@things-factory/auth-base 8.0.0-beta.0 → 8.0.0-beta.2

package/server/router/auth-public-process-router.ts

@@ -1,314 +0,0 @@
-import Router from 'koa-router'
-import { ILike } from 'typeorm'
-
-import { config } from '@things-factory/env'
-import { getRepository, getSiteRootPath } from '@things-factory/shell'
-
-import { resendInvitationEmail } from '../controllers/invitation'
-import { resetPassword, sendPasswordResetEmail } from '../controllers/reset-password'
-import { unlockUser } from '../controllers/unlock-user'
-import { resendVerificationEmail, verify } from '../controllers/verification'
-import { User } from '../service/user/user'
-import { accepts } from '../utils/accepts'
-import { clearAccessTokenCookie } from '../utils/access-token-cookie'
-
-const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
-const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
-const languages = config.get('i18n/languages', false)
-const passwordRule = config.get('password') || {
-  lowerCase: true,
-  upperCase: true,
-  digit: true,
-  specialCharacter: true,
-  allowRepeat: false,
-  useTightPattern: true,
-  useLoosePattern: false,
-  tightCharacterLength: 8,
-  looseCharacterLength: 15
-}
-
-export const authPublicProcessRouter = new Router({
-  prefix: '/auth'
-})
-
-authPublicProcessRouter.post('/join', async (context, next) => {
-  const { username } = context.request.body || {}
-
-  const repository = getRepository(User)
-
-  var user = await repository.findOne({
-    where: { username },
-    relations: ['domains']
-  })
-
-  if (!user && /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username)) {
-    user = await repository.findOne({
-      where: { email: ILike(username) },
-      relations: ['domains']
-    })
-  }
-
-  if (user) {
-    context.redirect(`/auth/signin?username=${username}`)
-  } else {
-    context.redirect(`/auth/signup?username=${username}`)
-  }
-})
-
-authPublicProcessRouter.all('/signout', async (context, next) => {
-  const { header, t } = context
-  clearAccessTokenCookie(context)
-
-  context.body = t('text.signout successfully')
-
-  if (accepts(header.accept, ['text/html', '*/*'])) {
-    context.redirect(getSiteRootPath(context))
-  }
-})
-
-authPublicProcessRouter.get('/forgot-password', async (context, next) => {
-  const { email } = context.request.query
-
-  await context.render('auth-page', {
-    pageElement: 'forgot-password',
-    elementScript: '/auth/forgot-password.js',
-    data: {
-      email,
-      disableUserSignupProcess,
-      disableUserFavoredLanguage,
-      languages
-    }
-  })
-})
-
-authPublicProcessRouter.get('/reset-password', async (context, next) => {
-  const { token } = context.request.query
-
-  await context.render('auth-page', {
-    pageElement: 'reset-password',
-    elementScript: '/auth/reset-password.js',
-    data: {
-      token,
-      passwordRule,
-      disableUserSignupProcess,
-      disableUserFavoredLanguage,
-      languages
-    }
-  })
-})
-
-authPublicProcessRouter.get('/unlock-user', async (context, next) => {
-  const { token } = context.request.query
-
-  await context.render('auth-page', {
-    pageElement: 'unlock-user',
-    elementScript: '/auth/unlock-user.js',
-    data: {
-      token,
-      disableUserSignupProcess,
-      disableUserFavoredLanguage,
-      languages
-    }
-  })
-})
-
-authPublicProcessRouter.get('/activate/:email', async (context, next) => {
-  const { email } = context.params
-
-  await context.render('auth-page', {
-    pageElement: 'auth-activate',
-    elementScript: '/auth/activate.js',
-    data: {
-      email,
-      disableUserSignupProcess,
-      disableUserFavoredLanguage,
-      languages
-    }
-  })
-})
-
-authPublicProcessRouter.get('/verify/:token', async (context, next) => {
-  const { header, t } = context
-  var token = context.params.token
-
-  await verify(token)
-
-  var message = t('text.user activated successfully')
-
-  context.body = message
-
-  if (accepts(header.accept, ['text/html', '*/*'])) {
-    await context.render('auth-page', {
-      pageElement: 'auth-result',
-      elementScript: '/auth/result.js',
-      data: {
-        message,
-        disableUserSignupProcess,
-        disableUserFavoredLanguage,
-        languages
-      }
-    })
-  }
-})
-
-authPublicProcessRouter.post('/resend-verification-email', async (context, next) => {
-  const { t } = context
-  const { email } = context.request.body
-
-  var succeed = await resendVerificationEmail(email, context)
-  var message = t('text.verification email sent')
-
-  if (succeed) {
-    context.status = 200
-    context.body = message
-  }
-})
-
-authPublicProcessRouter.post('/resend-invitation-email', async (context, next) => {
-  const { t } = context
-  const { email, reference, type } = context.request.body
-
-  var succeed = await resendInvitationEmail(
-    {
-      email,
-      reference,
-      type
-    },
-    context
-  )
-
-  var message = t('text.invitation email sent')
-
-  if (succeed) {
-    context.status = 200
-    context.body = message
-  }
-})
-
-authPublicProcessRouter.post('/forgot-password', async (context, next) => {
-  const { t } = context
-  const { email } = context.request.body
-
-  if (!email) return next()
-
-  const userRepo = getRepository(User)
-  const user = await userRepo.findOne({
-    where: {
-      email
-    }
-  })
-
-  const succeed = await sendPasswordResetEmail({
-    user,
-    context
-  })
-
-  if (succeed) {
-    context.status = 200
-    context.body = t('text.password reset email sent')
-  }
-})
-
-authPublicProcessRouter.post('/reset-password', async (context, next) => {
-  const { header, t } = context
-  const { password, token } = context.request.body
-
-  try {
-    if (!(token && password)) {
-      let message = t('error.token or password is invalid')
-
-      context.status = 404
-      context.body = {
-        message
-      }
-
-      if (accepts(header.accept, ['text/html', '*/*'])) {
-        await context.render('auth-page', {
-          pageElement: 'reset-password',
-          elementScript: '/auth/reset-password.js',
-          data: {
-            token,
-            message,
-            passwordRule,
-            disableUserSignupProcess,
-            disableUserFavoredLanguage,
-            languages
-          }
-        })
-      }
-
-      return
-    }
-
-    await resetPassword(token, password, context)
-
-    var message = t('text.password changed successfully')
-    context.body = message
-
-    clearAccessTokenCookie(context)
-
-    if (accepts(header.accept, ['text/html', '*/*'])) {
-      await context.render('auth-page', {
-        pageElement: 'auth-result',
-        elementScript: '/auth/result.js',
-        data: {
-          message,
-          disableUserSignupProcess,
-          disableUserFavoredLanguage,
-          languages
-        }
-      })
-    }
-  } catch (e) {
-    context.status = 404
-    context.body = e.message
-
-    if (accepts(header.accept, ['text/html', '*/*'])) {
-      await context.render('auth-page', {
-        pageElement: 'reset-password',
-        elementScript: '/auth/reset-password.js',
-        data: {
-          token,
-          message: e.message,
-          passwordRule,
-          disableUserSignupProcess,
-          disableUserFavoredLanguage,
-          languages
-        }
-      })
-    }
-  }
-})
-
-authPublicProcessRouter.post('/unlock-user', async (context, next) => {
-  const { header, t } = context
-  const { password, token } = context.request.body
-
-  if (!(token || password)) {
-    context.status = 404
-    context.body = t('error.token or password is invalid')
-
-    return
-  }
-
-  var succeed = await unlockUser(token, password)
-
-  if (succeed) {
-    context.body = t('text.password reset succeed')
-
-    clearAccessTokenCookie(context)
-  }
-
-  if (accepts(header.accept, ['text/html', '*/*'])) {
-    await context.render('auth-page', {
-      pageElement: 'auth-result',
-      elementScript: '/auth/result.js',
-      data: {
-        message: t('text.account is reactivated'),
-        disableUserSignupProcess,
-        disableUserFavoredLanguage,
-        languages
-      }
-    })
-  }
-})

package/server/router/auth-signin-router.ts

@@ -1,55 +0,0 @@
-import Router from 'koa-router'
-
-import { config } from '@things-factory/env'
-import { signinMiddleware } from '../middlewares'
-import { accepts } from '../utils/accepts'
-import { setAccessTokenCookie } from '../utils/access-token-cookie'
-
-const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
-const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
-const languages = config.get('i18n/languages', false)
-
-const SSOConfig = config.get('sso', {} as any)
-const SSOLinks = Object.values(SSOConfig)
-  .filter(({ link, title }) => link && title)
-  .map(({ link, title }) => {
-    return { link, title }
-  })
-
-export const authSigninRouter = new Router()
-
-authSigninRouter.get('/auth/signin', async (context, next) => {
-  const { redirect_to, username } = context.query
-
-  await context.render('auth-page', {
-    pageElement: 'auth-signin',
-    elementScript: '/auth/signin.js',
-    data: {
-      username,
-      redirectTo: redirect_to,
-      ssoLinks: SSOLinks,
-      disableUserSignupProcess,
-      disableUserFavoredLanguage,
-      languages
-    }
-  })
-})
-
-authSigninRouter.post('/auth/signin', signinMiddleware, async (context, next) => {
-  const { request, t } = context
-  const { token, domain } = context.state
-  const { body: reqBody, header } = request
-
-  if (!accepts(header.accept, ['text/html', '*/*'])) {
-    context.body = token
-    return
-  }
-
-  var redirectTo = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(
-    reqBody.redirectTo || '/'
-  )}`
-
-  setAccessTokenCookie(context, token)
-
-  context.redirect(redirectTo)
-})

package/server/router/auth-signup-router.ts

@@ -1,95 +0,0 @@
-import Router from 'koa-router'
-
-import { config } from '@things-factory/env'
-
-import { signup } from '../controllers/signup'
-import { accepts } from '../utils/accepts'
-import { setAccessTokenCookie } from '../utils/access-token-cookie'
-
-const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
-const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
-const languages = config.get('i18n/languages', false)
-
-const passwordRule = config.get('password') || {
-  lowerCase: true,
-  upperCase: true,
-  digit: true,
-  specialCharacter: true,
-  allowRepeat: false,
-  useTightPattern: true,
-  useLoosePattern: false,
-  tightCharacterLength: 8,
-  looseCharacterLength: 15
-}
-
-export const authSignupRouter = new Router()
-
-if (!disableUserSignupProcess) {
-  authSignupRouter.get('/auth/signup', async (context, next) => {
-    const { email } = context.query
-
-    await context.render('auth-page', {
-      pageElement: 'auth-signup',
-      elementScript: '/auth/signup.js',
-      data: {
-        email,
-        passwordRule,
-        disableUserSignupProcess,
-        disableUserFavoredLanguage,
-        languages
-      }
-    })
-  })
-
-  authSignupRouter.post('/auth/signup', async (context, next) => {
-    const { header, t } = context
-    const { domain } = context.state
-    const user = context.request.body
-
-    // try {
-    const { token } = await signup(
-      {
-        ...user,
-        context,
-        domain
-      },
-      true
-    )
-
-    const message = t('text.user registered successfully')
-    context.body = {
-      message,
-      token
-    }
-
-    setAccessTokenCookie(context, token)
-
-    if (accepts(header.accept, ['text/html', '*/*'])) {
-      await context.render('auth-page', {
-        pageElement: 'auth-result',
-        elementScript: '/auth/result.js',
-        data: {
-          message,
-          disableUserSignupProcess,
-          disableUserFavoredLanguage,
-          languages
-        }
-      })
-    }
-    // } catch (e) {
-    //   context.status = 401
-    //   context.body = e.message
-
-    //   if (accepts(header.accept, ['text/html', '*/*'])) {
-    //     await context.render('auth-page', {
-    //       pageElement: 'auth-signup',
-    //       elementScript: '/auth/signup.js',
-    //       data: {
-    //         message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,
-    //         passwordRule
-    //       }
-    //     })
-    //   }
-    // }
-  })
-}

package/server/router/index.ts

@@ -1,9 +0,0 @@
-export * from './auth-private-process-router'
-export * from './auth-public-process-router'
-export * from './path-base-domain-router'
-export * from './site-root-router'
-export * from './oauth2'
-export * from './auth-checkin-router'
-export * from './auth-signin-router'
-export * from './auth-signup-router'
-export * from './webauthn-router'

package/server/router/oauth2/index.ts

@@ -1,2 +0,0 @@
-export * from './oauth2-authorize-router'
-export * from './oauth2-router'

package/server/router/oauth2/oauth2-authorize-router.ts

@@ -1,81 +0,0 @@
-import Router from 'koa-router'
-
-import { getRepository } from '@things-factory/shell'
-import { config } from '@things-factory/env'
-
-import { Application } from '../../service/application/application'
-import { NonClient, server as oauth2orizeServer } from './oauth2-server'
-
-export const oauth2AuthorizeRouter = new Router()
-
-const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
-const languages = config.get('i18n/languages', false)
-
-// user authorization endpoint
-//
-// `authorization` middleware accepts a `validate` callback which is
-// responsible for validating the client making the authorization request.  In
-// doing so, is recommended that the `redirectURI` be checked against a
-// registered value, although security requirements may vary accross
-// implementations.  Once validated, the `done` callback must be invoked with
-// a `client` instance, as well as the `redirectURI` to which the user will be
-// redirected after an authorization decision is obtained.
-//
-// This middleware simply initializes a new authorization transaction.  It is
-// the application's responsibility to authenticate the user and render a dialog
-// to obtain their approval (displaying details about the client requesting
-// authorization).  We accomplish that here by routing through `ensureLoggedIn()`
-// first, and rendering the `dialog` view.
-
-oauth2AuthorizeRouter.get(
-  '/authorize',
-  oauth2orizeServer.authorize(async function (clientID, redirectURI) {
-    const client = await getRepository(Application).findOneBy({
-      appKey: clientID
-    })
-    // CONFIRM-ME redirectUrl 의 허용 범위는 ?
-    // if (!client.redirectUrl != redirectURI) {
-    //   return false
-    // }
-
-    return [client || NonClient, redirectURI]
-  }),
-  async function (context, next) {
-    const { oauth2, user, domain } = context.state
-
-    let pageElement: string = 'oauth2-decision'
-    let elementScript: string = '/oauth2/oauth2-decision-page.js'
-
-    if (oauth2.client.id === NonClient.id) {
-      pageElement = 'oauth2-decision-error'
-      elementScript = '/oauth2/oauth2-decision-error-page.js'
-    }
-
-    try {
-      await context.render('oauth2-page', {
-        pageElement,
-        elementScript,
-        data: {
-          domain,
-          oauth2: {
-            ...oauth2,
-            user: {
-              id: oauth2.user.id,
-              name: oauth2.user.name,
-              email: oauth2.user.email
-            }
-          },
-          disableUserFavoredLanguage,
-          languages
-        }
-      })
-      // await context.render(decisionPage, {
-      //   domain: domain,
-      //   ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals
-      //   availableScopes
-      // })
-    } catch (e) {
-      throw e
-    }
-  }
-)