@things-factory/auth-base 8.0.0-beta.0 → 8.0.0-beta.2

package/server/controllers/change-pwd.ts

@@ -1,100 +0,0 @@
-import { config } from '@things-factory/env'
-import { getRepository } from '@things-factory/shell'
-
-import {
-  CONFIRM_PASSWORD_NOT_MATCHED,
-  PASSWORD_NOT_MATCHED,
-  PASSWORD_USED_PAST,
-  USER_NOT_FOUND
-} from '../constants/error-code'
-import { AuthError } from '../errors/auth-error'
-import { PasswordHistory } from '../service/password-history/password-history'
-import { User } from '../service/user/user'
-
-const HISTORY_SIZE = config.get('password', { history: 0 }).history
-
-export async function changePwd(attrs, currentPass, newPass, confirmPass, context) {
-  const { domain } = context.state
-
-  // TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
-  const repository = getRepository(User)
-
-  const user: User = await repository.findOne({ where: { id: attrs.id } })
-
-  if (!user) {
-    throw new AuthError({
-      errorCode: USER_NOT_FOUND
-    })
-  }
-
-  if (newPass !== confirmPass) {
-    throw new AuthError({
-      errorCode: CONFIRM_PASSWORD_NOT_MATCHED
-    })
-  }
-
-  if (!User.verify(user.password, currentPass, user.salt)) {
-    throw new AuthError({
-      errorCode: PASSWORD_NOT_MATCHED,
-      detail: {
-        username: user.username,
-        email: user.email,
-        failCount: user.failCount
-      }
-    })
-  }
-
-  /* check if password is following the rule */
-  User.validatePasswordByRule(newPass, context?.lng)
-
-  user.password = User.encode(newPass, user.salt)
-
-  if (HISTORY_SIZE > 0) {
-    var passwordHistory: PasswordHistory = await getRepository(PasswordHistory).findOneBy({ userId: user.id })
-    var history = []
-
-    if (passwordHistory) {
-      try {
-        history = JSON.parse(passwordHistory.history)
-        if (!(history instanceof Array)) {
-          console.error('password history maybe currupted - not an array')
-          history = []
-        }
-      } catch (e) {
-        console.error('password history currupted - not json format')
-      }
-
-      const found = history.slice(0, HISTORY_SIZE).find(h => {
-        return User.verify(h.password, newPass, h.salt)
-      })
-
-      if (found) {
-        throw new AuthError({
-          errorCode: PASSWORD_USED_PAST
-        })
-      }
-    }
-  }
-
-  await repository.save({
-    ...user,
-    passwordUpdatedAt: new Date()
-  })
-
-  if (HISTORY_SIZE > 0) {
-    history = [
-      {
-        password: user.password,
-        salt: user.salt
-      },
-      ...history
-    ].slice(0, HISTORY_SIZE)
-
-    await getRepository(PasswordHistory).save({
-      userId: user.id,
-      history: JSON.stringify(history)
-    })
-  }
-
-  return await user.sign({ subdomain: domain.subdomain })
-}

package/server/controllers/checkin.ts

@@ -1,21 +0,0 @@
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { User } from '../service/user/user'
-import { getUserDomains } from '../utils/get-user-domains'
-
-export async function checkin({ userId, subdomain }) {
-  const userRepo = getRepository(User)
-  const user = await userRepo.findOne({ where: { id: userId } })
-  const domains: Partial<Domain>[] = await getUserDomains(user)
-
-  if (!domains?.length) {
-    return false
-  }
-
-  const domain = domains.find(domain => domain.subdomain == subdomain)
-  if (!domain) {
-    return false
-  }
-
-  return await user.sign({ subdomain })
-}

package/server/controllers/delete-user.ts

@@ -1,71 +0,0 @@
-import { EntityManager, ILike, In } from 'typeorm'
-import { User, UserStatus } from '../service/user/user'
-import { AuthError } from '../errors/auth-error'
-import { USER_NOT_FOUND } from '../constants/error-code'
-
-export async function deleteUser(attrs, tx?: EntityManager) {
-  // TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
-  // TODO 다른 도메인에도 포함되어있다면, domains-users 관게와 해당 도메인 관련 정보만 삭제해야 함.
-
-  const repository = tx?.getRepository(User)
-  const { username } = attrs
-
-  var user = await repository.findOne({
-    where: { username },
-    relations: ['domains']
-  })
-
-  if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-    user = await repository.findOne({
-      where: { email: ILike(username) },
-      relations: ['domains']
-    })
-  }
-
-  if (!user) {
-    throw new AuthError({
-      errorCode: USER_NOT_FOUND
-    })
-  }
-
-  user.status = UserStatus.DELETED
-  user.domains = []
-
-  await repository.save(user)
-}
-
-export async function deleteUsers(attrs, tx?: EntityManager) {
-  // TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
-  // TODO 다른 도메인에도 포함되어있다면, domains-users 관게와 해당 도메인 관련 정보만 삭제해야 함.
-
-  const { usernames } = attrs
-
-  const repo = tx?.getRepository(User)
-
-  const users = await repo.find({
-    where: {
-      username: In(usernames)
-    }
-  })
-
-  const userIds = []
-  users.forEach(user => {
-    user.status = UserStatus.DELETED
-    user.domains = []
-
-    userIds.push(user.id)
-  })
-
-  await repo.save(users)
-
-  // repository api는 작동하지 않음.
-  // await txManager
-  //   .createQueryBuilder()
-  //   .delete()
-  //   .from('users_domains')
-  //   .where({
-  //     usersId: In(userIds)
-  //   })
-  //   .execute()
-  return true
-}

package/server/controllers/invitation.ts

@@ -1,163 +0,0 @@
-import { ILike } from 'typeorm'
-import { URL } from 'url'
-
-import { sendEmail } from '@things-factory/email-base'
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { Invitation } from '../service/invitation/invitation'
-import { User, UserStatus } from '../service/user/user'
-import { getInvitationEmailForm } from '../templates/invitation-email'
-import { makeInvitationToken } from './utils/make-invitation-token'
-import { saveInvitationToken } from './utils/save-invitation-token'
-
-export async function invite(attrs, withEmailInvitation?: Boolean) {
-  const { username, reference, type, context } = attrs
-  const repository = getRepository(User)
-
-  var user = await repository.findOne({
-    where: { username },
-    relations: ['domains']
-  })
-
-  if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-    user = await repository.findOne({
-      where: { email: ILike(username) },
-      relations: ['domains']
-    })
-  }
-
-  var domains = user.domains
-
-  // TODO reference should not be a domain.id (security reason)
-
-  if (user) {
-    const domain = domains.find(domain => domain.id == reference)
-
-    if (domain) {
-      const msg = `user already a member of the ${type}.`
-      throw new Error(msg)
-    }
-  }
-
-  if (withEmailInvitation) {
-    const email = user.email
-
-    // TODO 초대장의 유효기간을 설정할 수 있어야 함.
-    var invitation = await getRepository(Invitation).findOneBy({
-      email: ILike(email),
-      reference,
-      type
-    })
-
-    if (!invitation) {
-      invitation = await getRepository(Invitation).save({
-        email,
-        reference,
-        type
-      })
-    }
-
-    return await sendInvitationEmail({
-      invitation,
-      user,
-      context
-    })
-  }
-
-  if (user) {
-    user.domains = [...domains, await getRepository(Domain).findOneBy({ id: reference })]
-    await getRepository(User).save(user)
-  } else {
-    // TODO need to signup
-  }
-}
-
-export async function acceptInvitation(token) {
-  var invitation = await getRepository(Invitation).findOneBy({
-    token
-  })
-
-  if (!invitation) {
-    throw new Error(`not found invitation.`)
-  }
-
-  var { email, reference, type } = invitation
-
-  var user = await getRepository(User).findOne({ where: { email: ILike(email) }, relations: ['domains'] })
-
-  if (user) {
-    var domains = user.domains
-    const domain = domains.find(domain => domain.id == reference)
-
-    if (domain) {
-      const msg = `user already a member of the ${type}.`
-      throw new Error(msg)
-    }
-
-    user.domains = [...domains, await getRepository(Domain).findOneBy({ id: reference })]
-    await getRepository(User).save(user)
-
-    await getRepository(Invitation).delete(invitation.id)
-  } else {
-    // TODO goto signup
-  }
-
-  return true
-}
-
-export async function sendInvitationEmail({ invitation, user, context }) {
-  try {
-    var token = makeInvitationToken()
-    var verifaction = await saveInvitationToken(invitation.id, token)
-
-    if (verifaction) {
-      var serviceUrl = new URL(`/auth/accept/${token}`, context.header.referer)
-
-      await sendEmail({
-        receiver: invitation.email,
-        subject: 'Invitation',
-        content: getInvitationEmailForm({
-          username: user.username,
-          email: invitation.email,
-          acceptUrl: serviceUrl
-        })
-      })
-
-      return true
-    }
-  } catch (e) {
-    return false
-  }
-}
-
-export async function resendInvitationEmail(
-  { email, reference, type }: { email: string; reference: string; type: string },
-  context
-) {
-  var invitation = await getRepository(Invitation).findOneBy({
-    email: ILike(email),
-    reference,
-    type
-  })
-
-  if (!invitation) {
-    throw new Error(`not found invitation.`)
-  }
-
-  var user = await getRepository(User).findOne({
-    where: {
-      email: ILike(email),
-      status: UserStatus.ACTIVATED
-    }
-  })
-
-  if (!user) {
-    throw new Error(`user not found: ${email}`)
-  }
-
-  return await sendInvitationEmail({
-    invitation,
-    user,
-    context
-  })
-}

package/server/controllers/profile.ts

@@ -1,55 +0,0 @@
-import { ILike } from 'typeorm'
-
-import { getRepository } from '@things-factory/shell'
-
-import { USER_NOT_FOUND } from '../constants/error-code'
-import { AuthError } from '../errors/auth-error'
-import { User } from '../service/user/user'
-
-export async function updateProfile({ id }, newProfiles) {
-  const repository = getRepository(User)
-  const user = await repository.findOneBy({ id })
-  if (!user) {
-    throw new AuthError({
-      errorCode: USER_NOT_FOUND
-    })
-  }
-
-  /* only 'username', 'name', 'email' and 'locale' attributes can be changed */
-  var allowed: {
-    username?: string
-    name?: string
-    email?: string
-    locale?: string
-  } = ['username', 'name', 'email', 'locale']
-    .filter(attr => attr in newProfiles)
-    .reduce((sum, attr) => {
-      sum[attr] = newProfiles[attr]
-      return sum
-    }, {})
-
-  /* check if email and username is unique */
-  if ('email' in allowed) {
-    var found: User = await repository.findOne({ where: { email: ILike(allowed.email) } })
-
-    if (found && found.id != id) {
-      throw new AuthError({
-        errorCode: AuthError.ERROR_CODES.EMAIL_ALREADY_EXISTS
-      })
-    }
-  }
-
-  if ('username' in allowed) {
-    var found: User = await repository.findOne({ where: { username: allowed.username } })
-    if (found && found.id != id) {
-      throw new AuthError({
-        errorCode: AuthError.ERROR_CODES.USERNAME_ALREADY_EXISTS
-      })
-    }
-  }
-
-  return await repository.save({
-    ...user,
-    ...allowed
-  })
-}

package/server/controllers/reset-password.ts

@@ -1,126 +0,0 @@
-import { URL } from 'url'
-
-import { sendEmail } from '@things-factory/email-base'
-import { config } from '@things-factory/env'
-import { getRepository } from '@things-factory/shell'
-
-import { PASSWORD_USED_PAST } from '../constants/error-code'
-import { AuthError } from '../errors/auth-error'
-import { PasswordHistory } from '../service/password-history/password-history'
-import { User } from '../service/user/user'
-import { VerificationToken, VerificationTokenType } from '../service/verification-token/verification-token'
-import { getResetPasswordEmailForm } from '../templates/reset-password-email'
-import { makeVerificationToken } from './utils/make-verification-token'
-import { saveVerificationToken } from './utils/save-verification-token'
-
-const HISTORY_SIZE = config.get('password', { history: 0 }).history
-
-export async function sendPasswordResetEmail({ user, context }) {
-  try {
-    var token = makeVerificationToken()
-    var verifaction = await saveVerificationToken(user.id, token, VerificationTokenType.PASSWORD_RESET)
-
-    if (verifaction) {
-      var serviceUrl = new URL(`/auth/reset-password?token=${token}`, context.header.referer)
-      await sendEmail({
-        receiver: user.email,
-        subject: 'Reset your password',
-        content: getResetPasswordEmailForm({
-          name: user.name,
-          resetUrl: serviceUrl
-        })
-      })
-
-      return true
-    }
-  } catch (e) {
-    return false
-  }
-}
-
-export async function resetPassword(token, password, context) {
-  const { t } = context
-
-  const verificationToken = await getRepository(VerificationToken).findOne({
-    where: {
-      token,
-      type: VerificationTokenType.PASSWORD_RESET
-    }
-  })
-
-  if (!verificationToken) {
-    throw new Error(t('text.invalid verification token'))
-  }
-
-  const { userId } = verificationToken
-  if (!userId) {
-    throw new Error(t('text.invalid verification token'))
-  }
-
-  var user = await getRepository(User).findOneBy({ id: userId })
-  if (!user) {
-    throw new Error(t('error.user not found'))
-  }
-
-  // if (user.status == UserStatus.INACTIVE) {
-  //   throw new Error(t('text.inactive user'))
-  // }
-
-  /* check if password is following the rule */
-  User.validatePasswordByRule(password, context?.lng)
-
-  user.password = User.encode(password, user.salt)
-
-  if (HISTORY_SIZE > 0) {
-    var passwordHistory: PasswordHistory = await getRepository(PasswordHistory).findOneBy({ userId: user.id })
-    var history = []
-
-    if (passwordHistory) {
-      try {
-        history = JSON.parse(passwordHistory.history)
-        if (!(history instanceof Array)) {
-          console.error('password history maybe currupted - not an array')
-          history = []
-        }
-      } catch (e) {
-        console.error('password history currupted - not json format')
-      }
-
-      const found = history.slice(0, HISTORY_SIZE).find(h => {
-        return User.verify(h.password, password, h.salt)
-      })
-
-      if (found) {
-        throw new AuthError({
-          errorCode: PASSWORD_USED_PAST
-        })
-      }
-    }
-  }
-
-  await getRepository(User).save({
-    ...user,
-    passwordUpdatedAt: new Date()
-  })
-
-  await getRepository(VerificationToken).delete({
-    userId,
-    token,
-    type: VerificationTokenType.PASSWORD_RESET
-  })
-
-  if (HISTORY_SIZE > 0) {
-    history = [
-      {
-        password: user.password,
-        salt: user.salt
-      },
-      ...history
-    ].slice(0, HISTORY_SIZE)
-
-    await getRepository(PasswordHistory).save({
-      userId: user.id,
-      history: JSON.stringify(history)
-    })
-  }
-}

package/server/controllers/signin.ts

@@ -1,98 +0,0 @@
-import { ILike } from 'typeorm'
-import { getRepository } from '@things-factory/shell'
-
-import { sendUnlockUserEmail } from '../controllers/unlock-user'
-import { AuthError } from '../errors/auth-error'
-import { User, UserStatus } from '../service/user/user'
-
-export async function signin(attrs: { username: string; password: string }, context?) {
-  const { domain } = context?.state || {}
-  const { username } = attrs
-
-  const repository = getRepository(User)
-
-  var user = await repository.findOne({
-    where: { username },
-    relations: ['domains']
-  })
-
-  if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-    user = await repository.findOne({
-      where: {
-        email: ILike(username)
-      },
-      relations: ['domains']
-    })
-  }
-
-  if (!user)
-    throw new AuthError({
-      errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
-    })
-
-  if (user.status == UserStatus.DELETED) {
-    throw new AuthError({
-      errorCode: AuthError.ERROR_CODES.USER_DELETED
-    })
-  }
-
-  if (user.status == UserStatus.LOCKED) {
-    sendUnlockUserEmail({
-      user,
-      context
-    })
-    throw new AuthError({
-      errorCode: AuthError.ERROR_CODES.USER_LOCKED,
-      detail: {
-        username: user.username,
-        email: user.email
-      }
-    })
-  }
-
-  if (!User.verify(user.password, attrs.password, user.salt)) {
-    user.failCount++
-    if (user.failCount >= 5) user.status = UserStatus.LOCKED
-    await repository.save(user)
-    if (user.status == UserStatus.LOCKED) {
-      sendUnlockUserEmail({
-        user,
-        context
-      })
-      throw new AuthError({
-        errorCode: AuthError.ERROR_CODES.USER_LOCKED,
-        detail: {
-          username: user.username,
-          email: user.email
-        }
-      })
-    }
-    throw new AuthError({
-      errorCode: AuthError.ERROR_CODES.PASSWORD_NOT_MATCHED,
-      detail: {
-        username: user.username,
-        email: user.email,
-        failCount: user.failCount
-      }
-    })
-  } else {
-    user.failCount = 0
-    await repository.save(user)
-  }
-
-  if (user.status == UserStatus.INACTIVE) {
-    throw new AuthError({
-      errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
-      detail: {
-        username: user.username,
-        email: user.email
-      }
-    })
-  }
-
-  return {
-    user,
-    token: await user.sign({ subdomain: domain?.subdomain }),
-    domains: user.domains || []
-  }
-}

package/server/controllers/signup.ts

@@ -1,72 +0,0 @@
-import { ILike } from 'typeorm'
-import { getRepository } from '@things-factory/shell'
-
-import { USER_DUPLICATED } from '../constants/error-code'
-import { AuthError } from '../errors/auth-error'
-import { User } from '../service/user/user'
-import { signin } from './signin'
-import { sendVerificationEmail } from './verification'
-
-export async function signup(attrs, withEmailVerification?: Boolean) {
-  const { name, username, password, domain, context } = attrs
-
-  /* check if password is following the rule */
-  User.validatePasswordByRule(password, context.lng)
-
-  const repository = getRepository(User)
-
-  var duplicated = await repository.findOne({
-    where: { username },
-    relations: ['domains']
-  })
-
-  if (!duplicated && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-    user = await repository.findOne({
-      where: { email: ILike(username) },
-      relations: ['domains']
-    })
-  }
-
-  if (duplicated) {
-    throw new AuthError({
-      errorCode: USER_DUPLICATED,
-      detail: {
-        name,
-        username
-      }
-    })
-  }
-
-  const salt = User.generateSalt()
-
-  var user = await repository.save({
-    userType: 'user',
-    ...attrs,
-    salt,
-    password: User.encode(password, salt),
-    passwordUpdatedAt: new Date(),
-    domains: domain ? [domain] : []
-  })
-
-  var succeed = false
-  if (withEmailVerification) {
-    succeed = await sendVerificationEmail({
-      context,
-      user
-    })
-  }
-
-  try {
-    return {
-      token: await signin(
-        {
-          username,
-          password
-        },
-        { domain }
-      )
-    }
-  } catch (e) {
-    return { token: null }
-  }
-}