npm - @things-factory/auth-base - Versions diffs - 8.0.0-beta.9 → 8.0.0 - Mend

@things-factory/auth-base 8.0.0-beta.9 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/client/actions/auth.ts +24 -0
package/client/auth.ts +272 -0
package/client/bootstrap.ts +47 -0
package/client/directive/privileged.ts +28 -0
package/client/index.ts +3 -0
package/client/profiled.ts +83 -0
package/client/reducers/auth.ts +31 -0
package/dist-client/index.d.ts +0 -1
package/dist-client/index.js +0 -1
package/dist-client/index.js.map +1 -1
package/dist-client/tsconfig.tsbuildinfo +1 -1
package/dist-server/constants/error-code.d.ts +0 -2
package/dist-server/constants/error-code.js +1 -3
package/dist-server/constants/error-code.js.map +1 -1
package/dist-server/controllers/change-pwd.js +2 -2
package/dist-server/controllers/change-pwd.js.map +1 -1
package/dist-server/controllers/delete-user.js +12 -13
package/dist-server/controllers/delete-user.js.map +1 -1
package/dist-server/controllers/invitation.d.ts +1 -2
package/dist-server/controllers/invitation.js +5 -30
package/dist-server/controllers/invitation.js.map +1 -1
package/dist-server/controllers/profile.d.ts +3 -4
package/dist-server/controllers/profile.js +2 -20
package/dist-server/controllers/profile.js.map +1 -1
package/dist-server/controllers/signin.d.ts +1 -4
package/dist-server/controllers/signin.js +1 -17
package/dist-server/controllers/signin.js.map +1 -1
package/dist-server/controllers/signup.js +4 -13
package/dist-server/controllers/signup.js.map +1 -1
package/dist-server/controllers/unlock-user.js +0 -1
package/dist-server/controllers/unlock-user.js.map +1 -1
package/dist-server/controllers/verification.js +0 -1
package/dist-server/controllers/verification.js.map +1 -1
package/dist-server/middlewares/signin-middleware.js +4 -9
package/dist-server/middlewares/signin-middleware.js.map +1 -1
package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
package/dist-server/migrations/1548206416130-SeedUser.js +1 -2
package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
package/dist-server/router/auth-checkin-router.js +2 -8
package/dist-server/router/auth-checkin-router.js.map +1 -1
package/dist-server/router/auth-private-process-router.js +7 -12
package/dist-server/router/auth-private-process-router.js.map +1 -1
package/dist-server/router/auth-public-process-router.js +9 -20
package/dist-server/router/auth-public-process-router.js.map +1 -1
package/dist-server/router/auth-signin-router.js +3 -3
package/dist-server/router/auth-signin-router.js.map +1 -1
package/dist-server/router/webauthn-router.js +1 -51
package/dist-server/router/webauthn-router.js.map +1 -1
package/dist-server/service/invitation/invitation-mutation.d.ts +2 -3
package/dist-server/service/invitation/invitation-mutation.js +8 -20
package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
package/dist-server/service/user/user-mutation.d.ts +9 -10
package/dist-server/service/user/user-mutation.js +54 -112
package/dist-server/service/user/user-mutation.js.map +1 -1
package/dist-server/service/user/user-types.d.ts +0 -1
package/dist-server/service/user/user-types.js +0 -4
package/dist-server/service/user/user-types.js.map +1 -1
package/dist-server/service/user/user.d.ts +0 -1
package/dist-server/service/user/user.js +14 -40
package/dist-server/service/user/user.js.map +1 -1
package/dist-server/templates/account-unlock-email.d.ts +1 -2
package/dist-server/templates/account-unlock-email.js +1 -1
package/dist-server/templates/account-unlock-email.js.map +1 -1
package/dist-server/templates/invitation-email.d.ts +1 -2
package/dist-server/templates/invitation-email.js +1 -1
package/dist-server/templates/invitation-email.js.map +1 -1
package/dist-server/templates/verification-email.d.ts +1 -2
package/dist-server/templates/verification-email.js +1 -1
package/dist-server/templates/verification-email.js.map +1 -1
package/dist-server/tsconfig.tsbuildinfo +1 -1
package/package.json +6 -6
package/server/constants/error-code.ts +20 -0
package/server/constants/error-message.ts +0 -0
package/server/constants/max-age.ts +1 -0
package/server/controllers/auth.ts +5 -0
package/server/controllers/change-pwd.ts +99 -0
package/server/controllers/checkin.ts +21 -0
package/server/controllers/delete-user.ts +68 -0
package/server/controllers/invitation.ts +132 -0
package/server/controllers/profile.ts +28 -0
package/server/controllers/reset-password.ts +126 -0
package/server/controllers/signin.ts +79 -0
package/server/controllers/signup.ts +60 -0
package/server/controllers/unlock-user.ts +61 -0
package/server/controllers/utils/make-invitation-token.ts +5 -0
package/server/controllers/utils/make-verification-token.ts +4 -0
package/server/controllers/utils/password-rule.ts +120 -0
package/server/controllers/utils/save-invitation-token.ts +10 -0
package/server/controllers/utils/save-verification-token.ts +12 -0
package/server/controllers/verification.ts +83 -0
package/server/errors/auth-error.ts +24 -0
package/server/errors/index.ts +2 -0
package/server/errors/user-domain-not-match-error.ts +29 -0
package/server/index.ts +37 -0
package/server/middlewares/authenticate-401-middleware.ts +114 -0
package/server/middlewares/domain-authenticate-middleware.ts +78 -0
package/server/middlewares/graphql-authenticate-middleware.ts +13 -0
package/server/middlewares/index.ts +67 -0
package/server/middlewares/jwt-authenticate-middleware.ts +84 -0
package/server/middlewares/signin-middleware.ts +55 -0
package/server/middlewares/webauthn-middleware.ts +127 -0
package/server/migrations/1548206416130-SeedUser.ts +59 -0
package/server/migrations/1566805283882-SeedPrivilege.ts +28 -0
package/server/migrations/index.ts +9 -0
package/server/router/auth-checkin-router.ts +107 -0
package/server/router/auth-private-process-router.ts +107 -0
package/server/router/auth-public-process-router.ts +302 -0
package/server/router/auth-signin-router.ts +55 -0
package/server/router/auth-signup-router.ts +95 -0
package/server/router/index.ts +9 -0
package/server/router/oauth2/index.ts +2 -0
package/server/router/oauth2/oauth2-authorize-router.ts +81 -0
package/server/router/oauth2/oauth2-router.ts +165 -0
package/server/router/oauth2/oauth2-server.ts +262 -0
package/server/router/oauth2/passport-oauth2-client-password.ts +87 -0
package/server/router/oauth2/passport-refresh-token.ts +87 -0
package/server/router/path-base-domain-router.ts +8 -0
package/server/router/site-root-router.ts +48 -0
package/server/router/webauthn-router.ts +87 -0
package/server/routes.ts +80 -0
package/server/service/app-binding/app-binding-mutation.ts +22 -0
package/server/service/app-binding/app-binding-query.ts +92 -0
package/server/service/app-binding/app-binding-types.ts +11 -0
package/server/service/app-binding/app-binding.ts +17 -0
package/server/service/app-binding/index.ts +4 -0
package/server/service/appliance/appliance-mutation.ts +113 -0
package/server/service/appliance/appliance-query.ts +76 -0
package/server/service/appliance/appliance-types.ts +56 -0
package/server/service/appliance/appliance.ts +133 -0
package/server/service/appliance/index.ts +6 -0
package/server/service/application/application-mutation.ts +104 -0
package/server/service/application/application-query.ts +98 -0
package/server/service/application/application-types.ts +76 -0
package/server/service/application/application.ts +216 -0
package/server/service/application/index.ts +6 -0
package/server/service/auth-provider/auth-provider-mutation.ts +159 -0
package/server/service/auth-provider/auth-provider-parameter-spec.ts +24 -0
package/server/service/auth-provider/auth-provider-query.ts +88 -0
package/server/service/auth-provider/auth-provider-type.ts +67 -0
package/server/service/auth-provider/auth-provider.ts +155 -0
package/server/service/auth-provider/index.ts +7 -0
package/server/service/domain-generator/domain-generator-mutation.ts +117 -0
package/server/service/domain-generator/domain-generator-types.ts +46 -0
package/server/service/domain-generator/index.ts +3 -0
package/server/service/granted-role/granted-role-mutation.ts +156 -0
package/server/service/granted-role/granted-role-query.ts +60 -0
package/server/service/granted-role/granted-role.ts +27 -0
package/server/service/granted-role/index.ts +6 -0
package/server/service/index.ts +90 -0
package/server/service/invitation/index.ts +6 -0
package/server/service/invitation/invitation-mutation.ts +63 -0
package/server/service/invitation/invitation-query.ts +33 -0
package/server/service/invitation/invitation-types.ts +11 -0
package/server/service/invitation/invitation.ts +63 -0
package/server/service/login-history/index.ts +5 -0
package/server/service/login-history/login-history-query.ts +51 -0
package/server/service/login-history/login-history-type.ts +12 -0
package/server/service/login-history/login-history.ts +45 -0
package/server/service/partner/index.ts +6 -0
package/server/service/partner/partner-mutation.ts +61 -0
package/server/service/partner/partner-query.ts +102 -0
package/server/service/partner/partner-types.ts +11 -0
package/server/service/partner/partner.ts +57 -0
package/server/service/password-history/index.ts +3 -0
package/server/service/password-history/password-history.ts +16 -0
package/server/service/privilege/index.ts +6 -0
package/server/service/privilege/privilege-directive.ts +77 -0
package/server/service/privilege/privilege-mutation.ts +92 -0
package/server/service/privilege/privilege-query.ts +94 -0
package/server/service/privilege/privilege-types.ts +60 -0
package/server/service/privilege/privilege.ts +102 -0
package/server/service/role/index.ts +6 -0
package/server/service/role/role-mutation.ts +109 -0
package/server/service/role/role-query.ts +155 -0
package/server/service/role/role-types.ts +81 -0
package/server/service/role/role.ts +72 -0
package/server/service/user/domain-query.ts +24 -0
package/server/service/user/index.ts +7 -0
package/server/service/user/user-mutation.ts +413 -0
package/server/service/user/user-query.ts +145 -0
package/server/service/user/user-types.ts +97 -0
package/server/service/user/user.ts +354 -0
package/server/service/users-auth-providers/index.ts +5 -0
package/server/service/users-auth-providers/users-auth-providers.ts +71 -0
package/server/service/verification-token/index.ts +3 -0
package/server/service/verification-token/verification-token.ts +60 -0
package/server/service/web-auth-credential/index.ts +3 -0
package/server/service/web-auth-credential/web-auth-credential.ts +67 -0
package/server/templates/account-unlock-email.ts +65 -0
package/server/templates/invitation-email.ts +66 -0
package/server/templates/reset-password-email.ts +65 -0
package/server/templates/verification-email.ts +66 -0
package/server/types.ts +21 -0
package/server/utils/accepts.ts +11 -0
package/server/utils/access-token-cookie.ts +61 -0
package/server/utils/check-permission.ts +52 -0
package/server/utils/check-user-belongs-domain.ts +19 -0
package/server/utils/check-user-has-role.ts +29 -0
package/server/utils/encrypt-state.ts +22 -0
package/server/utils/get-aes-256-key.ts +13 -0
package/server/utils/get-domain-from-hostname.ts +7 -0
package/server/utils/get-domain-users.ts +38 -0
package/server/utils/get-secret.ts +13 -0
package/server/utils/get-user-domains.ts +112 -0
package/translations/en.json +1 -5
package/translations/ja.json +1 -5
package/translations/ko.json +3 -6
package/translations/ms.json +1 -5
package/translations/zh.json +1 -5
package/dist-client/verify-webauthn.d.ts +0 -13
package/dist-client/verify-webauthn.js +0 -72
package/dist-client/verify-webauthn.js.map +0 -1

package/server/router/webauthn-router.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import Router from 'koa-router'
+import { getRepository } from '@things-factory/shell'
+import { appPackage } from '@things-factory/env'
+import { generateRegistrationOptions, generateAuthenticationOptions } from '@simplewebauthn/server'
+import { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'
+import {
+  PublicKeyCredentialCreationOptionsJSON,
+} from '@simplewebauthn/server/script/deps'
+import { setAccessTokenCookie } from '../utils/access-token-cookie'
+import { createWebAuthnMiddleware } from '../middlewares/webauthn-middleware';
+export const webAuthnGlobalPublicRouter = new Router()
+export const webAuthnGlobalPrivateRouter = new Router()
+const { name: rpName } = appPackage as any
+webAuthnGlobalPrivateRouter.get('/auth/register-webauthn/challenge', async (context, next) => {
+  const { user } = context.state
+  const rpID = context.hostname
+  const webAuthCredentials = await getRepository(WebAuthCredential).find({
+    where: {
+      user: { id: user.id }
+    }
+  })
+  const options: PublicKeyCredentialCreationOptionsJSON = await generateRegistrationOptions({
+    rpName,
+    rpID,
+    userName: user.email,
+    userDisplayName: user.name,
+    // Don't prompt users for additional information about the authenticator
+    // (Recommended for smoother UX)
+    attestationType: 'none',
+    // Prevent users from re-registering existing authenticators
+    excludeCredentials: webAuthCredentials.map(credential => ({
+      id: credential.credentialId
+      // Optional
+      // transports: credential.transports
+    })),
+    authenticatorSelection: {
+      // Defaults
+      residentKey: 'preferred',
+      userVerification: 'preferred',
+      // Optional
+      authenticatorAttachment: 'platform'
+    }
+  })
+  context.session.challenge = options.challenge
+  context.body = options
+})
+webAuthnGlobalPrivateRouter.post('/auth/verify-registration', createWebAuthnMiddleware('webauthn-register'));
+webAuthnGlobalPublicRouter.get('/auth/signin-webauthn/challenge', async (context, next) => {
+  const rpID = context.hostname
+  const options = await generateAuthenticationOptions({
+    rpID,
+    userVerification: 'preferred'
+  })
+  context.session.challenge = options.challenge
+  context.body = options
+})
+webAuthnGlobalPublicRouter.post(
+  '/auth/signin-webauthn', createWebAuthnMiddleware('webauthn-login'),
+  async (context, next) => {
+    const { domain, user } = context. state
+    const { request } = context
+    const { body: reqBody } = request
+    const token = await user.sign({ subdomain: domain?.subdomain })
+    setAccessTokenCookie(context, token)
+    var redirectURL = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(reqBody.redirectTo || '/')}`
+    /* 2단계 인터렉션 때문에 브라우저에서 fetch(...)로 진행될 것이므로, redirect(3xx) 응답으로 처리할 수 없다. 따라서, 데이타로 redirectURL를 응답한다. */
+    context.body = { redirectURL, verified: true }
+    await next();
+  }
+)

package/server/routes.ts ADDED Viewed

@@ -0,0 +1,80 @@
+import { config } from '@things-factory/env'
+import { domainAuthenticateMiddleware, jwtAuthenticateMiddleware } from './middlewares'
+import {
+  authCheckinRouter,
+  authPrivateProcessRouter,
+  authPublicProcessRouter,
+  authSigninRouter,
+  authSignupRouter,
+  oauth2AuthorizeRouter,
+  oauth2Router,
+  pathBaseDomainRouter,
+  siteRootRouter,
+  webAuthnGlobalPublicRouter,
+  webAuthnGlobalPrivateRouter
+} from './router'
+import { setAccessTokenCookie } from './utils/access-token-cookie'
+const isPathBaseDomain = !config.get('subdomain') && !config.get('useVirtualHostBasedDomain')
+process.on('bootstrap-module-global-public-route' as any, (app, globalPublicRouter) => {
+  globalPublicRouter.use(siteRootRouter.routes(), siteRootRouter.allowedMethods())
+  globalPublicRouter.use(authPublicProcessRouter.routes(), authPublicProcessRouter.allowedMethods())
+  /* ssoMiddleware가 정의되어있다면, /auth/sso-signin 패스를 활성화한다. */
+  if (app.ssoMiddlewares.length > 0) {
+    authSigninRouter.get('/auth/sso-signin', app.ssoMiddlewares[0], async context => {
+      const { user } = context.state
+      const token = await user.sign()
+      setAccessTokenCookie(context, token)
+      context.redirect('/auth/checkin')
+    })
+  }
+})
+process.on('bootstrap-module-global-private-route' as any, (app, globalPrivateRouter) => {
+  globalPrivateRouter.use(jwtAuthenticateMiddleware)
+  /* globalPrivateRouter based nested-routers */
+  globalPrivateRouter.use(authCheckinRouter.routes(), authCheckinRouter.allowedMethods())
+  globalPrivateRouter.use(authPrivateProcessRouter.routes(), authPrivateProcessRouter.allowedMethods())
+  globalPrivateRouter.use(webAuthnGlobalPrivateRouter.routes(), webAuthnGlobalPrivateRouter.allowedMethods())
+})
+process.on('bootstrap-module-domain-public-route' as any, (app, domainPublicRouter) => {
+  /* domainPublicRouter based nested-routers */
+  domainPublicRouter.use(authSigninRouter.routes(), authSigninRouter.allowedMethods())
+  domainPublicRouter.use(authSignupRouter.routes(), authSignupRouter.allowedMethods())
+  domainPublicRouter.use(webAuthnGlobalPublicRouter.routes(), webAuthnGlobalPublicRouter.allowedMethods())
+  /* path '/admin/oauth/...' is deprecated. should use path '/oauth/...' for oauth2 related routing */
+  domainPublicRouter.use('/oauth', oauth2Router.routes(), oauth2Router.allowedMethods()) // if i use context
+})
+process.on('bootstrap-module-domain-private-route' as any, (app, domainPrivateRouter) => {
+  domainPrivateRouter.use(jwtAuthenticateMiddleware)
+  domainPrivateRouter.use(domainAuthenticateMiddleware)
+  /* domainPrivateRouter based nested-routers */
+  if (isPathBaseDomain) {
+    // pathBaseDomainRouter는 history-fallback의 경우에 인증 처리를 하기 위한 라우터이다.
+    // (보통, URL 링크등을 통해서 domain path URL로 바로 요청하는 경우에 해당한다.)
+    // pathBaseDomainRouter는 domain path를 domain-private-router를 사용하는 것을 전제로 한다.
+    domainPrivateRouter.use('/domain/:domain/oauth', oauth2AuthorizeRouter.routes(), oauth2AuthorizeRouter.allowedMethods())
+    domainPrivateRouter.use('/domain', pathBaseDomainRouter.routes(), pathBaseDomainRouter.allowedMethods())
+  }
+  // Client Routing : path 확장자가 없는 경우는 대부분 client 라우팅에 해당한다.
+  // 즉, browser-history-fallback 으로 index.html을 send 하는 경우에, 사용자 로그인이 필요한 경우에,
+  // 화면깜박임없이 signin page로 redirect 하고자하는 목적의 설정이다.
+  // domain-private 라우트를 통과하고 싶지 않다면, regexp를 조정한다.
+  // '(.[^.]+)' 은 '', '/'는 제외하고, '/xxx', '/yyy/zzz' 등 모두를 포함하지만, path에 '.'가 있는 경우는 제외한다.
+  // (테스트는 여기서 : http://forbeslindesay.github.io/express-route-tester/)
+  domainPrivateRouter.get('(.[^.]+)', async (context, next) => {
+    await next()
+  })
+})

package/server/service/app-binding/app-binding-mutation.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { Arg, Ctx, Mutation, Resolver } from 'type-graphql'
+import { getRepository } from '@things-factory/shell'
+import { User } from '../user/user'
+import { AppBinding } from './app-binding'
+@Resolver(AppBinding)
+export class AppBindingMutation {
+  @Mutation(returns => Boolean)
+  async deleteAppBinding(@Arg('id') id: string, @Ctx() context: ResolverContext) {
+    const { domain } = context.state
+    // TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
+    // TODO 다른 도메인에도 포함되어있다면, domains-users 관게와 해당 도메인 관련 정보만 삭제해야 함.
+    await getRepository(User).delete({
+      id
+    })
+    return true
+  }
+}

package/server/service/app-binding/app-binding-query.ts ADDED Viewed

@@ -0,0 +1,92 @@
+import { Arg, Args, Ctx, FieldResolver, Query, Resolver, Root } from 'type-graphql'
+import { SelectQueryBuilder } from 'typeorm'
+import { buildQuery, getRepository, ListParam } from '@things-factory/shell'
+import { buildDomainUsersQueryBuilder } from '../../utils/get-domain-users'
+import { Application } from '../application/application'
+import { User } from '../user/user'
+import { UserList } from '../user/user-types'
+import { AppBinding } from './app-binding'
+import { AppBindingList } from './app-binding-types'
+@Resolver(AppBinding)
+export class AppBindingQuery {
+  @Query(returns => AppBinding)
+  async appBinding(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<User> {
+    const { domain } = context.state
+    // TODO should check domain is available
+    return await getRepository(User).findOneBy({ id, userType: 'application' })
+  }
+  /* TODO optimize query */
+  @Query(returns => AppBindingList)
+  async appBindings(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<UserList> {
+    const { domain } = context.state
+    // const convertedParams = convertListParams(params)
+    // convertedParams.where = {
+    //   ...convertedParams.where,
+    //   userType: 'application'
+    // } as any
+    const alias: string = 'USER'
+    const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id, alias)
+    buildQuery(qb, params, null, { domainRef: false })
+    var [items] = await qb
+      // .leftJoinAndSelect(`${alias}.roles`, 'ROLES')
+      // .leftJoinAndSelect(`${alias}.creator`, 'CREATOR')
+      // .leftJoinAndSelect(`${alias}.updater`, 'UPDATER')
+      .getManyAndCount()
+    items = items.filter((user: User) => user.userType == 'application')
+    // var boundApps = await Promise.all(
+    //   items
+    //     .filter((user: User) => user.userType == 'application')
+    //     .map(async (user: User) => {
+    //       const email = user.email
+    //       const appKey = email.substr(0, email.lastIndexOf('@'))
+    //       const application = await getRepository(Application).findOneBy({
+    //         appKey
+    //       })
+    //       return {
+    //         ...user,
+    //         application,
+    //         scope: user.roles.map(role => role.name).join(','),
+    //         refreshToken: user.password
+    //       }
+    //     })
+    // )
+    return { items, total: items.length }
+  }
+  @FieldResolver(type => Application)
+  async application(@Root() appBinding: AppBinding): Promise<Application> {
+    return await getRepository(Application).findOneBy({ id: appBinding.reference })
+  }
+  @FieldResolver(type => String)
+  async scope(@Root() appBinding: AppBinding): Promise<string> {
+    const u = await getRepository(User).findOne({ where: { reference: appBinding.reference }, relations: ['roles'] })
+    return u.roles.map(role => role.name).join(',')
+  }
+  @FieldResolver(type => String)
+  async refreshToken(@Root() appBinding: AppBinding): Promise<string> {
+    return appBinding.password
+  }
+  @FieldResolver(type => User)
+  async updater(@Root() appBinding: AppBinding): Promise<User> {
+    return await getRepository(User).findOneBy({ id: appBinding.updaterId })
+  }
+  @FieldResolver(type => User)
+  async creator(@Root() appBinding: AppBinding): Promise<User> {
+    return await getRepository(User).findOneBy({ id: appBinding.creatorId })
+  }
+}

package/server/service/app-binding/app-binding-types.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { Field, Int, ObjectType } from 'type-graphql'
+import { AppBinding } from './app-binding'
+@ObjectType()
+export class AppBindingList {
+  @Field(type => [AppBinding], { nullable: true })
+  items?: [AppBinding]
+  @Field(type => Int, { nullable: true })
+  total?: number
+}

package/server/service/app-binding/app-binding.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { ObjectType, Field, Directive } from 'type-graphql'
+import { Domain } from '@things-factory/shell'
+import { Application } from '../application/application'
+import { User, UserStatus } from '../user/user'
+@ObjectType()
+export class AppBinding extends User {
+  @Field({ nullable: true })
+  application: Application
+  @Field({ nullable: true })
+  scope: string
+  @Field({ nullable: true })
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  refreshToken: string
+}

package/server/service/app-binding/index.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AppBindingQuery } from './app-binding-query'
+import { AppBindingMutation } from './app-binding-mutation'
+export const resolvers = [AppBindingQuery, AppBindingMutation]

package/server/service/appliance/appliance-mutation.ts ADDED Viewed

@@ -0,0 +1,113 @@
+import { Directive, Arg, Ctx, Mutation, Resolver } from 'type-graphql'
+import { getRepository } from '@things-factory/shell'
+import { User, UserStatus } from '../user/user'
+import { Appliance } from './appliance'
+import { AppliancePatch, NewAppliance } from './appliance-types'
+const crypto = require('crypto')
+@Resolver(Appliance)
+export class ApplianceMutation {
+  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Appliance, { description: 'To create new appliance' })
+  async createAppliance(
+    @Arg('appliance') appliance: NewAppliance,
+    @Ctx() context: ResolverContext
+  ): Promise<Appliance> {
+    return await getRepository(Appliance).save({
+      domain: context.state.domain,
+      creator: context.state.user,
+      updater: context.state.user,
+      ...appliance
+    })
+  }
+  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Boolean, { description: 'To delete appliance' })
+  async deleteAppliance(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<Boolean> {
+    const { domain } = context.state
+    // TODO 이 사용자가 이 도메인에 속한 사용자인지 확인해야함.
+    // TODO 다른 도메인에도 포함되어있다면, domains-users 관게와 해당 도메인 관련 정보만 삭제해야 함.
+    await getRepository(User).delete({
+      reference: id,
+      userType: 'appliance'
+    })
+    await getRepository(Appliance).delete({ domain: { id: domain.id }, id })
+    return true
+  }
+  @Directive('@privilege(category: "security", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Appliance)
+  async generateApplianceSecret(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<Appliance> {
+    const { domain, user } = context.state
+    const appliance: Appliance = await getRepository(Appliance).findOneBy({ domain: { id: domain.id }, id })
+    const appuserEmail = `${crypto.randomUUID()}@${domain?.subdomain}`
+    let appuser: User = await getRepository(User).findOne({
+      where: {
+        reference: id,
+        userType: 'appliance'
+      },
+      relations: ['domains']
+    })
+    if (!appuser) {
+      /* newly create appuser */
+      appuser = await getRepository(User).save({
+        email: appuserEmail,
+        name: appliance.name,
+        userType: 'appliance',
+        reference: id,
+        status: UserStatus.ACTIVATED,
+        domains: [domain],
+        updater: user,
+        creator: user
+      })
+    }
+    if (!appuser.domains.find(d => d.id === domain.id)) {
+      context.throw(401, 'appliance is not allowed for this domain')
+    }
+    appuser.password = Appliance.generateAccessToken(domain, appuser, appliance)
+    await getRepository(User).save(appuser)
+    return await getRepository(Appliance).save({
+      ...appliance,
+      accessToken: appuser.password,
+      updater: user
+    })
+  }
+  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Appliance)
+  async updateAppliance(
+    @Arg('id') id: string,
+    @Arg('patch') patch: AppliancePatch,
+    @Ctx() context: ResolverContext
+  ): Promise<Appliance> {
+    const { domain } = context.state
+    const applianceRepository = getRepository(Appliance)
+    const userRepository = getRepository(User)
+    const appliance = await applianceRepository.findOne({ where: { domain: { id: domain.id }, id } })
+    const user = await userRepository.findOne({ where: { reference: id, userType: 'appliance' } })
+    userRepository.save({
+      ...user,
+      name: patch?.name || user.name
+    })
+    return await applianceRepository.save({
+      ...appliance,
+      ...patch,
+      updater: context.state.user
+    })
+  }
+}

package/server/service/appliance/appliance-query.ts ADDED Viewed

@@ -0,0 +1,76 @@
+import { Arg, Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
+import { getQueryBuilderFromListParams, Domain, getRepository, ListParam } from '@things-factory/shell'
+import { Appliance } from '../appliance/appliance'
+import { User } from '../user/user'
+import { ApplianceList } from './appliance-types'
+@Resolver(Appliance)
+export class ApplianceQuery {
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => Appliance, { description: ' To fetch appliance' })
+  async appliance(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<Appliance> {
+    const { domain } = context.state
+    return await getRepository(Appliance).findOneBy({ domain: { id: domain.id }, id })
+  }
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => ApplianceList, { description: 'To fetch multiple appliance' })
+  async appliances(
+    @Args(type => ListParam) params: ListParam,
+    @Ctx() context: ResolverContext
+  ): Promise<ApplianceList> {
+    const { domain } = context.state
+    const queryBuilder = getQueryBuilderFromListParams({
+      domain,
+      params,
+      repository: getRepository(Appliance),
+      alias: 'appliance',
+      searchables: ['name', 'description']
+    })
+    const [items, total] = await queryBuilder.getManyAndCount()
+    return { items, total }
+  }
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => ApplianceList, { description: 'To fetch multiple appliance' })
+  async edges(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<ApplianceList> {
+    const { domain } = context.state
+    const queryBuilder = getQueryBuilderFromListParams({
+      domain,
+      params,
+      repository: getRepository(Appliance),
+      alias: 'appliance',
+      searchables: ['name', 'description']
+    })
+    const [items, total] = await queryBuilder.getManyAndCount()
+    return { items, total }
+  }
+  @FieldResolver(type => String)
+  async accessToken(@Root() appliance: Appliance, @Ctx() context: ResolverContext) {
+    return appliance.accessToken
+  }
+  @FieldResolver(type => Domain)
+  async domain(@Ctx() context: ResolverContext) {
+    return context.state.domain
+  }
+  @FieldResolver(type => User)
+  async updater(@Root() appliance: Appliance): Promise<User> {
+    return await getRepository(User).findOneBy({ id: appliance.updaterId })
+  }
+  @FieldResolver(type => User)
+  async creator(@Root() appliance: Appliance): Promise<User> {
+    return await getRepository(User).findOneBy({ id: appliance.creatorId })
+  }
+}

package/server/service/appliance/appliance-types.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { ObjectType, InputType, Field, ID, Int } from 'type-graphql'
+import { Appliance } from './appliance'
+@ObjectType()
+export class ApplianceList {
+  @Field(type => [Appliance], { nullable: true })
+  items?: Appliance[]
+  @Field(type => Int, { nullable: true })
+  total?: number
+}
+@InputType()
+export class AppliancePatch {
+  @Field(type => ID, { nullable: true })
+  id?: string
+  @Field({ nullable: true })
+  serialNo?: string
+  @Field({ nullable: true })
+  name?: string
+  @Field({ nullable: true })
+  brand?: string
+  @Field({ nullable: true })
+  model?: string
+  @Field({ nullable: true })
+  description?: string
+  @Field({ nullable: true })
+  netmask?: string
+}
+@InputType()
+export class NewAppliance {
+  @Field()
+  serialNo: string
+  @Field()
+  name: string
+  @Field()
+  brand: string
+  @Field()
+  model: string
+  @Field({ nullable: true })
+  description?: string
+  @Field({ nullable: true })
+  netmask?: string
+}