@things-factory/auth-base 8.0.0-beta.9 → 8.0.0

package/server/service/partner/partner-mutation.ts

@@ -0,0 +1,61 @@
+import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
+
+import { Domain, getRepository } from '@things-factory/shell'
+
+import { terminateGrantedRoles } from '../granted-role/granted-role-mutation'
+import { Partner } from './partner'
+
+@Resolver(Partner)
+export class PartnerMutation {
+  @Directive('@privilege(category: "partner", privilege: "mutation")')
+  @Mutation(returns => Boolean)
+  async inviteCustomer(@Arg('customerDomainName') customerDomainName: string, @Ctx() context: ResolverContext) {
+    // 1. Try to find existing customer
+    const { domain, user } = context.state
+    const customerDomain: Domain = await getRepository(Domain).findOne({ where: { name: customerDomainName } })
+    if (!customerDomain) throw new Error(`There's no customer which has ${customerDomainName} as name`)
+
+    const isExistingCustomer: boolean = Boolean(
+      await getRepository(Partner).count({
+        where: { domain: { id: domain.id }, partnerDomain: { id: customerDomain.id } }
+      })
+    )
+    if (isExistingCustomer) throw new Error('Partner is registered as customer already')
+
+    await getRepository(Partner).save({
+      domain,
+      partnerDomain: customerDomain,
+      requester: user,
+      approver: user
+    })
+
+    return true
+  }
+
+  @Directive('@privilege(category: "partner", privilege: "mutation")')
+  @Directive('@transaction')
+  @Mutation(returns => Boolean)
+  async terminateContract(@Arg('partnerName') partnerName: string, @Ctx() context: ResolverContext) {
+    const { tx, domain } = context.state
+
+    // Find partnerDomain
+    const partnerDomain: Domain = await tx.getRepository(Domain).findOne({
+      where: { name: partnerName }
+    })
+    if (!partnerDomain) throw new Error(context.t('error.failed to find x', { x: context.t('label.partner') }))
+
+    // Find partner
+    const partner: Partner = await tx.getRepository(Partner).findOne({
+      where: { domain: { id: domain.id }, partnerDomain: { id: partnerDomain.id } }
+    })
+    if (!partner) throw new Error(context.t('error.failed to find x', { x: context.t('label.partner') }))
+
+    // Remove record from partner
+    await tx.getRepository(Partner).delete(partner.id)
+
+    // Remove granted roles
+    await terminateGrantedRoles(domain, partnerDomain, tx)
+
+    return true
+  }
+}

package/server/service/partner/partner-query.ts

@@ -0,0 +1,102 @@
+import { Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
+import { SelectQueryBuilder } from 'typeorm'
+
+import { Domain, DomainList, getRepository, ListParam, getQueryBuilderFromListParams } from '@things-factory/shell'
+
+import { checkUserBelongsDomain } from '../../utils/check-user-belongs-domain'
+import { User } from '../user/user'
+import { Partner } from './partner'
+import { PartnerList } from './partner-types'
+
+@Resolver(Partner)
+export class PartnerQuery {
+  @Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
+  @Query(returns => PartnerList)
+  async partners(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<PartnerList> {
+    if (await checkUserBelongsDomain(context.state.domain, context.state.user)) {
+      const { domain } = context.state
+
+      const queryBuilder = getQueryBuilderFromListParams({
+        domain,
+        params,
+        repository: getRepository(Partner),
+        alias: 'partner'
+      })
+
+      const [items, total] = await queryBuilder.getManyAndCount()
+
+      return { items, total }
+    } else {
+      throw new Error(`User doesn't belong in current domain`)
+    }
+  }
+
+  @Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
+  @Query(returns => [Domain])
+  async customers(@Ctx() context: ResolverContext): Promise<Domain[]> {
+    const { domain } = context.state
+    const partners: Partner[] = await getRepository(Partner).find({
+      where: { domain: { id: domain.id } },
+      relations: ['partnerDomain']
+    })
+
+    return partners.map((p: Partner) => p.partnerDomain)
+  }
+
+  @Directive('@privilege(category: "partner", privilege: "query")')
+  @Query(returns => DomainList)
+  async searchCustomers(
+    @Args(type => ListParam) params: ListParam,
+    @Ctx() context: ResolverContext
+  ): Promise<DomainList> {
+    const { domain } = context.state
+    const partners: Partner[] = await getRepository(Partner).find({
+      where: { domain: { id: domain.id } },
+      relations: ['partnerDomain']
+    })
+
+    const qb: SelectQueryBuilder<Domain> = await getQueryBuilderFromListParams({
+      repository: getRepository(Domain),
+      params,
+      searchables: ['name', 'description']
+    })
+
+    qb.andWhereInIds(partners.map((p: Partner) => p.partnerDomain.id))
+    const [items, total] = await qb.getManyAndCount()
+    return { items, total }
+  }
+
+  @Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
+  @Query(returns => [Domain])
+  async vendors(@Ctx() context: ResolverContext): Promise<Domain[]> {
+    const { domain } = context.state
+    const qb: SelectQueryBuilder<Partner> = getRepository(Partner).createQueryBuilder('PARTNER')
+    const partners: Partner[] = await qb
+      .leftJoinAndSelect('PARTNER.domain', 'DOMAIN')
+      .leftJoinAndSelect('PARTNER.partnerDomain', 'P_DOMAIN')
+      .where('P_DOMAIN.id = :domainId', { domainId: domain.id })
+      .getMany()
+
+    return partners.map((p: Partner) => p.domain)
+  }
+
+  @FieldResolver()
+  async domain(@Root() partner: Partner) {
+    return await getRepository(Domain).findOneBy({ id: partner.domainId })
+  }
+
+  @FieldResolver()
+  async partnerDomain(@Root() partner: Partner) {
+    return await getRepository(Domain).findOneBy({ id: partner.partnerDomainId })
+  }
+
+  @FieldResolver()
+  async requester(@Root() partner: Partner) {
+    return await getRepository(User).findOneBy({ id: partner.requesterId })
+  }
+
+  @FieldResolver()
+  async approver(@Root() partner: Partner) {
+    return await getRepository(User).findOneBy({ id: partner.approverId })
+  }
+}

package/server/service/partner/partner-types.ts

@@ -0,0 +1,11 @@
+import { Field, Int, ObjectType } from 'type-graphql'
+import { Partner } from './partner'
+
+@ObjectType()
+export class PartnerList {
+  @Field(type => [Partner], { nullable: true })
+  items: Partner[]
+
+  @Field(type => Int, { nullable: true })
+  total: number
+}

package/server/service/partner/partner.ts

@@ -0,0 +1,57 @@
+import { Domain } from '@things-factory/shell'
+import {
+  CreateDateColumn,
+  Entity,
+  Index,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+  RelationId
+} from 'typeorm'
+import { ObjectType, Field, ID } from 'type-graphql'
+import { User } from '../user/user'
+
+@Entity()
+@Index('ix_partner_0', (partner: Partner) => [partner.domain, partner.partnerDomain], { unique: true })
+@ObjectType()
+export class Partner {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id: string
+
+  @ManyToOne(type => Domain)
+  @Field(type => Domain)
+  domain?: Domain
+
+  @RelationId((partner: Partner) => partner.domain)
+  domainId: string
+
+  @ManyToOne(type => Domain)
+  @Field(type => Domain)
+  partnerDomain?: Domain
+
+  @RelationId((partner: Partner) => partner.partnerDomain)
+  partnerDomainId: string
+
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  requestedAt: Date
+
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  approvedAt: Date
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field({ nullable: true })
+  requester: User
+
+  @RelationId((partner: Partner) => partner.requester)
+  requesterId: string
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field({ nullable: true })
+  approver: User
+
+  @RelationId((partner: Partner) => partner.approver)
+  approverId: string
+}

package/server/service/password-history/index.ts

@@ -0,0 +1,3 @@
+import { PasswordHistory } from './password-history'
+
+export const entities = [PasswordHistory]

package/server/service/password-history/password-history.ts

@@ -0,0 +1,16 @@
+import { Entity, Column, PrimaryColumn } from 'typeorm'
+import { ObjectType, Field, ID } from 'type-graphql'
+
+@Entity()
+@ObjectType()
+export class PasswordHistory {
+  @PrimaryColumn()
+  @Field(type => ID)
+  userId: string
+
+  @Column({
+    nullable: true
+  })
+  @Field({ nullable: true })
+  history: string
+}

package/server/service/privilege/index.ts

@@ -0,0 +1,6 @@
+import { Privilege } from './privilege'
+import { PrivilegeQuery } from './privilege-query'
+import { PrivilegeMutation } from './privilege-mutation'
+
+export const entities = [Privilege]
+export const resolvers = [PrivilegeQuery, PrivilegeMutation]

package/server/service/privilege/privilege-directive.ts

@@ -0,0 +1,77 @@
+import { defaultFieldResolver, GraphQLSchema } from 'graphql'
+import gql from 'graphql-tag'
+
+import { getDirective, MapperKind, mapSchema } from '@graphql-tools/utils'
+import { checkPermission } from '../../utils/check-permission'
+
+process['PRIVILEGES'] = {}
+
+const DIRECTIVE = 'privilege'
+
+export const privilegeDirectiveTypeDefs = gql`
+  directive @privilege(
+    category: String
+    privilege: String
+    domainOwnerGranted: Boolean
+    superUserGranted: Boolean
+  ) on FIELD_DEFINITION
+`
+export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
+  mapSchema(schema, {
+    [MapperKind.OBJECT_FIELD]: (fieldConfig, fieldName, typeName, schema) => {
+      const privilegeDirective = getDirective(schema, fieldConfig, DIRECTIVE)?.[0]
+      if (privilegeDirective) {
+        const { resolve = defaultFieldResolver, args } = fieldConfig
+
+        if (!args) {
+          throw new Error(`Unexpected Error. args should be defined in @privilege directive for field ${fieldName}.`)
+        }
+
+        const { domainOwnerGranted, superUserGranted, category, privilege } = privilegeDirective
+        if (category && privilege) {
+          process['PRIVILEGES'][`${category} ${privilege}`] = [category, privilege]
+        }
+
+        // 필드의 기존 description 가져오기
+        const existingDescription = fieldConfig.description || ''
+
+        // 권한 정보를 포함한 새로운 description 생성
+        const privilegeDescription =
+          `\n\n🔒 Requires privilege: ${category}:${privilege}` +
+          (domainOwnerGranted ? ', Domain ownership' : '') +
+          (superUserGranted ? ', System ownership' : '')
+
+        // 기존 description과 결합
+        fieldConfig.description = `${existingDescription} ${privilegeDescription}`.trim()
+
+        fieldConfig.resolve = async function (source, args, context, info) {
+          const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
+
+          if (
+            await checkPermission(
+              {
+                category,
+                privilege,
+                owner: domainOwnerGranted,
+                super: superUserGranted
+              },
+              user,
+              domain,
+              unsafeIP,
+              prohibitedPrivileges
+            )
+          ) {
+            return await resolve.call(this, source, args, context, info)
+          } else {
+            throw new Error(
+              `Unauthorized! ${
+                category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
+              } required`
+            )
+          }
+        }
+
+        return fieldConfig
+      }
+    }
+  })

package/server/service/privilege/privilege-mutation.ts

@@ -0,0 +1,92 @@
+import { Arg, Ctx, Mutation, Resolver, Directive } from 'type-graphql'
+import { In } from 'typeorm'
+
+import { getRepository } from '@things-factory/shell'
+
+import { Role } from '../role/role'
+import { Privilege } from './privilege'
+import { NewPrivilege, PrivilegePatch } from './privilege-types'
+
+@Resolver(Privilege)
+export class PrivilegeMutation {
+  @Directive('@privilege(superUserGranted:true)')
+  @Mutation(returns => Boolean, {
+    description: 'To synchronize privilege master from graphql directives. Only superuser is permitted.'
+  })
+  async synchronizePrivilegeMaster(
+    @Arg('privilege') privilege: NewPrivilege,
+    @Ctx() context: ResolverContext
+  ): Promise<Boolean> {
+    const privileges = process['PRIVILEGES']
+    const privilegeRepository = getRepository(Privilege)
+
+    for (const [category, name] of Object.values(privileges as [string, string])) {
+      if (0 == (await privilegeRepository.count({ where: { category, name } }))) {
+        await privilegeRepository.save({ category, name })
+      }
+    }
+
+    return true
+  }
+
+  @Directive('@privilege(superUserGranted:true)')
+  @Mutation(returns => Privilege, { description: 'To create new privilege' })
+  async createPrivilege(
+    @Arg('privilege') privilege: NewPrivilege,
+    @Ctx() context: ResolverContext
+  ): Promise<Privilege> {
+    if (privilege.roles && privilege.roles.length) {
+      privilege.roles = await getRepository(Role).findBy({
+        id: In(privilege.roles.map((role: Partial<Role>) => role.id))
+      })
+    }
+
+    return await getRepository(Privilege).save({
+      creator: context.state.user,
+      updater: context.state.user,
+      ...privilege
+    })
+  }
+
+  @Directive('@privilege(superUserGranted:true)')
+  @Mutation(returns => Privilege, { description: 'To modify privilege information' })
+  async updatePrivilege(
+    @Arg('name') name: string,
+    @Arg('category') category: string,
+    @Arg('patch') patch: PrivilegePatch,
+    @Ctx() context: ResolverContext
+  ): Promise<Privilege> {
+    const repository = getRepository(Privilege)
+    const privilege = await repository.findOne({
+      where: { name, category },
+      relations: ['roles', 'creator', 'updater']
+    })
+
+    const roleIds = privilege.roles.map(role => role.id)
+    if (patch.roles && patch.roles.length) {
+      patch.roles.forEach(({ id }) => {
+        if (!roleIds.includes(id)) {
+          roleIds.push(id)
+        }
+      })
+    }
+
+    return await repository.save({
+      ...privilege,
+      ...patch,
+      roles: await getRepository(Role).findByIds(roleIds),
+      updater: context.state.user
+    })
+  }
+
+  @Directive('@privilege(superUserGranted:true)')
+  @Mutation(returns => Boolean, { description: 'To delete privilege' })
+  async deletePrivilege(
+    @Arg('name') name: string,
+    @Arg('category') category: string,
+    @Ctx() context: ResolverContext
+  ): Promise<boolean> {
+    await getRepository(Privilege).delete({ name, category })
+    return true
+  }
+}

package/server/service/privilege/privilege-query.ts

@@ -0,0 +1,94 @@
+import { Arg, Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
+import { Domain, getQueryBuilderFromListParams, getRepository, ListParam } from '@things-factory/shell'
+
+import { Role } from '../role/role'
+import { User } from '../user/user'
+import { Privilege } from './privilege'
+import { PrivilegeList } from './privilege-types'
+
+@Resolver(Privilege)
+export class PrivilegeQuery {
+  @Directive('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => PrivilegeList, { description: 'To fetch multiple privileges' })
+  async privileges(
+    @Args(type => ListParam) params: ListParam,
+    @Ctx() context: ResolverContext
+  ): Promise<PrivilegeList> {
+    const [items, total] = await getQueryBuilderFromListParams({
+      params,
+      repository: getRepository(Privilege),
+      alias: 'p',
+      searchables: ['privilege', 'category'],
+      filtersMap: {
+        privilege: {
+          columnName: 'name'
+        }
+      }
+    })
+      .orderBy('p.category', 'ASC')
+      .getManyAndCount()
+
+    return { items, total }
+  }
+
+  @Query(returns => Boolean, { description: 'To query whether I have the given permission' })
+  async hasPrivilege(
+    @Arg('privilege') privilege: string,
+    @Arg('category') category: string,
+    @Ctx() context: ResolverContext
+  ): Promise<Boolean> {
+    const { domain, user } = context.state
+    return await User.hasPrivilege(privilege, category, domain, user)
+  }
+
+  @Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })
+  async domainsWithPrivilege(
+    @Arg('privilege') privilege: string,
+    @Arg('category') category: string,
+    @Ctx() context: ResolverContext
+  ): Promise<Partial<Domain>[]> {
+    const { user } = context.state
+    return await User.getDomainsWithPrivilege(privilege, category, user)
+  }
+
+  @FieldResolver(type => String)
+  async description(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {
+    const { t } = context
+    const { name, category } = privilege
+
+    const keyname = `privilege.name.${name}`
+    const keycategory = `privilege.category.${category}`
+    const tname = t(keyname)
+    const tcategory = t(keycategory)
+
+    return t('privilege.description', {
+      name: tname === keyname ? name : tname,
+      category: tcategory === keycategory ? category : tcategory
+    })
+  }
+
+  @FieldResolver(type => String)
+  async privilege(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {
+    return privilege.name
+  }
+
+  @FieldResolver(type => [Role])
+  async roles(@Root() privilege: Privilege) {
+    return (
+      await getRepository(Privilege).findOne({
+        where: { id: privilege.id },
+        relations: ['roles']
+      })
+    ).roles
+  }
+
+  @FieldResolver(type => User)
+  async updater(@Root() privilege: Privilege): Promise<User> {
+    return await getRepository(User).findOneBy({ id: privilege.updaterId })
+  }
+
+  @FieldResolver(type => User)
+  async creator(@Root() privilege: Privilege): Promise<User> {
+    return await getRepository(User).findOneBy({ id: privilege.creatorId })
+  }
+}

package/server/service/privilege/privilege-types.ts

@@ -0,0 +1,60 @@
+import { ObjectType, InputType, Field, Int } from 'type-graphql'
+import { ObjectRef } from '@things-factory/shell'
+import { Privilege } from './privilege'
+
+@InputType()
+export class NewPrivilege {
+  @Field()
+  name: string
+
+  @Field()
+  category: string
+
+  @Field({ nullable: true })
+  description?: string
+
+  @Field(type => [ObjectRef], { nullable: true })
+  roles: ObjectRef[]
+}
+
+@InputType()
+export class PrivilegePatch {
+  @Field({ nullable: true })
+  id?: string
+
+  @Field({ nullable: true })
+  name?: string
+
+  @Field({ nullable: true })
+  category?: string
+
+  @Field({ nullable: true })
+  description?: string
+
+  @Field(type => [ObjectRef], { nullable: true })
+  roles?: ObjectRef[]
+}
+
+@ObjectType()
+export class PrivilegeList {
+  @Field(type => [Privilege], { nullable: true })
+  items: Privilege[]
+
+  @Field(type => Int, { nullable: true })
+  total: number
+}
+
+@ObjectType()
+export class UserPrivilege {
+  @Field({ nullable: true })
+  id: String
+
+  @Field({ nullable: true })
+  name: String
+
+  @Field({ nullable: true })
+  description: String
+
+  @Field({ nullable: true })
+  assigned: Boolean
+}

package/server/service/privilege/privilege.ts

@@ -0,0 +1,102 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  ManyToMany,
+  ManyToOne,
+  JoinTable,
+  RelationId,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn
+} from 'typeorm'
+import { ObjectType, InputType, Field, ID } from 'type-graphql'
+import { Role } from '../role/role'
+import { User } from '../user/user'
+
+@ObjectType()
+export class PrivilegeObject {
+  @Field({ nullable: true })
+  privilege?: string
+
+  @Field({ nullable: true })
+  category?: string
+
+  @Field({ nullable: true })
+  owner?: boolean
+
+  @Field({ nullable: true })
+  super?: boolean
+}
+
+@InputType()
+export class PrivilegeInput {
+  @Field({ nullable: true })
+  privilege?: string
+
+  @Field({ nullable: true })
+  category?: string
+
+  @Field({ nullable: true })
+  owner?: boolean
+
+  @Field({ nullable: true })
+  super?: boolean
+}
+
+@Entity()
+@Index('ix_privilege_0', (privilege: Privilege) => [privilege.name, privilege.category], {
+  unique: false
+})
+@ObjectType()
+export class Privilege {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  id: string
+
+  @Column()
+  @Field()
+  name: string
+
+  @Column()
+  @Field({ nullable: true })
+  category: string
+
+  @Column({
+    nullable: true
+  })
+  @Field({ nullable: true })
+  description: string
+
+  @ManyToMany(type => Role, role => role.privileges)
+  @JoinTable({
+    /* case M2M, JoinTable setting should be defined only one side (never set both side) */
+    name: 'roles_privileges',
+    joinColumns: [{ name: 'privileges_id', referencedColumnName: 'id' }],
+    inverseJoinColumns: [{ name: 'roles_id', referencedColumnName: 'id' }]
+  })
+  @Field(type => [Role], { nullable: true })
+  roles: Role[]
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  creator: User
+
+  @RelationId((privilege: Privilege) => privilege.creator)
+  creatorId: string
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  updater: User
+
+  @RelationId((privilege: Privilege) => privilege.updater)
+  updaterId: string
+
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt: Date
+
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt: Date
+}

package/server/service/role/index.ts

@@ -0,0 +1,6 @@
+import { Role } from './role'
+import { RoleQuery } from './role-query'
+import { RoleMutation } from './role-mutation'
+
+export const entities = [Role]
+export const resolvers = [RoleQuery, RoleMutation]