@things-factory/auth-base 8.0.0-beta.0 → 8.0.0-beta.2

package/server/service/user/user-mutation.ts

@@ -1,482 +0,0 @@
-import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
-import { GraphQLEmailAddress } from 'graphql-scalars'
-import { ILike, In, SelectQueryBuilder, EntityManager } from 'typeorm'
-
-import { config } from '@things-factory/env'
-import { Domain, getRepository, ObjectRef } from '@things-factory/shell'
-
-import { deleteUser as commonDeleteUser, deleteUsers as commonDeleteUsers } from '../../controllers/delete-user'
-import { buildDomainUsersQueryBuilder } from '../../utils/get-domain-users'
-import { Role } from '../role/role'
-import { User, UserStatus } from './user'
-import { NewUser, UserPatch } from './user-types'
-import { USERNAME_ALREADY_EXISTS, EMAIL_ALREADY_EXISTS } from '../../constants/error-code'
-
-@Resolver(User)
-export class UserMutation {
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => User, { description: 'To create new user' })
-  async createUser(@Arg('user') user: NewUser, @Ctx() context: ResolverContext) {
-    const { domain, tx } = context.state
-    const { defaultPassword } = config.get('password')
-    const { username, email } = user
-    const userRepository = getRepository(User, tx)
-
-    user.username = username.trim()
-    user.email = email.trim()
-
-    if (await userRepository.findOne({ where: { username: user.username } })) {
-      throw new Error(context.t(USERNAME_ALREADY_EXISTS))
-    }
-
-    if (await userRepository.findOne({ where: { email: ILike(user.email) } })) {
-      throw new Error(context.t(EMAIL_ALREADY_EXISTS))
-    }
-
-    if (!user.password && !defaultPassword) {
-      throw new Error('initial password or default password should be supported.')
-    }
-
-    // TODO username은 다음 패턴을 따라야 한다. pattern="^[A-Za-z0-9]*$"
-    if (!/^[A-Za-z0-9]*$/.test(user.username)) {
-      throw new Error(context.t('error.invalid x', { x: context.t('field.username') }))
-    }
-
-    // consider if validation password rule is required
-    /* check if password is following the rule */
-    // User.validatePasswordByRule(user.password, context.lng)
-
-    const salt = User.generateSalt()
-
-    return await userRepository.save({
-      creator: context.state.user,
-      updater: context.state.user,
-      ...user,
-      domains: [domain],
-      roles:
-        user.roles && user.roles.length
-          ? await getRepository(Role, tx).findBy({
-              id: In(user.roles.map(role => role.id)),
-              domain: { id: domain.id }
-            })
-          : [],
-      salt,
-      passwordUpdatedAt: new Date(),
-      password: user.password ? User.encode(user.password, salt) : User.encode(defaultPassword, salt)
-    })
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => User, { description: 'To modify user information' })
-  async updateUser(
-    @Arg('email', type => GraphQLEmailAddress) email: string,
-    @Arg('patch') patch: UserPatch,
-    @Ctx() context: ResolverContext
-  ) {
-    const { domain, user: updater, tx }: { domain: Domain; user: User; tx?: EntityManager } = context.state
-    const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id, 'USER')
-    const user: User = await qb
-      .andWhere('LOWER(USER.email) = :email', { email: email?.toLowerCase().trim() || '' })
-      .leftJoinAndSelect('USER.roles', 'ROLES')
-      .leftJoinAndSelect('ROLES.domain', 'R_DOMAIN')
-      .getOne()
-
-    if (patch.roles) {
-      patch.roles = await getRepository(Role, tx).find({
-        where: { id: In(patch.roles.map((r: Partial<Role>) => r.id)) }
-      })
-    }
-
-    if (patch.status && patch.status === 'activated') {
-      user.status = UserStatus.ACTIVATED
-    }
-
-    return await getRepository(User, tx).save({
-      ...user,
-      ...patch,
-      updater
-    } as any)
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => [User], { description: 'To modify multiple users information' })
-  async updateMultipleUser(@Arg('patches', type => [UserPatch]) patches: UserPatch[], @Ctx() context: ResolverContext) {
-    const { domain, user, tx } = context.state
-    const userRepo = getRepository(User, tx)
-
-    let results = []
-    const _createRecords = patches.filter((patch: any) => patch.cuFlag.toUpperCase() === '+')
-    const _updateRecords = patches.filter((patch: any) => patch.cuFlag.toUpperCase() === 'M')
-
-    if (_createRecords.length > 0) {
-      for (let i = 0; i < _createRecords.length; i++) {
-        const newRecord = _createRecords[i]
-
-        // consider if validation password rule is required
-        /* check if password is following the rule */
-        // User.validatePasswordByRule(newRecord.password, context.lng)
-
-        const salt = User.generateSalt()
-        const result = await userRepo.save({
-          ...(newRecord as any),
-          domains: [domain],
-          salt,
-          password: User.encode(newRecord.password, salt),
-          passwordUpdatedAt: new Date(),
-          creator: user,
-          updater: user
-        })
-
-        // repository api는 작동하지 않음.
-        // await tx
-        //   .createQueryBuilder()
-        //   .insert()
-        //   .into('users_domains')
-        //   .values({
-        //     usersId: result.id,
-        //     domainsId: domain.id
-        //   })
-        //   .execute()
-
-        results.push({ ...result, cuFlag: '+' })
-      }
-    }
-
-    if (_updateRecords.length > 0) {
-      for (let i = 0; i < _updateRecords.length; i++) {
-        const updateRecord = _updateRecords[i]
-        // consider if validation password rule is required
-        /* check if password is following the rule */
-        // User.validatePasswordByRule(updateRecord.password, context.lng)
-
-        const user = await userRepo.findOne({ where: { id: updateRecord.id }, relations: ['domains'] })
-        var domains = user.domains.find(d => d.id === domain.id) ? user.domains : [...user.domains, domain]
-
-        const result = await userRepo.save({
-          ...user,
-          ...(updateRecord as any),
-          domains,
-          password: updateRecord.password ? User.encode(updateRecord.password, user.salt) : user.password,
-          updater: user
-        })
-
-        if (!updateRecord.status) {
-          continue
-        }
-
-        // const domain = await user.domain
-        // if (!domain) {
-        //   continue
-        // }
-
-        // const domainId = domain.id
-        // const domains = await user.domains
-        // if (!domains.find(domain => domain.id == domainId)) {
-        //   await tx
-        //     .createQueryBuilder()
-        //     .insert()
-        //     .into('users_domains')
-        //     .values({
-        //       usersId: user.id,
-        //       domainsId: domain.id
-        //     })
-        //     .execute()
-        // }
-
-        results.push({ ...result, cuFlag: 'M' })
-      }
-    }
-
-    return results
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To delete a user' })
-  async deleteUser(@Arg('username') username: string, @Ctx() context: ResolverContext) {
-    const { tx } = context.state
-
-    await commonDeleteUser({ username }, tx)
-
-    return true
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To delete some users' })
-  async deleteUsers(@Arg('usernames', type => [String]) usernames: string[], @Ctx() context: ResolverContext) {
-    const { tx } = context.state
-    await commonDeleteUsers({ usernames }, tx)
-
-    return true
-  }
-
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To invite new user' })
-  async inviteUser(@Arg('username') username: string, @Ctx() context: ResolverContext): Promise<boolean> {
-    const { domain, tx } = context.state
-    const userRepository = getRepository(User, tx)
-
-    var invitee: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains']
-    })
-
-    if (!invitee && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      invitee = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains']
-      })
-    }
-
-    if (!invitee) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    const existingDomains: Domain[] = invitee.domains
-    if (existingDomains.find((d: Domain) => d.id === domain.id)) {
-      throw new Error(context.t('error.x already exists in y', { x: context.t('field.user'), y: domain.name }))
-    }
-
-    invitee.domains = [...existingDomains, domain]
-    await userRepository.save(invitee)
-
-    return true
-  }
-
-  @Directive('@transaction')
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Mutation(returns => Boolean, { description: 'To delete domain user' })
-  async deleteDomainUser(@Arg('username') username: string, @Ctx() context: ResolverContext): Promise<boolean> {
-    const { tx, domain } = context.state
-    const userRepository = getRepository(User, tx)
-
-    var user: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains', 'roles']
-    })
-
-    if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      user = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains', 'roles']
-      })
-    }
-
-    if (!user) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    const targetDomainIdx: number = user.domains.findIndex((userDomain: Domain) => userDomain.id === domain.id)
-    if (targetDomainIdx < 0) {
-      throw new Error(context.t('error.x is not a member of y', { x: user.name, y: domain.name }))
-    }
-
-    // Remove domain relation with user
-    user.domains.splice(targetDomainIdx, 1)
-
-    // Remove domain's roles that user has
-    user.roles = user.roles.filter((role: Role) => role.domainId !== domain.id)
-
-    await userRepository.save(user)
-
-    return true
-  }
-
-  @Directive('@privilege(domainOwnerGranted: true, superUserGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To transfer owner of domain' })
-  async transferOwner(@Arg('username') username: string, @Ctx() context: ResolverContext): Promise<boolean> {
-    const { domain, tx } = context.state
-    const userRepository = getRepository(User, tx)
-
-    var user: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains']
-    })
-
-    if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      user = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains']
-      })
-    }
-
-    if (!user) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    if (user.status !== UserStatus.ACTIVATED) {
-      throw new Error('Only activated users are eligible to receive admin privileges.')
-    }
-
-    if (user.domains.map((d: Domain) => d.id).indexOf(domain.id) < 0) {
-      throw new Error(`User is not belongs to current domain`)
-    }
-
-    if (user.roles.filter((r: Role) => r.domainId == domain.id).length == 0) {
-      throw new Error(`Only users with at least one role in this domain are eligible to receive admin privileges.`)
-    }
-
-    domain.owner = user.id
-    await getRepository(Domain, tx).save(domain)
-
-    return true
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To activate user' })
-  async activateUser(@Arg('username') username: string, @Ctx() context: ResolverContext): Promise<boolean> {
-    const { tx, domain } = context.state
-    const userRepository = getRepository(User, tx)
-
-    var targetUser: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains']
-    })
-
-    if (!targetUser && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      targetUser = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains']
-      })
-    }
-
-    if (!targetUser) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    if (!targetUser?.domains?.find((userDomain: Domain) => userDomain.id === domain.id)) {
-      throw new Error('User is not belong to domain')
-    }
-
-    targetUser.failCount = 0
-    targetUser.status = UserStatus.ACTIVATED
-
-    await userRepository.save(targetUser)
-
-    return true
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To inactivate user' })
-  async inactivateUser(@Arg('username') username: string, @Ctx() context: ResolverContext): Promise<boolean> {
-    const { tx, domain } = context.state
-    const userRepository = getRepository(User, tx)
-
-    var targetUser: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains']
-    })
-
-    if (!targetUser && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      targetUser = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains']
-      })
-    }
-
-    if (!targetUser) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    if (!targetUser?.domains?.find((userDomain: Domain) => userDomain.id === domain.id)) {
-      throw new Error('User is not belong to domain')
-    }
-
-    if (targetUser.userType == 'admin' || targetUser.id === domain.owner) {
-      throw new Error('Admin deactivation not allowed')
-    }
-
-    targetUser.status = UserStatus.INACTIVE
-
-    await userRepository.save(targetUser)
-
-    return true
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean, { description: 'To reset password to default' })
-  async resetPasswordToDefault(@Arg('username') username: string, @Ctx() context: ResolverContext): Promise<boolean> {
-    const { tx, domain } = context.state
-
-    const { defaultPassword } = config.get('password')
-    if (!defaultPassword) {
-      throw new Error('No default password found')
-    }
-
-    const userRepository = getRepository(User, tx)
-
-    var targetUser: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains']
-    })
-
-    if (!targetUser && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      targetUser = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains']
-      })
-    }
-
-    if (!targetUser) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    if (!targetUser?.domains?.find((userDomain: Domain) => userDomain.id === domain.id)) {
-      throw new Error('User is not belong to domain')
-    }
-
-    targetUser.salt = User.generateSalt()
-    targetUser.password = User.encode(defaultPassword, targetUser.salt)
-
-    await userRepository.save(targetUser)
-
-    return true
-  }
-
-  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
-  @Directive('@transaction')
-  @Mutation(returns => User, { description: 'To update roles for a user' })
-  async updateUserRoles(
-    @Arg('username') username: string,
-    @Arg('availableRoles', type => [ObjectRef]) availableRoles: ObjectRef[],
-    @Arg('selectedRoles', type => [ObjectRef]) selectedRoles: ObjectRef[],
-    @Ctx() context: ResolverContext
-  ) {
-    const { domain, tx } = context.state
-    const userRepository = getRepository(User, tx)
-
-    var user: User = await userRepository.findOne({
-      where: { username },
-      relations: ['domains', 'roles']
-    })
-
-    if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-      user = await userRepository.findOne({
-        where: { email: ILike(username) },
-        relations: ['domains', 'roles']
-      })
-    }
-
-    if (!user) {
-      throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
-    }
-
-    if (user.domains.map((d: Domain) => d.id).indexOf(domain.id) < 0) {
-      throw new Error(`User is not belongs to current domain`)
-    }
-
-    const availableRoleIds: string[] = availableRoles.map((r: Role) => r.id)
-    user.roles = user.roles.filter((r: Role) => availableRoleIds.indexOf(r.id) < 0)
-    user.roles = user.roles.concat(selectedRoles as Role[])
-
-    return await userRepository.save(user)
-  }
-}

package/server/service/user/user-query.ts

@@ -1,145 +0,0 @@
-import { Arg, Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
-import { GraphQLEmailAddress } from 'graphql-scalars'
-import { ILike, SelectQueryBuilder } from 'typeorm'
-
-import { config } from '@things-factory/env'
-import { getRepository, ListParam, getQueryBuilderFromListParams } from '@things-factory/shell'
-
-import { checkUserBelongsDomain } from '../../utils/check-user-belongs-domain'
-import { buildDomainUsersQueryBuilder } from '../../utils/get-domain-users'
-import { User } from './user'
-import { PasswordRule, UserList } from './user-types'
-
-const passwordRule = config.get('password') || {
-  lowerCase: true,
-  upperCase: true,
-  digit: true,
-  specialCharacter: true,
-  allowRepeat: false,
-  useTightPattern: true,
-  useLoosePattern: false,
-  tightCharacterLength: 8,
-  looseCharacterLength: 15
-}
-
-@Resolver(User)
-export class UserQuery {
-  @Query(returns => PasswordRule, {
-    description:
-      'Retrieves the current password rule configuration for the system, such as required character types and minimum length.'
-  })
-  passwordRule(@Ctx() context: ResolverContext): PasswordRule {
-    return passwordRule
-  }
-
-  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
-  @Query(returns => User, { description: 'Fetches a user by their email address within the current domain.' })
-  async user(@Arg('email', type => GraphQLEmailAddress) email: string, @Ctx() context: ResolverContext): Promise<User> {
-    const { domain } = context.state
-
-    const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id, 'USER')
-    qb.andWhere(`LOWER(USER.email) = :email`, { email: email.toLowerCase().trim() })
-
-    return qb.getOne()
-  }
-
-  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
-  @Query(returns => UserList, {
-    description: 'Fetches a list of users based on provided search parameters within the current domain.'
-  })
-  async users(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
-    const { domain } = context.state
-
-    const qb = getQueryBuilderFromListParams({
-      repository: getRepository(User),
-      params,
-      alias: 'USER',
-      searchables: ['name', 'email', 'description']
-    })
-
-    qb.select().andWhere(qb => {
-      const subQuery = qb
-        .subQuery()
-        .select('USERS_DOMAINS.users_id')
-        .from('users_domains', 'USERS_DOMAINS')
-        .where('USERS_DOMAINS.domains_id = :domainId', { domainId: domain.id })
-        .getQuery()
-
-      return 'USER.id IN ' + subQuery
-    })
-
-    const [items, total] = await qb.getManyAndCount()
-
-    const foundUsers: User[] = items.map((item: User) => {
-      item.owner = item.id === domain.owner
-      return item
-    })
-
-    return { items: foundUsers, total }
-  }
-
-  @Query(returns => Boolean, { description: 'Checks if the current authenticated user belongs to the current domain.' })
-  async checkUserBelongsDomain(@Ctx() context: ResolverContext): Promise<Boolean> {
-    const { user, domain } = context.state
-
-    if (user) {
-      return await checkUserBelongsDomain(domain, user)
-    } else {
-      throw new Error(`Failed to get current user information.`)
-    }
-  }
-
-  @Query(returns => Boolean, {
-    description: 'Determines whether the system provides a default password when creating a new user.'
-  })
-  async checkResettablePasswordToDefault(@Ctx() context: ResolverContext): Promise<Boolean> {
-    const { defaultPassword } = config.get('password')
-
-    return Boolean(defaultPassword)
-  }
-
-  @Query(returns => Boolean, {
-    description: 'Checks if the system is configured to provide a default password for new users.'
-  })
-  async checkDefaultPassword(@Ctx() context: ResolverContext): Promise<Boolean> {
-    const { defaultPassword } = config.get('password')
-
-    return Boolean(defaultPassword)
-  }
-
-  @Directive('@privilege(category: "user", privilege: "query")')
-  @Query(returns => Boolean, { description: 'Checks if a user with the given email address exists in the system.' })
-  async checkUserExistence(@Arg('email', type => GraphQLEmailAddress) email: string): Promise<Boolean> {
-    return Boolean(await getRepository(User).count({ where: { email: ILike(email) } }))
-  }
-
-  @FieldResolver()
-  async domains(@Root() user: User) {
-    return (
-      await getRepository(User).findOne({
-        where: { id: user.id },
-        relations: ['domains']
-      })
-    ).domains
-  }
-
-  @FieldResolver()
-  async roles(@Root() user: User) {
-    return (
-      await getRepository(User).findOne({
-        where: { id: user.id },
-        relations: ['roles']
-      })
-    ).roles
-  }
-
-  @FieldResolver()
-  async updater(@Root() user: User): Promise<User> {
-    return await getRepository(User).findOneBy({ id: user.updaterId })
-  }
-
-  @FieldResolver()
-  async creator(@Root() user: User): Promise<User> {
-    return await getRepository(User).findOneBy({ id: user.creatorId })
-  }
-}