@things-factory/auth-base 8.0.0-beta.9 → 8.0.2

package/server/service/appliance/appliance.ts

@@ -0,0 +1,133 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  RelationId,
+  UpdateDateColumn
+} from 'typeorm'
+import { Directive, Field, ID, ObjectType } from 'type-graphql'
+import { User, UserStatus } from '../user/user'
+
+import { Domain } from '@things-factory/shell'
+import { SECRET } from '../../utils/get-secret'
+import { config } from '@things-factory/env'
+import jwt from 'jsonwebtoken'
+
+const ORMCONFIG = config.get('ormconfig', {})
+const DATABASE_TYPE = ORMCONFIG.type
+
+@Entity()
+@Index('ix_appliance_0', (appliance: Appliance) => [appliance.domain, appliance.name], {
+  unique: true
+})
+@ObjectType()
+export class Appliance {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id: string
+
+  @ManyToOne(type => Domain)
+  @Field(type => Domain)
+  domain?: Domain
+
+  @RelationId((appliance: Appliance) => appliance.domain)
+  domainId: string
+
+  @Column({
+    nullable: true
+  })
+  @Field({ nullable: true })
+  serialNo: string
+
+  @Column()
+  @Field()
+  name: string
+
+  @Column()
+  @Field({ nullable: true })
+  brand: string
+
+  @Column()
+  @Field({ nullable: true })
+  model: string
+
+  @Column({
+    nullable: true
+  })
+  @Field({ nullable: true })
+  netmask: string
+
+  @Column({
+    nullable: true
+  })
+  @Field({ nullable: true })
+  description: string
+
+  @Column({
+    nullable: true,
+    type:
+      DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? 'longtext'
+        : DATABASE_TYPE == 'oracle'
+          ? 'clob'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    length: DATABASE_TYPE == 'mssql' ? 'MAX' : undefined
+  })
+  @Field({ nullable: true })
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  accessToken: string
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field({ nullable: true })
+  creator: User
+
+  @RelationId((appliance: Appliance) => appliance.creator)
+  creatorId: string
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field({ nullable: true })
+  updater: User
+
+  @RelationId((appliance: Appliance) => appliance.updater)
+  updaterId: string
+
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt: Date
+
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt: Date
+
+  /* signing for jsonwebtoken */
+  static sign(subject, expiresIn, domain, user, appliance) {
+    var credential = {
+      id: user.id,
+      userType: 'appliance',
+      appliance: {
+        id: appliance.id
+      },
+      status: UserStatus.ACTIVATED,
+      domain: {
+        subdomain: domain.subdomain
+      }
+    }
+
+    return jwt.sign(credential, SECRET, {
+      expiresIn,
+      issuer: 'hatiolab.com',
+      subject
+    })
+  }
+
+  static generateAccessToken(domain, user, appliance) {
+    /* how to set expiresIn https://github.com/vercel/ms */
+    let expiresIn = config.get('applianceJwtExpiresIn', '1y')
+    return this.sign('access-token', expiresIn, domain, user, appliance)
+  }
+}

package/server/service/appliance/index.ts

@@ -0,0 +1,6 @@
+import { Appliance } from './appliance'
+import { ApplianceQuery } from './appliance-query'
+import { ApplianceMutation } from './appliance-mutation'
+
+export const entities = [Appliance]
+export const resolvers = [ApplianceQuery, ApplianceMutation]

package/server/service/application/application-mutation.ts

@@ -0,0 +1,104 @@
+import { Directive, Arg, Ctx, Mutation, Resolver } from 'type-graphql'
+
+import { getRepository } from '@things-factory/shell'
+
+import { User } from '../user/user'
+import { Application } from './application'
+import { AccessToken, ApplicationPatch, NewApplication } from './application-types'
+
+@Resolver(Application)
+export class ApplicationMutation {
+  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Application, { description: 'To create new application' })
+  async createApplication(@Arg('application') application: NewApplication, @Ctx() context: ResolverContext) {
+    const { domain } = context.state
+    return await getRepository(Application).save({
+      ...application,
+      domain,
+      appKey: Application.generateAppKey(),
+      appSecret: Application.generateAppSecret(),
+      creator: context.state.user,
+      updater: context.state.user
+    })
+  }
+
+  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Boolean, { description: 'To delete application' })
+  async deleteApplication(@Arg('id') id: string, @Ctx() context: ResolverContext) {
+    const { domain } = context.state
+    await getRepository(Application).delete({
+      domain: { id: domain.id },
+      id
+    })
+    return true
+  }
+
+  @Directive('@privilege(category: "security", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Application)
+  async generateApplicationSecret(@Arg('id') id: string, @Ctx() context: ResolverContext) {
+    const { domain } = context.state
+    const repository = getRepository(Application)
+    const application = await repository.findOneBy({ domain: { id: domain.id }, id })
+
+    return await repository.save({
+      ...application,
+      appSecret: Application.generateAppSecret(),
+      updater: context.state.user
+    })
+  }
+
+  @Directive('@privilege(category: "security", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => AccessToken)
+  async renewApplicationAccessToken(
+    @Arg('id') id: string,
+    @Ctx() context: ResolverContext,
+    @Arg('scope') scope?: string
+  ) {
+    const { domain } = context.state
+
+    var appuser: User = await getRepository(User).findOneBy({
+      id,
+      userType: 'application'
+    })
+
+    if (!appuser) {
+      throw new Error('application is not bound')
+    }
+
+    const repository = getRepository(Application)
+    const application = await repository.findOneBy({ id: appuser.reference })
+    if (!application) {
+      throw new Error('application not found')
+    }
+
+    var accessToken = Application.generateAccessToken(domain, appuser, application.appSecret, scope || '')
+    var refreshToken = Application.generateRefreshToken(domain, appuser, application.appSecret, scope || '')
+
+    await getRepository(User).save({
+      ...(appuser as any),
+      password: refreshToken
+    })
+
+    return {
+      accessToken,
+      refreshToken
+    }
+  }
+
+  @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
+  @Mutation(returns => Application)
+  async updateApplication(
+    @Arg('id') id: string,
+    @Arg('patch') patch: ApplicationPatch,
+    @Ctx() context: ResolverContext
+  ) {
+    const repository = getRepository(Application)
+    const application = await repository.findOneBy({ id })
+
+    return await repository.save({
+      ...application,
+      ...patch,
+      updater: context.state.user
+    })
+  }
+}

package/server/service/application/application-query.ts

@@ -0,0 +1,98 @@
+import { Directive, Arg, Args, Ctx, FieldResolver, Query, Resolver, Root } from 'type-graphql'
+import { SelectQueryBuilder } from 'typeorm'
+import { URL } from 'url'
+
+import { config } from '@things-factory/env'
+import { getQueryBuilderFromListParams, Domain, getRepository, ListParam } from '@things-factory/shell'
+
+import { Role } from '../role/role'
+import { User } from '../user/user'
+import { Application } from './application'
+import { ApplicationList } from './application-types'
+
+const protocol: string = config.get('protocol')
+
+@Resolver(Application)
+export class ApplicationQuery {
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => Application, { description: 'To fetch application' })
+  async application(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<Application> {
+    const repository = getRepository(Application)
+
+    return await repository.findOneBy({ id })
+  }
+
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => ApplicationList, { description: 'To fetch multiple application' })
+  async applications(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext) {
+    const { domain } = context.state
+
+    const queryBuilder = getQueryBuilderFromListParams({
+      domain,
+      params,
+      repository: getRepository(Application),
+      alias: 'application',
+      searchables: ['name', 'description']
+    })
+
+    const [items, total] = await queryBuilder.getManyAndCount()
+
+    return { items, total }
+  }
+
+  @FieldResolver(type => String)
+  async availableScopes(@Ctx() context: ResolverContext): Promise<string> {
+    const { domain } = context.state
+    const roles = await getRepository(Role).findBy({ domain: { id: domain.id } })
+
+    return roles.map((role: Role) => role.name).join(' ')
+  }
+
+  @FieldResolver(type => String)
+  async accessTokenUrl(@Ctx() context: ResolverContext): Promise<string> {
+    return buildAuthURL('/oauth/access-token', context)
+  }
+
+  @FieldResolver(type => String)
+  async authUrl(@Ctx() context: ResolverContext): Promise<string> {
+    return buildAuthURL('/oauth/authorize', context)
+  }
+
+  @FieldResolver(type => Domain)
+  async domain(@Ctx() context: ResolverContext) {
+    return context.state.domain
+  }
+
+  @FieldResolver(type => User)
+  async updater(@Root() application: Application): Promise<User> {
+    return await getRepository(User).findOneBy({ id: application.updaterId })
+  }
+
+  @FieldResolver(type => User)
+  async creator(@Root() application: Application): Promise<User> {
+    return await getRepository(User).findOneBy({ id: application.creatorId })
+  }
+}
+
+function buildAuthURL(pathname: string, context: ResolverContext): string {
+  const originalProtocol = context.headers['x-forwarded-proto']
+  const originalHost = context.headers['x-forwarded-host']
+  const originalPort = context.headers['x-forwarded-port']
+
+  if (originalProtocol && originalHost) {
+    var url: URL = new URL(`${originalProtocol}://${originalHost}`)
+    if (originalPort) {
+      url.port = originalPort
+    }
+  } else {
+    var url: URL = new URL(context.request.origin)
+  }
+
+  if (protocol) {
+    url.protocol = protocol
+  }
+
+  url.pathname = pathname
+
+  return url.href
+}

package/server/service/application/application-types.ts

@@ -0,0 +1,76 @@
+import { Field, InputType, Int, ObjectType } from 'type-graphql'
+import { GraphQLEmailAddress } from 'graphql-scalars'
+
+import { Application, ApplicationType } from './application'
+
+@ObjectType()
+export class AccessToken {
+  @Field()
+  accesToken: string
+
+  @Field()
+  refreshToken: string
+}
+
+@ObjectType()
+export class ApplicationList {
+  @Field(type => [Application], { nullable: true })
+  items?: Application[]
+
+  @Field(type => Int, { nullable: true })
+  total?: number
+}
+
+@InputType()
+export class ApplicationPatch {
+  @Field({ nullable: true })
+  name?: string
+
+  @Field({ nullable: true })
+  description?: string
+
+  @Field(type => GraphQLEmailAddress, { nullable: true })
+  email?: string
+
+  @Field({ nullable: true })
+  url?: string
+
+  @Field({ nullable: true })
+  icon?: string
+
+  @Field({ nullable: true })
+  redirectUrl?: string
+
+  @Field({ nullable: true })
+  webhook?: string
+
+  @Field(type => ApplicationType, { nullable: true })
+  type?: ApplicationType
+}
+
+@InputType()
+export class NewApplication {
+  @Field()
+  name: string
+
+  @Field({ nullable: true })
+  description?: string
+
+  @Field(type => GraphQLEmailAddress, { nullable: true })
+  email?: string
+
+  @Field({ nullable: true })
+  url?: string
+
+  @Field({ nullable: true })
+  icon?: string
+
+  @Field({ nullable: true })
+  redirectUrl?: string
+
+  @Field({ nullable: true })
+  webhook?: string
+
+  @Field(type => ApplicationType, { nullable: true })
+  type?: ApplicationType
+}

package/server/service/application/application.ts

@@ -0,0 +1,216 @@
+import crypto from 'crypto'
+import jwt from 'jsonwebtoken'
+import { Directive, Field, ID, ObjectType, registerEnumType } from 'type-graphql'
+import { GraphQLEmailAddress } from 'graphql-scalars'
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  RelationId,
+  UpdateDateColumn
+} from 'typeorm'
+
+import { config } from '@things-factory/env'
+import { Domain } from '@things-factory/shell'
+
+import { SECRET } from '../../utils/get-secret'
+import { User, UserStatus } from '../user/user'
+
+const ORMCONFIG = config.get('ormconfig', {})
+const DATABASE_TYPE = ORMCONFIG.type
+
+export enum ApplicationStatus {
+  DRAFT = 'DRAFT',
+  ACTIVATED = 'ACTIVATED'
+}
+
+registerEnumType(ApplicationStatus, {
+  name: 'ApplicationStatus',
+  description: 'state enumeration of a application'
+})
+
+export enum ApplicationType {
+  SELLERCRAFT = 'SELLERCRAFT',
+  XILNEX = 'XILNEX',
+  MMS = 'MMS',
+  XERO = 'XERO',
+  OTHERS = 'OTHERS',
+  SFTP = 'SFTP'
+}
+
+registerEnumType(ApplicationType, {
+  name: 'ApplicationType',
+  description: 'state enumeration of a application'
+})
+@Entity()
+@Index('ix_application_0', (application: Application) => [application.appKey], { unique: true })
+@ObjectType()
+export class Application {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id?: string
+
+  @ManyToOne(type => Domain)
+  @Field(type => Domain)
+  domain?: Domain
+
+  @RelationId((application: Application) => application.domain)
+  domainId?: string
+
+  @Column()
+  @Field()
+  name?: string
+
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  description?: string
+
+  @Column()
+  @Field(type => GraphQLEmailAddress)
+  email?: string
+
+  @Column()
+  @Field()
+  url?: string
+
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  icon?: string
+
+  @Column()
+  @Field()
+  redirectUrl?: string
+
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  webhook?: string
+
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  appKey?: string
+
+  @Column({
+    nullable: true,
+    type:
+      DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? 'longtext'
+        : DATABASE_TYPE == 'oracle'
+          ? 'clob'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    length: DATABASE_TYPE == 'mssql' ? 'MAX' : undefined
+  })
+  @Field({ nullable: true })
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  appSecret?: string
+
+  @Column({ default: ApplicationStatus.DRAFT })
+  @Field()
+  status?: ApplicationStatus
+
+  @Column({
+    type:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? 'enum'
+        : DATABASE_TYPE == 'oracle'
+          ? 'varchar2'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    enum:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? ApplicationType
+        : undefined,
+    length: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? undefined : 32,
+    default: ApplicationType.OTHERS
+  })
+  @Field()
+  type?: ApplicationType
+
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt?: Date
+
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt?: Date
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  creator?: User
+
+  @RelationId((application: Application) => application.creator)
+  creatorId?: string
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  updater?: User
+
+  @RelationId((application: Application) => application.updater)
+  updaterId?: string
+
+  /* generateAppSecret */
+  static generateAppSecret() {
+    return crypto.randomBytes(16).toString('hex')
+  }
+
+  static generateAppKey() {
+    return crypto.randomBytes(16).toString('hex')
+  }
+
+  /* signing for jsonwebtoken */
+  static sign(subject, expiresIn, domain, user, appKey, scope) {
+    var application = {
+      id: user.id,
+      userType: 'application',
+      application: {
+        appKey
+      },
+      status: UserStatus.ACTIVATED,
+      domain: {
+        subdomain: domain.subdomain
+      },
+      scope
+    }
+
+    return jwt.sign(application, SECRET, {
+      expiresIn,
+      issuer: 'hatiolab.com',
+      subject
+    })
+  }
+
+  static generateAccessToken(domain, user, appKey, scope) {
+    /* how to set expiresIn https://github.com/vercel/ms */
+    return this.sign('access-token', '30d', domain, user, appKey, scope)
+  }
+
+  static generateRefreshToken(domain, user, appKey, scope) {
+    /* how to set expiresIn https://github.com/vercel/ms */
+    return this.sign('refresh-token', '1y', domain, user, appKey, scope)
+  }
+
+  /* auth-code signing for jsonwebtoken */
+  static generateAuthCode(email, appKey, subdomain, scopes, state) {
+    var credential = {
+      email,
+      appKey,
+      subdomain,
+      scopes,
+      state
+    }
+
+    return jwt.sign(credential, SECRET, {
+      expiresIn: '1m'
+    })
+  }
+
+  /* auth-code signing for jsonwebtoken */
+  static verifyAuthCode(authcode) {
+    return jwt.verify(authcode, SECRET)
+  }
+}

package/server/service/application/index.ts

@@ -0,0 +1,6 @@
+import { Application } from './application'
+import { ApplicationQuery } from './application-query'
+import { ApplicationMutation } from './application-mutation'
+
+export const entities = [Application]
+export const resolvers = [ApplicationQuery, ApplicationMutation]