllers/profile'\nimport { User } from '../service/user/user'\nimport { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'\nimport { getUserDomains } from '../utils/get-user-domains'\n\nconst domainType = config.get('domainType')\nconst languages = config.get('i18n/languages') || []\n\nexport const authPrivateProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPrivateProcessRouter\n .post('/change-pass', async (context, next) => {\n const { t } = context\n let { current_pass, new_pass, confirm_pass } = context.request.body\n\n const token = await changePwd(context.state.user, current_pass, new_pass, confirm_pass, context)\n\n context.body = t('text.password changed successfully')\n\n setAccessTokenCookie(context, token)\n })\n .post('/update-profile', async (context, next) => {\n const { i18next, t } = context\n const newProfiles = context.request.body\n await updateProfile(context.state.user, newProfiles)\n\n if (newProfiles.locale) {\n context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully')\n } else {\n context.body = t('text.profile changed successfully')\n }\n })\n .post('/delete-user', async (context, next) => {\n const { t, session } = context\n var { user } = context.state\n var { email: userEmail } = user\n\n var { password, email } = context.request.body\n\n const userRepo = getRepository(User)\n const userInfo = await userRepo.findOne({\n where: {\n email: ILike(userEmail)\n },\n relations: ['domains']\n })\n\n if (email != userEmail || !User.verify(userInfo.password, password, userInfo.salt)) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n await deleteUser(user)\n\n context.body = t('text.delete account succeed')\n clearAccessTokenCookie(context)\n })\n .get('/profile', async (context, next) => {\n const { t } = context\n const { domain, user, unsafeIP, prohibitedPrivileges } = context.state\n\n if (!domain) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n domains = domains.filter((d: Domain) => d.extType == domainType)\n\n var privileges = await User.getPrivilegesByDomain(user, domain)\n\n if (prohibitedPrivileges) {\n prohibitedPrivileges.forEach(({ category, privilege }) => {\n privileges = privileges.filter(p => p.category != category || p.privilege != privilege)\n })\n }\n\n context.body = {\n user: {\n email: user.email,\n name: user.name,\n userType: user.userType,\n owner: await process.domainOwnerGranted(domain, user),\n super: await process.superUserGranted(domain, user),\n unsafeIP,\n privileges\n },\n domains,\n domain: domain && {\n name: domain.name,\n subdomain: domain.subdomain\n },\n languages\n }\n })\n"]}
package/dist-server/router/auth-public-process-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-public-process-router.js","sourceRoot":"","sources":["../../server/router/auth-public-process-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAAsE;AAEtE,0DAAiE;AACjE,kEAAqF;AACrF,4DAAuD;AACvD,8DAA6E;AAC7E,+CAA2C;AAC3C,8CAA0C;AAC1C,sEAAqE;AAErE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AACrD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,uBAAuB,GAAG,IAAI,oBAAM,CAAC;IAChD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;IAE5C,MAAM,IAAI,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACrD,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,EAAE;QACR,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;KAChD;SAAM;QACL,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;KAChD;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;IAE/B,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAA;IAE7C,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QAChD,OAAO,CAAC,QAAQ,CAAC,IAAA,uBAAe,EAAC,OAAO,CAAC,CAAC,CAAA;KAC3C;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,iBAAiB;QAC9B,aAAa,EAAE,0BAA0B;QACzC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,gBAAgB;QAC7B,aAAa,EAAE,yBAAyB;QACxC,IAAI,EAAE;YACJ,KAAK;YACL,YAAY;YACZ,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,sBAAsB;QACrC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAEhC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,eAAe;QAC5B,aAAa,EAAE,mBAAmB;QAClC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACpE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAI,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAA;IAEhC,MAAM,IAAA,qBAAM,EAAC,KAAK,CAAC,CAAA;IAEnB,IAAI,OAAO,GAAG,CAAC,CAAC,kCAAkC,CAAC,CAAA;IAEnD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IAEtB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO;gBACP,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;KACH;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,OAAO,GAAG,MAAM,IAAA,sCAAuB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC3D,IAAI,OAAO,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;KACvB;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/E,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEvD,IAAI,OAAO,GAAG,MAAM,IAAA,kCAAqB,EACvC;QACE,KAAK;QACL,SAAS;QACT,IAAI;KACL,EACD,OAAO,CACR,CAAA;IAED,IAAI,OAAO,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAA;IAE7C,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;KACvB;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,EAAE,CAAA;IAEzB,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QAClC,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,MAAM,IAAA,uCAAsB,EAAC;QAC3C,IAAI;QACJ,OAAO;KACR,CAAC,CAAA;IAEF,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gCAAgC,CAAC,CAAA;KACnD;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAE7B,IAAI;QACF,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE;YACxB,IAAI,OAAO,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;YAErD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACpB,OAAO,CAAC,IAAI,GAAG;gBACb,OAAO;aACR,CAAA;YAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;gBAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBAChC,WAAW,EAAE,gBAAgB;oBAC7B,aAAa,EAAE,yBAAyB;oBACxC,IAAI,EAAE;wBACJ,KAAK;wBACL,OAAO;wBACP,YAAY;wBACZ,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS;qBACV;iBACF,CAAC,CAAA;aACH;YAED,OAAM;SACP;QAED,MAAM,IAAA,8BAAa,EAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;QAE7C,IAAI,OAAO,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAC9C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;QAE/B,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;QAExB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;SACH;KACF;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACnE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE;QACxB,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;QAEtD,OAAM;KACP;IAED,IAAI,OAAO,GAAG,MAAM,IAAA,wBAAU,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE;QACX,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAE/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;KAChC;IAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO,EAAE,CAAC,CAAC,6BAA6B,CAAC;gBACzC,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;KACH;AACH,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { getRepository, getSiteRootPath } from '@things-factory/shell'\n\nimport { resendInvitationEmail } from '../controllers/invitation'\nimport { resetPassword, sendPasswordResetEmail } from '../controllers/reset-password'\nimport { unlockUser } from '../controllers/unlock-user'\nimport { resendVerificationEmail, verify } from '../controllers/verification'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authPublicProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPublicProcessRouter.post('/join', async (context, next) => {\n const { email } = context.request.body || {}\n\n const user: User = await getRepository(User).findOneBy({\n email\n })\n\n if (user) {\n context.redirect(`/auth/signin?email=${email}`)\n } else {\n context.redirect(`/auth/signup?email=${email}`)\n }\n})\n\nauthPublicProcessRouter.all('/signout', async (context, next) => {\n const { header, t } = context\n clearAccessTokenCookie(context)\n\n context.body = t('text.signout successfully')\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n context.redirect(getSiteRootPath(context))\n }\n})\n\nauthPublicProcessRouter.get('/forgot-password', async (context, next) => {\n const { email } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'forgot-password',\n elementScript: '/auth/forgot-password.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/reset-password', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/unlock-user', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'unlock-user',\n elementScript: '/auth/unlock-user.js',\n data: {\n token,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/activate/:email', async (context, next) => {\n const { email } = context.params\n\n await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/verify/:token', async (context, next) => {\n const { header, t } = context\n var token = context.params.token\n\n await verify(token)\n\n var message = t('text.user activated successfully')\n\n context.body = message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n\nauthPublicProcessRouter.post('/resend-verification-email', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n var succeed = await resendVerificationEmail(email, context)\n var message = t('text.verification email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/resend-invitation-email', async (context, next) => {\n const { t } = context\n const { email, reference, type } = context.request.body\n\n var succeed = await resendInvitationEmail(\n {\n email,\n reference,\n type\n },\n context\n )\n\n var message = t('text.invitation email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/forgot-password', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n if (!email) return next()\n\n const userRepo = getRepository(User)\n const user = await userRepo.findOne({\n where: {\n email\n }\n })\n\n const succeed = await sendPasswordResetEmail({\n user,\n context\n })\n\n if (succeed) {\n context.status = 200\n context.body = t('text.password reset email sent')\n }\n})\n\nauthPublicProcessRouter.post('/reset-password', async (context, next) => {\n const { header, t } = context\n\n try {\n const { password, token } = context.request.body\n\n if (!(token && password)) {\n let message = t('error.token or password is invalid')\n\n context.status = 404\n context.body = {\n message\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n message,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n\n return\n }\n\n await resetPassword(token, password, context)\n\n var message = t('text.password reset succeed')\n context.body = message\n\n clearAccessTokenCookie(context)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n } catch (e) {\n context.status = 404\n context.body = e.message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: e.message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n }\n})\n\nauthPublicProcessRouter.post('/unlock-user', async (context, next) => {\n const { header, t } = context\n const { password, token } = context.request.body\n\n if (!(token || password)) {\n context.status = 404\n context.body = t('error.token or password is invalid')\n\n return\n }\n\n var succeed = await unlockUser(token, password)\n\n if (succeed) {\n context.body = t('text.password reset succeed')\n\n clearAccessTokenCookie(context)\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: t('text.account is reactivated'),\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n"]}
1
+ {"version":3,"file":"auth-public-process-router.js","sourceRoot":"","sources":["../../server/router/auth-public-process-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAAsE;AAEtE,0DAAiE;AACjE,kEAAqF;AACrF,4DAAuD;AACvD,8DAA6E;AAC7E,+CAA2C;AAC3C,8CAA0C;AAC1C,sEAAqE;AAErE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AACrD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,uBAAuB,GAAG,IAAI,oBAAM,CAAC;IAChD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;IAE5C,MAAM,IAAI,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACrD,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;IACjD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,QAAQ,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAA;IACjD,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;IAE/B,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAA;IAE7C,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,QAAQ,CAAC,IAAA,uBAAe,EAAC,OAAO,CAAC,CAAC,CAAA;IAC5C,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,iBAAiB;QAC9B,aAAa,EAAE,0BAA0B;QACzC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,gBAAgB;QAC7B,aAAa,EAAE,yBAAyB;QACxC,IAAI,EAAE;YACJ,KAAK;YACL,YAAY;YACZ,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAA;IAEvC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,sBAAsB;QACrC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAEhC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,eAAe;QAC5B,aAAa,EAAE,mBAAmB;QAClC,IAAI,EAAE;YACJ,KAAK;YACL,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACpE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,IAAI,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAA;IAEhC,MAAM,IAAA,qBAAM,EAAC,KAAK,CAAC,CAAA;IAEnB,IAAI,OAAO,GAAG,CAAC,CAAC,kCAAkC,CAAC,CAAA;IAEnD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IAEtB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO;gBACP,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,OAAO,GAAG,MAAM,IAAA,sCAAuB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC3D,IAAI,OAAO,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IACxB,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/E,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEvD,IAAI,OAAO,GAAG,MAAM,IAAA,kCAAqB,EACvC;QACE,KAAK;QACL,SAAS;QACT,IAAI;KACL,EACD,OAAO,CACR,CAAA;IAED,IAAI,OAAO,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAA;IAE7C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;IACxB,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEtC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,EAAE,CAAA;IAEzB,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QAClC,KAAK,EAAE;YACL,KAAK;SACN;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,MAAM,IAAA,uCAAsB,EAAC;QAC3C,IAAI;QACJ,OAAO;KACR,CAAC,CAAA;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gCAAgC,CAAC,CAAA;IACpD,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAE7B,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAI,OAAO,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;YAErD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACpB,OAAO,CAAC,IAAI,GAAG;gBACb,OAAO;aACR,CAAA;YAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBAChC,WAAW,EAAE,gBAAgB;oBAC7B,aAAa,EAAE,yBAAyB;oBACxC,IAAI,EAAE;wBACJ,KAAK;wBACL,OAAO;wBACP,YAAY;wBACZ,wBAAwB;wBACxB,0BAA0B;wBAC1B,SAAS;qBACV;iBACF,CAAC,CAAA;YACJ,CAAC;YAED,OAAM;QACR,CAAC;QAED,MAAM,IAAA,8BAAa,EAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;QAE7C,IAAI,OAAO,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAC9C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;QAE/B,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;QAExB,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,+BAAuB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACnE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC7B,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEhD,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;QAEtD,OAAM;IACR,CAAC;IAED,IAAI,OAAO,GAAG,MAAM,IAAA,wBAAU,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAE/C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;QAE/C,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAA;IACjC,CAAC;IAED,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,OAAO,EAAE,CAAC,CAAC,6BAA6B,CAAC;gBACzC,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { getRepository, getSiteRootPath } from '@things-factory/shell'\n\nimport { resendInvitationEmail } from '../controllers/invitation'\nimport { resetPassword, sendPasswordResetEmail } from '../controllers/reset-password'\nimport { unlockUser } from '../controllers/unlock-user'\nimport { resendVerificationEmail, verify } from '../controllers/verification'\nimport { User } from '../service/user/user'\nimport { accepts } from '../utils/accepts'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authPublicProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPublicProcessRouter.post('/join', async (context, next) => {\n const { email } = context.request.body || {}\n\n const user: User = await getRepository(User).findOneBy({\n email\n })\n\n if (user) {\n context.redirect(`/auth/signin?email=${email}`)\n } else {\n context.redirect(`/auth/signup?email=${email}`)\n }\n})\n\nauthPublicProcessRouter.all('/signout', async (context, next) => {\n const { header, t } = context\n clearAccessTokenCookie(context)\n\n context.body = t('text.signout successfully')\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n context.redirect(getSiteRootPath(context))\n }\n})\n\nauthPublicProcessRouter.get('/forgot-password', async (context, next) => {\n const { email } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'forgot-password',\n elementScript: '/auth/forgot-password.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/reset-password', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/unlock-user', async (context, next) => {\n const { token } = context.request.query\n\n await context.render('auth-page', {\n pageElement: 'unlock-user',\n elementScript: '/auth/unlock-user.js',\n data: {\n token,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/activate/:email', async (context, next) => {\n const { email } = context.params\n\n await context.render('auth-page', {\n pageElement: 'auth-activate',\n elementScript: '/auth/activate.js',\n data: {\n email,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthPublicProcessRouter.get('/verify/:token', async (context, next) => {\n const { header, t } = context\n var token = context.params.token\n\n await verify(token)\n\n var message = t('text.user activated successfully')\n\n context.body = message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n\nauthPublicProcessRouter.post('/resend-verification-email', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n var succeed = await resendVerificationEmail(email, context)\n var message = t('text.verification email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/resend-invitation-email', async (context, next) => {\n const { t } = context\n const { email, reference, type } = context.request.body\n\n var succeed = await resendInvitationEmail(\n {\n email,\n reference,\n type\n },\n context\n )\n\n var message = t('text.invitation email sent')\n\n if (succeed) {\n context.status = 200\n context.body = message\n }\n})\n\nauthPublicProcessRouter.post('/forgot-password', async (context, next) => {\n const { t } = context\n const { email } = context.request.body\n\n if (!email) return next()\n\n const userRepo = getRepository(User)\n const user = await userRepo.findOne({\n where: {\n email\n }\n })\n\n const succeed = await sendPasswordResetEmail({\n user,\n context\n })\n\n if (succeed) {\n context.status = 200\n context.body = t('text.password reset email sent')\n }\n})\n\nauthPublicProcessRouter.post('/reset-password', async (context, next) => {\n const { header, t } = context\n\n try {\n const { password, token } = context.request.body\n\n if (!(token && password)) {\n let message = t('error.token or password is invalid')\n\n context.status = 404\n context.body = {\n message\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'reset-password',\n elementScript: '/auth/reset-password.js',\n data: {\n token,\n message,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n\n return\n }\n\n await resetPassword(token, password, context)\n\n var message = t('text.password reset succeed')\n context.body = message\n\n clearAccessTokenCookie(context)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n } catch (e) {\n context.status = 404\n context.body = e.message\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: e.message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n }\n})\n\nauthPublicProcessRouter.post('/unlock-user', async (context, next) => {\n const { header, t } = context\n const { password, token } = context.request.body\n\n if (!(token || password)) {\n context.status = 404\n context.body = t('error.token or password is invalid')\n\n return\n }\n\n var succeed = await unlockUser(token, password)\n\n if (succeed) {\n context.body = t('text.password reset succeed')\n\n clearAccessTokenCookie(context)\n }\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message: t('text.account is reactivated'),\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n})\n"]}
package/dist-server/router/auth-signin-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-signin-router.js","sourceRoot":"","sources":["../../server/router/auth-signin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,gDAAiD;AACjD,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAS,CAAC,CAAA;AAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;KACtC,MAAM,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC;KAC1C,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;IACvB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AACxB,CAAC,CAAC,CAAA;AAES,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC3D,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE5C,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,iBAAiB;QAChC,IAAI,EAAE;YACJ,KAAK;YACL,UAAU,EAAE,WAAW;YACvB,QAAQ,EAAE,QAAQ;YAClB,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,8BAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC7C,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAEzC,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;QACjD,OAAO,CAAC,IAAI,GAAG,KAAK,CAAA;QACpB,OAAM;KACP;IAED,IAAI,UAAU,GAAG,gBAAgB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,kBAAkB,CACrG,OAAO,CAAC,UAAU,IAAI,GAAG,CAC1B,EAAE,CAAA;IAEH,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAEpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;AAC9B,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { signinMiddleware } from '../middlewares'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst SSOConfig = config.get('sso', {} as any)\nconst SSOLinks = Object.values(SSOConfig)\n .filter(({ link, title }) => link && title)\n .map(({ link, title }) => {\n return { link, title }\n })\n\nexport const authSigninRouter = new Router()\n\nauthSigninRouter.get('/auth/signin', async (context, next) => {\n const { redirect_to, email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signin',\n elementScript: '/auth/signin.js',\n data: {\n email,\n redirectTo: redirect_to,\n ssoLinks: SSOLinks,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {\n const { request, t } = context\n const { token, user, domain } = context.state\n const { body: reqBody, header } = request\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n context.body = token\n return\n }\n\n var redirectTo = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(\n reqBody.redirectTo || '/'\n )}`\n\n setAccessTokenCookie(context, token)\n\n context.redirect(redirectTo)\n})\n"]}
1
+ {"version":3,"file":"auth-signin-router.js","sourceRoot":"","sources":["../../server/router/auth-signin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,gDAAiD;AACjD,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAS,CAAC,CAAA;AAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;KACtC,MAAM,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC;KAC1C,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;IACvB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AACxB,CAAC,CAAC,CAAA;AAES,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC3D,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE5C,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAChC,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,iBAAiB;QAChC,IAAI,EAAE;YACJ,KAAK;YACL,UAAU,EAAE,WAAW;YACvB,QAAQ,EAAE,QAAQ;YAClB,wBAAwB;YACxB,0BAA0B;YAC1B,SAAS;SACV;KACF,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,8BAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC7C,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAEzC,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,GAAG,KAAK,CAAA;QACpB,OAAM;IACR,CAAC;IAED,IAAI,UAAU,GAAG,gBAAgB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,kBAAkB,CACrG,OAAO,CAAC,UAAU,IAAI,GAAG,CAC1B,EAAE,CAAA;IAEH,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAEpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;AAC9B,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { signinMiddleware } from '../middlewares'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst SSOConfig = config.get('sso', {} as any)\nconst SSOLinks = Object.values(SSOConfig)\n .filter(({ link, title }) => link && title)\n .map(({ link, title }) => {\n return { link, title }\n })\n\nexport const authSigninRouter = new Router()\n\nauthSigninRouter.get('/auth/signin', async (context, next) => {\n const { redirect_to, email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signin',\n elementScript: '/auth/signin.js',\n data: {\n email,\n redirectTo: redirect_to,\n ssoLinks: SSOLinks,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n})\n\nauthSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {\n const { request, t } = context\n const { token, user, domain } = context.state\n const { body: reqBody, header } = request\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n context.body = token\n return\n }\n\n var redirectTo = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(\n reqBody.redirectTo || '/'\n )}`\n\n setAccessTokenCookie(context, token)\n\n context.redirect(redirectTo)\n})\n"]}
package/dist-server/router/auth-signup-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-signup-router.js","sourceRoot":"","sources":["../../server/router/auth-signup-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAE5C,kDAA8C;AAC9C,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,IAAI,CAAC,wBAAwB,EAAE;IAC7B,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE/B,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC5D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEjC,QAAQ;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,eAAM,kCAEvB,IAAI,KACP,OAAO;YACP,MAAM,KAER,IAAI,CACL,CAAA;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;QACtD,OAAO,CAAC,IAAI,GAAG;YACb,OAAO;YACP,KAAK;SACN,CAAA;QAED,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAEpC,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;SACH;QACD,gBAAgB;QAChB,yBAAyB;QACzB,6BAA6B;QAE7B,wDAAwD;QACxD,0CAA0C;QAC1C,oCAAoC;QACpC,0CAA0C;QAC1C,gBAAgB;QAChB,iFAAiF;QACjF,uBAAuB;QACvB,UAAU;QACV,SAAS;QACT,MAAM;QACN,IAAI;IACN,CAAC,CAAC,CAAA;CACH","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\n\nimport { signup } from '../controllers/signup'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authSignupRouter = new Router()\n\nif (!disableUserSignupProcess) {\n authSignupRouter.get('/auth/signup', async (context, next) => {\n const { email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n email,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n })\n\n authSignupRouter.post('/auth/signup', async (context, next) => {\n const { header, t } = context\n const { domain } = context.state\n const user = context.request.body\n\n // try {\n const { token } = await signup(\n {\n ...user,\n context,\n domain\n },\n true\n )\n\n const message = t('text.user registered successfully')\n context.body = {\n message,\n token\n }\n\n setAccessTokenCookie(context, token)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n // } catch (e) {\n // context.status = 401\n // context.body = e.message\n\n // if (accepts(header.accept, ['text/html', '*/*'])) {\n // await context.render('auth-page', {\n // pageElement: 'auth-signup',\n // elementScript: '/auth/signup.js',\n // data: {\n // message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,\n // passwordRule\n // }\n // })\n // }\n // }\n })\n}\n"]}
1
+ {"version":3,"file":"auth-signup-router.js","sourceRoot":"","sources":["../../server/router/auth-signup-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAE5C,kDAA8C;AAC9C,8CAA0C;AAC1C,sEAAmE;AAEnE,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,IAAI,CAAC,wBAAwB,EAAE,CAAC;IAC9B,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE/B,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC5D,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEjC,QAAQ;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,eAAM,kCAEvB,IAAI,KACP,OAAO;YACP,MAAM,KAER,IAAI,CACL,CAAA;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;QACtD,OAAO,CAAC,IAAI,GAAG;YACb,OAAO;YACP,KAAK;SACN,CAAA;QAED,IAAA,0CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAEpC,IAAI,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;QACD,gBAAgB;QAChB,yBAAyB;QACzB,6BAA6B;QAE7B,wDAAwD;QACxD,0CAA0C;QAC1C,oCAAoC;QACpC,0CAA0C;QAC1C,gBAAgB;QAChB,iFAAiF;QACjF,uBAAuB;QACvB,UAAU;QACV,SAAS;QACT,MAAM;QACN,IAAI;IACN,CAAC,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\n\nimport { signup } from '../controllers/signup'\nimport { accepts } from '../utils/accepts'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authSignupRouter = new Router()\n\nif (!disableUserSignupProcess) {\n authSignupRouter.get('/auth/signup', async (context, next) => {\n const { email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n email,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n })\n\n authSignupRouter.post('/auth/signup', async (context, next) => {\n const { header, t } = context\n const { domain } = context.state\n const user = context.request.body\n\n // try {\n const { token } = await signup(\n {\n ...user,\n context,\n domain\n },\n true\n )\n\n const message = t('text.user registered successfully')\n context.body = {\n message,\n token\n }\n\n setAccessTokenCookie(context, token)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n // } catch (e) {\n // context.status = 401\n // context.body = e.message\n\n // if (accepts(header.accept, ['text/html', '*/*'])) {\n // await context.render('auth-page', {\n // pageElement: 'auth-signup',\n // elementScript: '/auth/signup.js',\n // data: {\n // message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,\n // passwordRule\n // }\n // })\n // }\n // }\n })\n}\n"]}
package/dist-server/router/oauth2/oauth2-authorize-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AACrD,6CAA4C;AAE5C,uEAAmE;AACnE,mDAAwE;AAE3D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,sBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,yBAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,yBAAS,CAAC,EAAE,EAAE;QACrC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;KACxD;IAED,IAAI;QACF,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,kCACD,MAAM,KACT,IAAI,EAAE;wBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;wBACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;qBACzB,GACF;gBACD,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;QACF,uCAAuC;QACvC,oBAAoB;QACpB,2HAA2H;QAC3H,oBAAoB;QACpB,KAAK;KACN;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { getRepository } from '@things-factory/shell'\nimport { config } from '@things-factory/env'\n\nimport { Application } from '../../service/application/application'\nimport { NonClient, server as oauth2orizeServer } from './oauth2-server'\n\nexport const oauth2AuthorizeRouter = new Router()\n\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\n// user authorization endpoint\n//\n// `authorization` middleware accepts a `validate` callback which is\n// responsible for validating the client making the authorization request. In\n// doing so, is recommended that the `redirectURI` be checked against a\n// registered value, although security requirements may vary accross\n// implementations. Once validated, the `done` callback must be invoked with\n// a `client` instance, as well as the `redirectURI` to which the user will be\n// redirected after an authorization decision is obtained.\n//\n// This middleware simply initializes a new authorization transaction. It is\n// the application's responsibility to authenticate the user and render a dialog\n// to obtain their approval (displaying details about the client requesting\n// authorization). We accomplish that here by routing through `ensureLoggedIn()`\n// first, and rendering the `dialog` view.\n\noauth2AuthorizeRouter.get(\n '/authorize',\n oauth2orizeServer.authorize(async function (clientID, redirectURI) {\n const client = await getRepository(Application).findOneBy({\n appKey: clientID\n })\n // CONFIRM-ME redirectUrl 의 허용 범위는 ?\n // if (!client.redirectUrl != redirectURI) {\n // return false\n // }\n\n return [client || NonClient, redirectURI]\n }),\n async function (context, next) {\n const { oauth2, user, domain } = context.state\n\n let pageElement: string = 'oauth2-decision'\n let elementScript: string = '/oauth2/oauth2-decision-page.js'\n\n if (oauth2.client.id === NonClient.id) {\n pageElement = 'oauth2-decision-error'\n elementScript = '/oauth2/oauth2-decision-error-page.js'\n }\n\n try {\n await context.render('oauth2-page', {\n pageElement,\n elementScript,\n data: {\n domain,\n oauth2: {\n ...oauth2,\n user: {\n id: oauth2.user.id,\n name: oauth2.user.name,\n email: oauth2.user.email\n }\n },\n disableUserFavoredLanguage,\n languages\n }\n })\n // await context.render(decisionPage, {\n // domain: domain,\n // ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals\n // availableScopes\n // })\n } catch (e) {\n throw e\n }\n }\n)\n"]}
1
+ {"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AACrD,6CAA4C;AAE5C,uEAAmE;AACnE,mDAAwE;AAE3D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,sBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,yBAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,yBAAS,CAAC,EAAE,EAAE,CAAC;QACtC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,kCACD,MAAM,KACT,IAAI,EAAE;wBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;wBACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;qBACzB,GACF;gBACD,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;QACF,uCAAuC;QACvC,oBAAoB;QACpB,2HAA2H;QAC3H,oBAAoB;QACpB,KAAK;IACP,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { getRepository } from '@things-factory/shell'\nimport { config } from '@things-factory/env'\n\nimport { Application } from '../../service/application/application'\nimport { NonClient, server as oauth2orizeServer } from './oauth2-server'\n\nexport const oauth2AuthorizeRouter = new Router()\n\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\n// user authorization endpoint\n//\n// `authorization` middleware accepts a `validate` callback which is\n// responsible for validating the client making the authorization request. In\n// doing so, is recommended that the `redirectURI` be checked against a\n// registered value, although security requirements may vary accross\n// implementations. Once validated, the `done` callback must be invoked with\n// a `client` instance, as well as the `redirectURI` to which the user will be\n// redirected after an authorization decision is obtained.\n//\n// This middleware simply initializes a new authorization transaction. It is\n// the application's responsibility to authenticate the user and render a dialog\n// to obtain their approval (displaying details about the client requesting\n// authorization). We accomplish that here by routing through `ensureLoggedIn()`\n// first, and rendering the `dialog` view.\n\noauth2AuthorizeRouter.get(\n '/authorize',\n oauth2orizeServer.authorize(async function (clientID, redirectURI) {\n const client = await getRepository(Application).findOneBy({\n appKey: clientID\n })\n // CONFIRM-ME redirectUrl 의 허용 범위는 ?\n // if (!client.redirectUrl != redirectURI) {\n // return false\n // }\n\n return [client || NonClient, redirectURI]\n }),\n async function (context, next) {\n const { oauth2, user, domain } = context.state\n\n let pageElement: string = 'oauth2-decision'\n let elementScript: string = '/oauth2/oauth2-decision-page.js'\n\n if (oauth2.client.id === NonClient.id) {\n pageElement = 'oauth2-decision-error'\n elementScript = '/oauth2/oauth2-decision-error-page.js'\n }\n\n try {\n await context.render('oauth2-page', {\n pageElement,\n elementScript,\n data: {\n domain,\n oauth2: {\n ...oauth2,\n user: {\n id: oauth2.user.id,\n name: oauth2.user.name,\n email: oauth2.user.email\n }\n },\n disableUserFavoredLanguage,\n languages\n }\n })\n // await context.render(decisionPage, {\n // domain: domain,\n // ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals\n // availableScopes\n // })\n } catch (e) {\n throw e\n }\n }\n)\n"]}
package/dist-server/router/oauth2/oauth2-router.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,mDAA6D;AAC7D,uEAAmE;AACnE,kDAA0D;AAC1D,yEAAsE;AACtE,uDAA+C;AAC/C,mDAA6D;AAC7D,uFAAsF;AAUzE,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,0CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,yBAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE;YAC/C,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;SACP;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,uCAAyB,EACzB,IAAA,qBAAO,EACL,sBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,sBAAiB,CAAC,KAAK,EAAE,EACzB,sBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;;IAC1D,MAAM,YAAY,GAAuB,MAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,0CAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACpE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI;QACF,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,0CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;KACzB;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE;QACzB,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;KAChE;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI;QACF,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE5B,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE;YACjD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;SACpC;aAAM;YACL,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,iBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACrC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CAAC,CAAA","sourcesContent":["import jwt from 'jsonwebtoken'\nimport compose from 'koa-compose'\nimport passport from 'koa-passport'\nimport Router from 'koa-router'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { jwtAuthenticateMiddleware } from '../../middlewares'\nimport { Application } from '../../service/application/application'\nimport { User, UserStatus } from '../../service/user/user'\nimport { setAccessTokenCookie } from '../../utils/access-token-cookie'\nimport { SECRET } from '../../utils/get-secret'\nimport { server as oauth2orizeServer } from './oauth2-server'\nimport { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password'\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n oauthDisconnect: (user: User) => Promise<void>\n }\n }\n}\n\nexport const oauth2Router = new Router()\n\npassport.use(\n 'oauth2-client-password',\n new ClientPasswordStrategy({}, (clientId, clientSecret, done) => {\n getRepository(Application)\n .findOneBy({\n appKey: clientId\n })\n .then(client => {\n if (!client || client.appSecret != clientSecret) {\n done(null, false)\n return\n }\n\n done(null, client)\n })\n .catch(err => done(err))\n })\n)\n\n// user decision endpoint\n//\n// `decision` middleware processes a user's decision to allow or deny access\n// requested by a client application. Based on the grant type requested by the\n// client, the above grant middleware configured above will be invoked to send\n// a response.\n\noauth2Router.post(\n '/decision',\n jwtAuthenticateMiddleware,\n compose(\n oauth2orizeServer.decision(async function (context) {\n const { request } = context\n\n return request.body\n })\n )\n)\n\n// token endpoint\n//\n// `token` middleware handles client requests to exchange authorization grants\n// for access tokens. Based on the grant type being exchanged, the above\n// exchange middleware will be invoked to handle the request. Clients must\n// authenticate when making requests to this endpoint.\n\noauth2Router.post(\n '/access-token',\n passport.authenticate('oauth2-client-password', { session: false }),\n oauth2orizeServer.token(),\n oauth2orizeServer.errorHandler()\n)\n\noauth2Router.post('/refresh-token', async (context, next) => {\n const refreshToken: string | undefined = context.request?.body?.refreshToken\n if (!refreshToken) throw new Error('Missing refresh token')\n\n const appUser: User | undefined = await getRepository(User).findOneBy({\n password: refreshToken\n })\n\n if (!appUser) throw new Error('App user is not found')\n\n try {\n jwt.verify(refreshToken, SECRET)\n const decoded = jwt.decode(refreshToken) as any\n const subdomain: string = decoded.domain.subdomain\n const domain: Domain | undefined = await getRepository(Domain).findOne({\n where: { subdomain }\n })\n if (!domain) throw new Error('Domain is not found')\n const appKey: string = decoded.application.appKey\n const scopes: any[] = decoded.scope\n\n const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)\n const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)\n\n appUser.password = newRefreshToken\n await getRepository(User).save(appUser)\n\n setAccessTokenCookie(context, newAccessToken)\n\n context.body = {\n accessToken: newAccessToken,\n refreshToken: newRefreshToken\n }\n } catch (e) {\n context.status = 401\n context.body = e.message\n }\n})\n\noauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const { name, description, email, userType: type, locale } = user\n const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {}\n\n var application = {}\n if (type == 'application') {\n /* user entity에 reference 필드가 추가되기 전까지, appKey취득 방법임. */\n application['appKey'] = email.substr(0, email.lastIndexOf('@'))\n }\n\n context.body = {\n profile: {\n name,\n description,\n email,\n type /* (admin|user|application|appliance) */,\n domain: {\n name: domainName,\n subdomain,\n brandName,\n brandImage,\n contentImage,\n timezone\n },\n application\n }\n }\n})\n\noauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next) => {\n try {\n let { user } = context.state\n\n if (typeof process.oauthDisconnect === 'function') {\n await process.oauthDisconnect(user)\n } else {\n user.domains = []\n user.roles = []\n user.status = UserStatus.DELETED\n await getRepository(User).save(user)\n }\n context.status = 200\n context.body = 'ok'\n } catch (e) {\n throw e\n }\n})\n"]}
1
+ {"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,mDAA6D;AAC7D,uEAAmE;AACnE,kDAA0D;AAC1D,yEAAsE;AACtE,uDAA+C;AAC/C,mDAA6D;AAC7D,uFAAsF;AAUzE,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,0CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,yBAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,uCAAyB,EACzB,IAAA,qBAAO,EACL,sBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,sBAAiB,CAAC,KAAK,EAAE,EACzB,sBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;;IAC1D,MAAM,YAAY,GAAuB,MAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,0CAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACpE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI,CAAC;QACH,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,0CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;IAC1B,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE,CAAC;QAC1B,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;IACjE,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI,CAAC;QACH,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE5B,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YAClD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;QACrC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,iBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtC,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;IACrB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import jwt from 'jsonwebtoken'\nimport compose from 'koa-compose'\nimport passport from 'koa-passport'\nimport Router from 'koa-router'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { jwtAuthenticateMiddleware } from '../../middlewares'\nimport { Application } from '../../service/application/application'\nimport { User, UserStatus } from '../../service/user/user'\nimport { setAccessTokenCookie } from '../../utils/access-token-cookie'\nimport { SECRET } from '../../utils/get-secret'\nimport { server as oauth2orizeServer } from './oauth2-server'\nimport { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password'\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n oauthDisconnect: (user: User) => Promise<void>\n }\n }\n}\n\nexport const oauth2Router = new Router()\n\npassport.use(\n 'oauth2-client-password',\n new ClientPasswordStrategy({}, (clientId, clientSecret, done) => {\n getRepository(Application)\n .findOneBy({\n appKey: clientId\n })\n .then(client => {\n if (!client || client.appSecret != clientSecret) {\n done(null, false)\n return\n }\n\n done(null, client)\n })\n .catch(err => done(err))\n })\n)\n\n// user decision endpoint\n//\n// `decision` middleware processes a user's decision to allow or deny access\n// requested by a client application. Based on the grant type requested by the\n// client, the above grant middleware configured above will be invoked to send\n// a response.\n\noauth2Router.post(\n '/decision',\n jwtAuthenticateMiddleware,\n compose(\n oauth2orizeServer.decision(async function (context) {\n const { request } = context\n\n return request.body\n })\n )\n)\n\n// token endpoint\n//\n// `token` middleware handles client requests to exchange authorization grants\n// for access tokens. Based on the grant type being exchanged, the above\n// exchange middleware will be invoked to handle the request. Clients must\n// authenticate when making requests to this endpoint.\n\noauth2Router.post(\n '/access-token',\n passport.authenticate('oauth2-client-password', { session: false }),\n oauth2orizeServer.token(),\n oauth2orizeServer.errorHandler()\n)\n\noauth2Router.post('/refresh-token', async (context, next) => {\n const refreshToken: string | undefined = context.request?.body?.refreshToken\n if (!refreshToken) throw new Error('Missing refresh token')\n\n const appUser: User | undefined = await getRepository(User).findOneBy({\n password: refreshToken\n })\n\n if (!appUser) throw new Error('App user is not found')\n\n try {\n jwt.verify(refreshToken, SECRET)\n const decoded = jwt.decode(refreshToken) as any\n const subdomain: string = decoded.domain.subdomain\n const domain: Domain | undefined = await getRepository(Domain).findOne({\n where: { subdomain }\n })\n if (!domain) throw new Error('Domain is not found')\n const appKey: string = decoded.application.appKey\n const scopes: any[] = decoded.scope\n\n const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)\n const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)\n\n appUser.password = newRefreshToken\n await getRepository(User).save(appUser)\n\n setAccessTokenCookie(context, newAccessToken)\n\n context.body = {\n accessToken: newAccessToken,\n refreshToken: newRefreshToken\n }\n } catch (e) {\n context.status = 401\n context.body = e.message\n }\n})\n\noauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const { name, description, email, userType: type, locale } = user\n const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {}\n\n var application = {}\n if (type == 'application') {\n /* user entity에 reference 필드가 추가되기 전까지, appKey취득 방법임. */\n application['appKey'] = email.substr(0, email.lastIndexOf('@'))\n }\n\n context.body = {\n profile: {\n name,\n description,\n email,\n type /* (admin|user|application|appliance) */,\n domain: {\n name: domainName,\n subdomain,\n brandName,\n brandImage,\n contentImage,\n timezone\n },\n application\n }\n }\n})\n\noauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next) => {\n try {\n let { user } = context.state\n\n if (typeof process.oauthDisconnect === 'function') {\n await process.oauthDisconnect(user)\n } else {\n user.domains = []\n user.roles = []\n user.status = UserStatus.DELETED\n await getRepository(User).save(user)\n }\n context.status = 200\n context.body = 'ok'\n } catch (e) {\n throw e\n }\n})\n"]}
package/dist-server/router/oauth2/oauth2-server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-server.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-server.ts"],"names":[],"mappings":";;;;AAAA,8EAAyC;AACzC,qCAAmC;AAEnC,6CAA4C;AAC5C,iDAA6D;AAE7D,uEAAmE;AACnE,kDAA8C;AAC9C,kDAA0D;AAE1D,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEnB,QAAA,QAAQ,GAAG,UAAU,CAAA;AACrB,QAAA,SAAS,GAAG;IACvB,EAAE,EAAE,gBAAQ;CACb,CAAA;AAED,0BAA0B;AACb,QAAA,MAAM,GAAG,yBAAW,CAAC,YAAY,EAAE,CAAA;AAEhD,2DAA2D;AAC3D,EAAE;AACF,oEAAoE;AACpE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,sCAAsC;AAEtC,cAAM,CAAC,eAAe,CAAC,KAAK,WAAW,MAAM;IAC3C,OAAO,MAAM,CAAC,EAAE,CAAA;AAClB,CAAC,CAAC,CAAA;AAEF,cAAM,CAAC,iBAAiB,CAAC,KAAK,WAAW,EAAE;IACzC,IAAI,EAAE,IAAI,gBAAQ,EAAE;QAClB,OAAO,EAAE,CAAA;KACV;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IACtE,OAAO,WAAW,CAAA;AACpB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,iCAAiC;AAEjC,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,6EAA6E;AAC7E,2EAA2E;AAC3E,qDAAqD;AAErD,cAAM,CAAC,KAAK,CACV,yBAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;IAExD,OAAO,yBAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;AAC9E,CAAC,CAAC,CACH,CAAA;AAED,4EAA4E;AAC5E,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,QAAQ;AAER,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE;IAC5D,IAAI;QACF,wBAAwB;QACxB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;KACpD;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,KAAK,CAAA;KACb;IACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAElD,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,OAAO,KAAK,CAAA;KACb;IAED,sCAAsC;IACtC,sGAAsG;IACtG,kBAAkB;IAClB,wFAAwF;IACxF,mBAAmB;IACnB,8BAA8B;IAC9B,MAAM;IACN,oBAAoB;IACpB,yBAAyB;IACzB,uIAAuI;IACvI,MAAM;IACN,IAAI;IAEJ,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAElF,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,IAAI,SAAS,EAAE,CAAA;IAE1D,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QAED,SAAS,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACnC,CAAC,OAAO,IAAI,EAAE,CAAC,KAClB,KAAK,EAAE,YAAY,EACnB,IAAI,EAAE,WAAW,CAAC,IAAI,EACtB,QAAQ,EAAE,aAAa,EACvB,SAAS,EAAE,WAAW,CAAC,EAAE,EACzB,OAAO,EAAE,CAAC,MAAM,CAAC,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,iBAAU,CAAC,SAAS,EAC5B,OAAO,EAAE,OAAO,EAChB,OAAO,IACP,CAAA;IAEF,gDAAgD;IAChD,2CAA2C;IAC3C,2BAA2B;IAC3B,KAAK;IAEL,8CAA8C;IAC9C,0CAA0C;IAC1C,yEAAyE;IACzE,qEAAqE;IAErE,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAClF,IAAI,YAAY,GAAG,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAEpF,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;SACpB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA;AAED,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE;IACtE,IAAI;QACF,mBAAmB;QACnB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;KAC5D;IAAC,OAAO,CAAC,EAAE;QACV,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,OAAO,KAAK,CAAA;KACb;IACD,MAAM,EACJ,EAAE,EACF,QAAQ,EACR,KAAK,EACL,WAAW,EAAE,EAAE,MAAM,EAAE,EACvB,MAAM,EAAE,EAAE,SAAS,EAAE,EACrB,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,UAAU,EAChB,GAAG,OAAO,CAAA;IAEX,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,EAAE;QAClC,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACxD,EAAE;QACF,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAE7C,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QACD,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;KAC5C,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE;QACZ,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;KACb;IAED;;OAEG;IAEH,KAAK,GAAG,KAAK,IAAI,aAAa,CAAA;IAE9B,MAAM,MAAM,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,cAAc,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,eAAe,EAAE;QACnB,YAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,YAAY,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAA;KACb;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,MAAM,CAAC;QAC7C,IAAI,EAAE,IAAA,YAAE,EAAC,MAAM,CAAC;QAChB,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;KAC1B,CAAC,CAAA;IAEF,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IACjF,IAAI,YAAY,GAAQ,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IAExF,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,KAAK,EACL,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;SACrB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA","sourcesContent":["import oauth2orize from 'oauth2orize-koa'\nimport { ILike, In } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { Application } from '../../service/application/application'\nimport { Role } from '../../service/role/role'\nimport { User, UserStatus } from '../../service/user/user'\n\nconst crypto = require('crypto')\n\nexport const NOTFOUND = 'NOTFOUND'\nexport const NonClient = {\n id: NOTFOUND\n}\n\n// create OAuth 2.0 server\nexport const server = oauth2orize.createServer()\n\n// Register serialialization and deserialization functions.\n//\n// When a client redirects a user to user authorization endpoint, an\n// authorization transaction is initiated. To complete the transaction, the\n// user must authenticate and approve the authorization request. Because this\n// may involve multiple HTTP request/response exchanges, the transaction is\n// stored in the session.\n//\n// An application must supply serialization functions, which determine how the\n// client object is serialized into the session. Typically this will be a\n// simple matter of serializing the client's ID, and deserializing by finding\n// the client by ID from the database.\n\nserver.serializeClient(async function (client) {\n return client.id\n})\n\nserver.deserializeClient(async function (id) {\n if (id == NOTFOUND) {\n return {}\n }\n\n const application = await getRepository(Application).findOneBy({ id })\n return application\n})\n\n// Register supported grant types.\n//\n// OAuth 2.0 specifies a framework that allows users to grant client\n// applications limited access to their protected resources. It does this\n// through a process of the user granting access, and the client exchanging\n// the grant for an access token.\n\n// Grant authorization codes. The callback takes the `client` requesting\n// authorization, the `redirectURI` (which is used as a verifier in the\n// subsequent exchange), the authenticated `user` granting access, and\n// their response, which contains approved scope, duration, etc. as parsed by\n// the application. The application issues a code, which is bound to these\n// values, and will be exchanged for an access token.\n\nserver.grant(\n oauth2orize.grant.code(async (client, redirectUrl, user, ares, areq) => {\n const { email, appKey, subdomain, scopes, state } = ares\n\n return Application.generateAuthCode(email, appKey, subdomain, scopes, state)\n })\n)\n\n// Exchange authorization codes for access tokens. The callback accepts the\n// `client`, which is exchanging `code` and any `redirectURI` from the\n// authorization request for verification. If these values are validated, the\n// application issues an access token on behalf of the user who authorized the\n// code.\n\nserver.exchange(\n oauth2orize.exchange.code(async (client, code, redirectUrl) => {\n try {\n /* authorization code */\n var decoded: any = Application.verifyAuthCode(code)\n } catch (e) {\n return false\n }\n let { email, appKey, subdomain, scopes } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n return false\n }\n\n /* DONT-FORGET uncomment after test */\n // if (redirectUrl !== application.redirectUrl && redirectUrl.indexOf(application.redirectUrl) != 0) {\n // logger.error(\n // 'oauth2 exchange error - redirectUrl should begins with the application setting',\n // redirectUrl,\n // application.redirectUrl\n // )\n // // return false\n // throw new TypeError(\n // `oauth2 exchange error - redirectUrl should begins with the application setting : '${redirectUrl}':'${application.redirectUrl}'`\n // )\n // }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({ email: ILike(email) })\n\n const appuserEmail = `${crypto.randomUUID()}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n\n relations: ['domains', 'creator', 'updater']\n })\n\n appuser = await getRepository(User).save({\n ...(appuser || {}),\n email: appuserEmail,\n name: application.name,\n userType: 'application',\n reference: application.id,\n domains: [domain],\n roles: scopes,\n status: UserStatus.ACTIVATED,\n updater: creator,\n creator\n })\n\n // appuser = await getRepository(User).findOne({\n // where: { email: ILike(appuserEmail) },\n // relations: ['domains']\n // })\n\n // appuser.domains = Promise.resolve([domain])\n // await getRepository(User).save(appuser)\n // Lazy relation 필드들(domain, domains)들에 대한 업데이트. 이상의 방법으로 업데이트 해야하는 것 같다.\n // Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scopes)\n var refreshToken = Application.generateRefreshToken(domain, appuser, appKey, scopes)\n\n await getRepository(User).save({\n ...(appuser as any),\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer',\n centerId: subdomain\n }\n ]\n })\n)\n\nserver.exchange(\n oauth2orize.exchange.refreshToken(async (client, refreshToken, scope) => {\n try {\n /* refresh token */\n var decoded: any = Application.verifyAuthCode(refreshToken)\n } catch (e) {\n logger.error(e)\n return false\n }\n const {\n id,\n userType,\n email,\n application: { appKey },\n domain: { subdomain },\n scope: originalScope,\n exp: expires_in\n } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n logger.error('application is not exist')\n return false\n }\n\n if (Date.now() > expires_in * 1000) {\n logger.error('refresh token is expired')\n return false\n }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({\n id,\n userType\n })\n\n const appuserEmail = `${appKey}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n relations: ['domain', 'creator', 'updater']\n })\n\n if (!appuser) {\n logger.error('application is not bound')\n return false\n }\n\n /*\n * `scope` is the scope of access requested by the client, which must not include any scope not originally granted.\n */\n\n scope = scope || originalScope\n\n const scopes: string[] = scope.split(',')\n const originalScopes = (originalScope || '').split(',')\n const additionalScope = scopes.find(scope => originalScopes.indexOf(scope) === -1)\n if (additionalScope) {\n logger.error(`additional scope(${additionalScope}) required`)\n return false\n }\n\n const roles = await getRepository(Role).findBy({\n name: In(scopes),\n domain: { id: domain.id }\n })\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scope)\n var refreshToken: any = Application.generateRefreshToken(domain, appuser, appKey, scope)\n\n await getRepository(User).save({\n ...(appuser as any),\n roles,\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer'\n }\n ]\n })\n)\n"]}
1
+ {"version":3,"file":"oauth2-server.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-server.ts"],"names":[],"mappings":";;;;AAAA,8EAAyC;AACzC,qCAAmC;AAEnC,6CAA4C;AAC5C,iDAA6D;AAE7D,uEAAmE;AACnE,kDAA8C;AAC9C,kDAA0D;AAE1D,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEnB,QAAA,QAAQ,GAAG,UAAU,CAAA;AACrB,QAAA,SAAS,GAAG;IACvB,EAAE,EAAE,gBAAQ;CACb,CAAA;AAED,0BAA0B;AACb,QAAA,MAAM,GAAG,yBAAW,CAAC,YAAY,EAAE,CAAA;AAEhD,2DAA2D;AAC3D,EAAE;AACF,oEAAoE;AACpE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,sCAAsC;AAEtC,cAAM,CAAC,eAAe,CAAC,KAAK,WAAW,MAAM;IAC3C,OAAO,MAAM,CAAC,EAAE,CAAA;AAClB,CAAC,CAAC,CAAA;AAEF,cAAM,CAAC,iBAAiB,CAAC,KAAK,WAAW,EAAE;IACzC,IAAI,EAAE,IAAI,gBAAQ,EAAE,CAAC;QACnB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IACtE,OAAO,WAAW,CAAA;AACpB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,iCAAiC;AAEjC,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,6EAA6E;AAC7E,2EAA2E;AAC3E,qDAAqD;AAErD,cAAM,CAAC,KAAK,CACV,yBAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;IAExD,OAAO,yBAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;AAC9E,CAAC,CAAC,CACH,CAAA;AAED,4EAA4E;AAC5E,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,QAAQ;AAER,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE;IAC5D,IAAI,CAAC;QACH,wBAAwB;QACxB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAElD,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,sCAAsC;IACtC,sGAAsG;IACtG,kBAAkB;IAClB,wFAAwF;IACxF,mBAAmB;IACnB,8BAA8B;IAC9B,MAAM;IACN,oBAAoB;IACpB,yBAAyB;IACzB,uIAAuI;IACvI,MAAM;IACN,IAAI;IAEJ,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAElF,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,IAAI,SAAS,EAAE,CAAA;IAE1D,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QAED,SAAS,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACnC,CAAC,OAAO,IAAI,EAAE,CAAC,KAClB,KAAK,EAAE,YAAY,EACnB,IAAI,EAAE,WAAW,CAAC,IAAI,EACtB,QAAQ,EAAE,aAAa,EACvB,SAAS,EAAE,WAAW,CAAC,EAAE,EACzB,OAAO,EAAE,CAAC,MAAM,CAAC,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,iBAAU,CAAC,SAAS,EAC5B,OAAO,EAAE,OAAO,EAChB,OAAO,IACP,CAAA;IAEF,gDAAgD;IAChD,2CAA2C;IAC3C,2BAA2B;IAC3B,KAAK;IAEL,8CAA8C;IAC9C,0CAA0C;IAC1C,yEAAyE;IACzE,qEAAqE;IAErE,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAClF,IAAI,YAAY,GAAG,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAEpF,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;SACpB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA;AAED,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE;IACtE,IAAI,CAAC;QACH,mBAAmB;QACnB,IAAI,OAAO,GAAQ,yBAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;IAC7D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,OAAO,KAAK,CAAA;IACd,CAAC;IACD,MAAM,EACJ,EAAE,EACF,QAAQ,EACR,KAAK,EACL,WAAW,EAAE,EAAE,MAAM,EAAE,EACvB,MAAM,EAAE,EAAE,SAAS,EAAE,EACrB,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,UAAU,EAChB,GAAG,OAAO,CAAA;IAEX,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,yBAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,EAAE,CAAC;QACnC,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC;QACxD,EAAE;QACF,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAE7C,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QACD,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;KAC5C,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;OAEG;IAEH,KAAK,GAAG,KAAK,IAAI,aAAa,CAAA;IAE9B,MAAM,MAAM,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,cAAc,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,eAAe,EAAE,CAAC;QACpB,YAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,YAAY,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,MAAM,CAAC;QAC7C,IAAI,EAAE,IAAA,YAAE,EAAC,MAAM,CAAC;QAChB,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;KAC1B,CAAC,CAAA;IAEF,IAAI,WAAW,GAAG,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IACjF,IAAI,YAAY,GAAQ,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IAExF,MAAM,IAAA,qBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,KAAK,EACL,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;SACrB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA","sourcesContent":["import oauth2orize from 'oauth2orize-koa'\nimport { ILike, In } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { Application } from '../../service/application/application'\nimport { Role } from '../../service/role/role'\nimport { User, UserStatus } from '../../service/user/user'\n\nconst crypto = require('crypto')\n\nexport const NOTFOUND = 'NOTFOUND'\nexport const NonClient = {\n id: NOTFOUND\n}\n\n// create OAuth 2.0 server\nexport const server = oauth2orize.createServer()\n\n// Register serialialization and deserialization functions.\n//\n// When a client redirects a user to user authorization endpoint, an\n// authorization transaction is initiated. To complete the transaction, the\n// user must authenticate and approve the authorization request. Because this\n// may involve multiple HTTP request/response exchanges, the transaction is\n// stored in the session.\n//\n// An application must supply serialization functions, which determine how the\n// client object is serialized into the session. Typically this will be a\n// simple matter of serializing the client's ID, and deserializing by finding\n// the client by ID from the database.\n\nserver.serializeClient(async function (client) {\n return client.id\n})\n\nserver.deserializeClient(async function (id) {\n if (id == NOTFOUND) {\n return {}\n }\n\n const application = await getRepository(Application).findOneBy({ id })\n return application\n})\n\n// Register supported grant types.\n//\n// OAuth 2.0 specifies a framework that allows users to grant client\n// applications limited access to their protected resources. It does this\n// through a process of the user granting access, and the client exchanging\n// the grant for an access token.\n\n// Grant authorization codes. The callback takes the `client` requesting\n// authorization, the `redirectURI` (which is used as a verifier in the\n// subsequent exchange), the authenticated `user` granting access, and\n// their response, which contains approved scope, duration, etc. as parsed by\n// the application. The application issues a code, which is bound to these\n// values, and will be exchanged for an access token.\n\nserver.grant(\n oauth2orize.grant.code(async (client, redirectUrl, user, ares, areq) => {\n const { email, appKey, subdomain, scopes, state } = ares\n\n return Application.generateAuthCode(email, appKey, subdomain, scopes, state)\n })\n)\n\n// Exchange authorization codes for access tokens. The callback accepts the\n// `client`, which is exchanging `code` and any `redirectURI` from the\n// authorization request for verification. If these values are validated, the\n// application issues an access token on behalf of the user who authorized the\n// code.\n\nserver.exchange(\n oauth2orize.exchange.code(async (client, code, redirectUrl) => {\n try {\n /* authorization code */\n var decoded: any = Application.verifyAuthCode(code)\n } catch (e) {\n return false\n }\n let { email, appKey, subdomain, scopes } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n return false\n }\n\n /* DONT-FORGET uncomment after test */\n // if (redirectUrl !== application.redirectUrl && redirectUrl.indexOf(application.redirectUrl) != 0) {\n // logger.error(\n // 'oauth2 exchange error - redirectUrl should begins with the application setting',\n // redirectUrl,\n // application.redirectUrl\n // )\n // // return false\n // throw new TypeError(\n // `oauth2 exchange error - redirectUrl should begins with the application setting : '${redirectUrl}':'${application.redirectUrl}'`\n // )\n // }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({ email: ILike(email) })\n\n const appuserEmail = `${crypto.randomUUID()}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n\n relations: ['domains', 'creator', 'updater']\n })\n\n appuser = await getRepository(User).save({\n ...(appuser || {}),\n email: appuserEmail,\n name: application.name,\n userType: 'application',\n reference: application.id,\n domains: [domain],\n roles: scopes,\n status: UserStatus.ACTIVATED,\n updater: creator,\n creator\n })\n\n // appuser = await getRepository(User).findOne({\n // where: { email: ILike(appuserEmail) },\n // relations: ['domains']\n // })\n\n // appuser.domains = Promise.resolve([domain])\n // await getRepository(User).save(appuser)\n // Lazy relation 필드들(domain, domains)들에 대한 업데이트. 이상의 방법으로 업데이트 해야하는 것 같다.\n // Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scopes)\n var refreshToken = Application.generateRefreshToken(domain, appuser, appKey, scopes)\n\n await getRepository(User).save({\n ...(appuser as any),\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer',\n centerId: subdomain\n }\n ]\n })\n)\n\nserver.exchange(\n oauth2orize.exchange.refreshToken(async (client, refreshToken, scope) => {\n try {\n /* refresh token */\n var decoded: any = Application.verifyAuthCode(refreshToken)\n } catch (e) {\n logger.error(e)\n return false\n }\n const {\n id,\n userType,\n email,\n application: { appKey },\n domain: { subdomain },\n scope: originalScope,\n exp: expires_in\n } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n logger.error('application is not exist')\n return false\n }\n\n if (Date.now() > expires_in * 1000) {\n logger.error('refresh token is expired')\n return false\n }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({\n id,\n userType\n })\n\n const appuserEmail = `${appKey}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n relations: ['domain', 'creator', 'updater']\n })\n\n if (!appuser) {\n logger.error('application is not bound')\n return false\n }\n\n /*\n * `scope` is the scope of access requested by the client, which must not include any scope not originally granted.\n */\n\n scope = scope || originalScope\n\n const scopes: string[] = scope.split(',')\n const originalScopes = (originalScope || '').split(',')\n const additionalScope = scopes.find(scope => originalScopes.indexOf(scope) === -1)\n if (additionalScope) {\n logger.error(`additional scope(${additionalScope}) required`)\n return false\n }\n\n const roles = await getRepository(Role).findBy({\n name: In(scopes),\n domain: { id: domain.id }\n })\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scope)\n var refreshToken: any = Application.generateRefreshToken(domain, appuser, appKey, scope)\n\n await getRepository(User).save({\n ...(appuser as any),\n roles,\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer'\n }\n ]\n })\n)\n"]}
package/dist-server/router/oauth2/passport-oauth2-client-password.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.Strategy = void 0;
3
+ exports.Strategy = Strategy;
4
4
  const tslib_1 = require("tslib");
5
5
  const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
6
6
  const util_1 = tslib_1.__importDefault(require("util"));
@@ -22,7 +22,6 @@ function Strategy(options, verify) {
22
22
  this._verify = verify;
23
23
  this._passReqToCallback = options.passReqToCallback;
24
24
  }
25
- exports.Strategy = Strategy;
26
25
  /**
27
26
  * Inherit from `passport.Strategy`.
28
27
  */
package/dist-server/router/oauth2/passport-oauth2-client-password.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"passport-oauth2-client-password.js","sourceRoot":"","sources":["../../../server/router/oauth2/passport-oauth2-client-password.ts"],"names":[],"mappings":";;;;AAAA,wEAAmC;AACnC,wDAAuB;AAEvB;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM;IACtC,IAAI,OAAO,OAAO,IAAI,UAAU,EAAE;QAChC,MAAM,GAAG,OAAO,CAAA;QAChB,OAAO,GAAG,EAAE,CAAA;KACb;IACD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;IAE7F,sBAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC5B,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAA;IACpC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAA;AACrD,CAAC;AAXD,4BAWC;AAED;;GAEG;AACH,cAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,sBAAQ,CAAC,QAAQ,CAAC,CAAA;AAE1C,SAAS,oBAAoB,CAAC,aAAa,GAAG,EAAE;IAC9C,IAAI,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACpB,OAAM;KACP;IAED,IAAI,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACrB,IAAI,WAAW,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEtE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QAC1B,OAAM;KACP;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC1B,OAAM;KACP;IAED,IAAI,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE;QAC9B,OAAM;KACP;IAED,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;AACjC,CAAC;AAED;;;;;GAKG;AACH,QAAQ,CAAC,SAAS,CAAC,YAAY,GAAG,UAAU,GAAG;IAC7C,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAA;IACvF,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YACrE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;SACnB;QAED,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAChC,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;KACzC;IAED,IAAI,IAAI,GAAG,IAAI,CAAA;IAEf,SAAS,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI;QACjC,IAAI,GAAG,EAAE;YACP,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;SACvB;QACD,IAAI,CAAC,MAAM,EAAE;YACX,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;SACnB;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC5B,CAAC;IAED,IAAI,IAAI,CAAC,kBAAkB,EAAE;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;KACpD;SAAM;QACL,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;KAC/C;AACH,CAAC,CAAA","sourcesContent":["import passport from 'koa-passport'\nimport util from 'util'\n\n/**\n * `Oauth2ClientPasswordStrategy` constructor.\n *\n * @api protected\n * Basic Authorization Header와 Body 형식을 모두 지원한다.\n */\nexport function Strategy(options, verify) {\n if (typeof options == 'function') {\n verify = options\n options = {}\n }\n if (!verify) throw new Error('OAuth 2.0 client password strategy requires a verify function')\n\n passport.Strategy.call(this)\n this.name = 'oauth2-client-password'\n this._verify = verify\n this._passReqToCallback = options.passReqToCallback\n}\n\n/**\n * Inherit from `passport.Strategy`.\n */\nutil.inherits(Strategy, passport.Strategy)\n\nfunction fetchBasicCredential(authorization = '') {\n var parts = authorization.split(' ')\n if (parts.length < 2) {\n return\n }\n\n var scheme = parts[0]\n var credentials = new Buffer(parts[1], 'base64').toString().split(':')\n\n if (!/Basic/i.test(scheme)) {\n return\n }\n if (credentials.length < 2) {\n return\n }\n\n var clientId = credentials[0]\n var clientSecret = credentials[1]\n if (!clientId || !clientSecret) {\n return\n }\n\n return [clientId, clientSecret]\n}\n\n/**\n * Authenticate request based on client credentials in the request body.\n *\n * @param {Object} req\n * @api protected\n */\nStrategy.prototype.authenticate = function (req) {\n var [clientId, clientSecret] = fetchBasicCredential(req.headers['authorization']) || []\n if (!clientId) {\n if (!req.body || !req.body['client_id'] || !req.body['client_secret']) {\n return this.fail()\n }\n\n clientId = req.body['client_id']\n clientSecret = req.body['client_secret']\n }\n\n var self = this\n\n function verified(err, client, info) {\n if (err) {\n return self.error(err)\n }\n if (!client) {\n return self.fail()\n }\n self.success(client, info)\n }\n\n if (self._passReqToCallback) {\n this._verify(req, clientId, clientSecret, verified)\n } else {\n this._verify(clientId, clientSecret, verified)\n }\n}\n"]}
1
+ {"version":3,"file":"passport-oauth2-client-password.js","sourceRoot":"","sources":["../../../server/router/oauth2/passport-oauth2-client-password.ts"],"names":[],"mappings":";;AASA,4BAWC;;AApBD,wEAAmC;AACnC,wDAAuB;AAEvB;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM;IACtC,IAAI,OAAO,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,MAAM,GAAG,OAAO,CAAA;QAChB,OAAO,GAAG,EAAE,CAAA;IACd,CAAC;IACD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;IAE7F,sBAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC5B,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAA;IACpC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,cAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,sBAAQ,CAAC,QAAQ,CAAC,CAAA;AAE1C,SAAS,oBAAoB,CAAC,aAAa,GAAG,EAAE;IAC9C,IAAI,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAM;IACR,CAAC;IAED,IAAI,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACrB,IAAI,WAAW,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEtE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAM;IACR,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAM;IACR,CAAC;IAED,IAAI,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,OAAM;IACR,CAAC;IAED,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;AACjC,CAAC;AAED;;;;;GAKG;AACH,QAAQ,CAAC,SAAS,CAAC,YAAY,GAAG,UAAU,GAAG;IAC7C,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAA;IACvF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;QACpB,CAAC;QAED,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAChC,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC1C,CAAC;IAED,IAAI,IAAI,GAAG,IAAI,CAAA;IAEf,SAAS,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI;QACjC,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;QACpB,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC5B,CAAC;IAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;IACrD,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;AACH,CAAC,CAAA","sourcesContent":["import passport from 'koa-passport'\nimport util from 'util'\n\n/**\n * `Oauth2ClientPasswordStrategy` constructor.\n *\n * @api protected\n * Basic Authorization Header와 Body 형식을 모두 지원한다.\n */\nexport function Strategy(options, verify) {\n if (typeof options == 'function') {\n verify = options\n options = {}\n }\n if (!verify) throw new Error('OAuth 2.0 client password strategy requires a verify function')\n\n passport.Strategy.call(this)\n this.name = 'oauth2-client-password'\n this._verify = verify\n this._passReqToCallback = options.passReqToCallback\n}\n\n/**\n * Inherit from `passport.Strategy`.\n */\nutil.inherits(Strategy, passport.Strategy)\n\nfunction fetchBasicCredential(authorization = '') {\n var parts = authorization.split(' ')\n if (parts.length < 2) {\n return\n }\n\n var scheme = parts[0]\n var credentials = new Buffer(parts[1], 'base64').toString().split(':')\n\n if (!/Basic/i.test(scheme)) {\n return\n }\n if (credentials.length < 2) {\n return\n }\n\n var clientId = credentials[0]\n var clientSecret = credentials[1]\n if (!clientId || !clientSecret) {\n return\n }\n\n return [clientId, clientSecret]\n}\n\n/**\n * Authenticate request based on client credentials in the request body.\n *\n * @param {Object} req\n * @api protected\n */\nStrategy.prototype.authenticate = function (req) {\n var [clientId, clientSecret] = fetchBasicCredential(req.headers['authorization']) || []\n if (!clientId) {\n if (!req.body || !req.body['client_id'] || !req.body['client_secret']) {\n return this.fail()\n }\n\n clientId = req.body['client_id']\n clientSecret = req.body['client_secret']\n }\n\n var self = this\n\n function verified(err, client, info) {\n if (err) {\n return self.error(err)\n }\n if (!client) {\n return self.fail()\n }\n self.success(client, info)\n }\n\n if (self._passReqToCallback) {\n this._verify(req, clientId, clientSecret, verified)\n } else {\n this._verify(clientId, clientSecret, verified)\n }\n}\n"]}
package/dist-server/router/oauth2/passport-refresh-token.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.Strategy = void 0;
3
+ exports.Strategy = Strategy;
4
4
  const tslib_1 = require("tslib");
5
5
  const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
6
6
  const util_1 = tslib_1.__importDefault(require("util"));
@@ -22,7 +22,6 @@ function Strategy(options, verify) {
22
22
  this._verify = verify;
23
23
  this._passReqToCallback = options.passReqToCallback;
24
24
  }
25
- exports.Strategy = Strategy;
26
25
  /**
27
26
  * Inherit from `passport.Strategy`.
28
27
  */