@things-factory/auth-base 8.0.0-beta.9 → 8.0.2

package/server/service/auth-provider/auth-provider-mutation.ts

@@ -0,0 +1,159 @@
+import { Resolver, Mutation, Arg, Ctx, Directive } from 'type-graphql'
+import { In } from 'typeorm'
+
+import { AuthProvider } from './auth-provider'
+import { NewAuthProvider, AuthProviderPatch } from './auth-provider-type'
+
+@Resolver(AuthProvider)
+export class AuthProviderMutation {
+  @Directive('@transaction')
+  @Mutation(returns => AuthProvider, { description: 'To create new AuthProvider' })
+  async createAuthProvider(
+    @Arg('authProvider') authProvider: NewAuthProvider,
+    @Ctx() context: ResolverContext
+  ): Promise<AuthProvider> {
+    const { domain, user, tx } = context.state
+
+    return await tx.getRepository(AuthProvider).save({
+      ...authProvider,
+      domain,
+      creator: user,
+      updater: user
+    })
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => AuthProvider, { description: 'To modify AuthProvider information' })
+  async updateAuthProvider(
+    @Arg('id') id: string,
+    @Arg('patch') patch: AuthProviderPatch,
+    @Ctx() context: ResolverContext
+  ): Promise<AuthProvider> {
+    const { domain, user, tx } = context.state
+
+    const repository = tx.getRepository(AuthProvider)
+    const authProvider = await repository.findOne({
+      where: { domain: { id: domain.id }, id }
+    })
+
+    return await repository.save({
+      ...authProvider,
+      ...patch,
+      updater: user
+    })
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => [AuthProvider])
+  async updateMultipleAuthProvider(
+    @Arg('patches', type => [AuthProviderPatch]) patches: AuthProviderPatch[],
+    @Ctx() context: ResolverContext
+  ): Promise<AuthProvider[]> {
+    const { domain, user, tx } = context.state
+
+    let results = []
+    const _createRecords = patches.filter((patch: any) => patch.cuFlag === '+')
+    const _updateRecords = patches.filter((patch: any) => patch.cuFlag.toUpperCase() === 'M')
+
+    if (_createRecords.length > 0) {
+      for (let i = 0; i < _createRecords.length; i++) {
+        const newRecord = _createRecords[i]
+
+        let foundAuthProvider = await tx.getRepository(AuthProvider).findOne({
+          where: { domain: { id: domain.id }, type: newRecord.type }
+        })
+
+        if (foundAuthProvider) {
+          throw new Error('Duplicated authProvider found')
+        }
+
+        const result: AuthProvider = await tx.getRepository(AuthProvider).save({
+          domain: domain,
+          creator: user,
+          updater: user,
+          ...newRecord
+        })
+
+        results.push({ ...result, cuFlag: '+' })
+      }
+    }
+
+    if (_updateRecords.length > 0) {
+      for (let i = 0; i < _updateRecords.length; i++) {
+        const updatedRecord = _updateRecords[i]
+        const authProvider = await tx.getRepository(AuthProvider).findOne({
+          where: { domain: { id: domain.id }, id: updatedRecord.id }
+        })
+
+        const result = await tx.getRepository(AuthProvider).save({
+          ...authProvider,
+          ...updatedRecord,
+          updater: user
+        })
+
+        results.push({ ...result, cuFlag: 'M' })
+      }
+    }
+
+    return results
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Boolean, { description: 'To delete AuthProvider' })
+  async deleteAuthProvider(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<boolean> {
+    const { domain, tx } = context.state
+
+    await tx.getRepository(AuthProvider).delete({ domain: { id: domain.id }, id })
+
+    return true
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Boolean)
+  async deleteAuthProviders(
+    @Arg('ids', type => [String]) ids: string[],
+    @Ctx() context: ResolverContext
+  ): Promise<Boolean> {
+    const { domain, user, tx } = context.state
+
+    const authProviders = await tx.getRepository(AuthProvider).find({
+      where: {
+        domain: { id: domain.id },
+        id: In(ids)
+      }
+    })
+
+    await Promise.all(
+      authProviders.map(async (authProvider: AuthProvider) => {
+        await tx.getRepository(AuthProvider).save({
+          ...authProvider,
+          deletedAt: new Date(),
+          updater: user
+        })
+      })
+    )
+    return true
+  }
+
+  @Directive('@transaction')
+  @Directive('@privilege(superUserGranted:true)')
+  @Mutation(returns => Boolean, { description: 'To synchronize auth-providers users' })
+  async synchronizeAuthProviderUsers(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<boolean> {
+    const { domain, user, tx } = context.state
+
+    const repository = tx.getRepository(AuthProvider)
+    const authProvider = await repository.findOne({
+      where: { domain: { id: domain.id }, id },
+      relations: ['domain']
+    })
+
+    const { type } = authProvider
+    const { synchronizeUsers } = AuthProvider.getAuthProviderImpl(type) || {}
+
+    if (synchronizeUsers) {
+      return await synchronizeUsers(authProvider, context)
+    } else {
+      throw new Error(`No AuthProviderImpl for the type '${type}'`)
+    }
+  }
+}

package/server/service/auth-provider/auth-provider-parameter-spec.ts

@@ -0,0 +1,24 @@
+import { Field, ObjectType } from 'type-graphql'
+
+import { ScalarObject } from '@things-factory/shell'
+
+@ObjectType()
+export class AuthProviderParameterSpec {
+  @Field()
+  type: string
+
+  @Field()
+  label: string
+
+  @Field()
+  name: string
+
+  @Field({ nullable: true })
+  placeholder?: string
+
+  @Field(type => ScalarObject, { nullable: true })
+  property?: { [key: string]: any }
+
+  @Field(type => ScalarObject, { nullable: true })
+  styles?: { [key: string]: any }
+}

package/server/service/auth-provider/auth-provider-query.ts

@@ -0,0 +1,88 @@
+import { Resolver, Query, FieldResolver, Root, Args, Arg, Ctx, Directive } from 'type-graphql'
+import { Domain, getQueryBuilderFromListParams, getRepository, ListParam } from '@things-factory/shell'
+import { User } from '../user/user'
+import { AuthProvider, AuthProviderTypeList } from './auth-provider'
+import { AuthProviderList } from './auth-provider-type'
+
+@Resolver(AuthProvider)
+export class AuthProviderQuery {
+  @Query(returns => AuthProviderTypeList!, { nullable: true, description: 'To fetch a AuthProvider' })
+  authProviderTypes(@Ctx() context: ResolverContext): AuthProviderTypeList {
+    const { domain } = context.state
+
+    return AuthProvider.getAuthProviderTypes()
+  }
+
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => AuthProvider!, { nullable: true, description: 'To fetch a AuthProvider' })
+  async authProvider(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<AuthProvider> {
+    const { domain } = context.state
+
+    return await getRepository(AuthProvider).findOne({
+      where: { domain: { id: domain.id }, id }
+    })
+  }
+
+  @Directive('@privilege(category: "user", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
+  @Query(returns => AuthProviderList, { description: 'To fetch multiple AuthProviders' })
+  async authProviders(
+    @Args(type => ListParam) params: ListParam,
+    @Ctx() context: ResolverContext
+  ): Promise<AuthProviderList> {
+    const { domain } = context.state
+
+    const queryBuilder = getQueryBuilderFromListParams({
+      domain,
+      params,
+      repository: await getRepository(AuthProvider),
+      searchables: ['type']
+    })
+
+    const [items, total] = await queryBuilder.getManyAndCount()
+
+    return { items, total }
+  }
+
+  @FieldResolver(type => String)
+  clientSecret(@Root() authProvider: AuthProvider): string {
+    const clientSecret = authProvider.clientSecret
+
+    if (!clientSecret || clientSecret.length <= 2) {
+      return clientSecret // 입력 문자열의 길이가 2 이하인 경우 그대로 반환
+    }
+    const firstChar = clientSecret.charAt(0)
+    const lastChar = clientSecret.charAt(clientSecret.length - 1)
+    const maskedPart = '*'.repeat(clientSecret.length - 2)
+
+    return firstChar + maskedPart + lastChar
+  }
+
+  @FieldResolver(type => String)
+  privateKey(@Root() authProvider: AuthProvider): string {
+    const privateKey = authProvider.privateKey
+
+    if (!privateKey || privateKey.length <= 2) {
+      return privateKey // 입력 문자열의 길이가 2 이하인 경우 그대로 반환
+    }
+    const firstChar = privateKey.charAt(0)
+    const lastChar = privateKey.charAt(privateKey.length - 1)
+    const maskedPart = '*'.repeat(privateKey.length - 2)
+
+    return firstChar + maskedPart + lastChar
+  }
+
+  @FieldResolver(type => Domain)
+  async domain(@Root() authProvider: AuthProvider): Promise<Domain> {
+    return authProvider.domainId && (await getRepository(Domain).findOneBy({ id: authProvider.domainId }))
+  }
+
+  @FieldResolver(type => User)
+  async updater(@Root() authProvider: AuthProvider): Promise<User> {
+    return authProvider.updaterId && (await getRepository(User).findOneBy({ id: authProvider.updaterId }))
+  }
+
+  @FieldResolver(type => User)
+  async creator(@Root() authProvider: AuthProvider): Promise<User> {
+    return authProvider.creatorId && (await getRepository(User).findOneBy({ id: authProvider.creatorId }))
+  }
+}

package/server/service/auth-provider/auth-provider-type.ts

@@ -0,0 +1,67 @@
+import { ObjectType, Field, InputType, Int, ID } from 'type-graphql'
+
+import { ScalarObject } from '@things-factory/shell'
+import { AuthProvider } from './auth-provider'
+
+@InputType()
+export class NewAuthProvider {
+  @Field()
+  type: string
+
+  @Field({ nullable: true })
+  active?: boolean
+
+  @Field({ nullable: true })
+  tenantId?: string
+
+  @Field({ nullable: true })
+  clientId?: string
+
+  @Field({ nullable: true })
+  clientSecret?: string
+
+  @Field({ nullable: true })
+  privateKey?: string
+
+  @Field(type => ScalarObject, { nullable: true })
+  params?: { [key: string]: any }
+}
+
+@InputType()
+export class AuthProviderPatch {
+  @Field(type => ID, { nullable: true })
+  id?: string
+
+  @Field({ nullable: true })
+  type?: string
+
+  @Field({ nullable: true })
+  active?: boolean
+
+  @Field({ nullable: true })
+  tenantId?: string
+
+  @Field({ nullable: true })
+  clientId?: string
+
+  @Field({ nullable: true })
+  clientSecret?: string
+
+  @Field({ nullable: true })
+  privateKey?: string
+
+  @Field(type => ScalarObject, { nullable: true })
+  params?: { [key: string]: any }
+
+  @Field({ nullable: true })
+  cuFlag?: string
+}
+
+@ObjectType()
+export class AuthProviderList {
+  @Field(type => [AuthProvider])
+  items: AuthProvider[]
+
+  @Field(type => Int)
+  total: number
+}

package/server/service/auth-provider/auth-provider.ts

@@ -0,0 +1,155 @@
+import {
+  CreateDateColumn,
+  UpdateDateColumn,
+  Entity,
+  Index,
+  Column,
+  RelationId,
+  ManyToOne,
+  OneToMany,
+  PrimaryGeneratedColumn
+} from 'typeorm'
+import { Directive, ObjectType, Field, Int, ID } from 'type-graphql'
+
+import { Domain, ScalarObject, encryptTransformer } from '@things-factory/shell'
+import { User } from '../user/user'
+import { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'
+import { AuthProviderParameterSpec } from './auth-provider-parameter-spec'
+
+export type AuthProviderImpl = {
+  type: string
+  description: string
+  help: string
+  parameterSpec: AuthProviderParameterSpec
+  synchronizeUsers: (authProvider: AuthProvider, context: ResolverContext) => Promise<boolean>
+}
+
+export type AuthProviderRegistry = {
+  [type: string]: AuthProviderImpl
+}
+
+@ObjectType()
+export class AuthProviderType {
+  @Field()
+  type: string
+
+  @Field({ nullable: true })
+  description: string
+
+  @Field({ nullable: true })
+  help: string
+
+  @Field(type => [AuthProviderParameterSpec], { nullable: true })
+  parameterSpec: AuthProviderParameterSpec[]
+}
+
+@ObjectType()
+export class AuthProviderTypeList {
+  @Field(type => [AuthProviderType])
+  items: AuthProviderType[]
+
+  @Field(type => Int)
+  total: number
+}
+
+@Entity()
+@Index('ix_auth_provider_0', (authProvider: AuthProvider) => [authProvider.domain, authProvider.type], {
+  unique: true
+})
+@ObjectType({ description: 'Entity for AuthProvider' })
+export class AuthProvider {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id: string
+
+  @ManyToOne(type => Domain)
+  @Field(type => Domain)
+  domain?: Domain
+
+  @RelationId((authProvider: AuthProvider) => authProvider.domain)
+  domainId?: string
+
+  @Column()
+  @Field({ nullable: true })
+  type?: string
+
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  active?: boolean
+
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  tenantId?: string
+
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  clientId?: string
+
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true, transformer: encryptTransformer })
+  @Field({ nullable: true })
+  clientSecret?: string
+
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true, transformer: encryptTransformer })
+  @Field({ nullable: true })
+  privateKey?: string
+
+  @Column('simple-json', { nullable: true })
+  @Field(type => ScalarObject, { nullable: true })
+  params?: { [key: string]: any }
+
+  @OneToMany(() => UsersAuthProviders, usersAuthProviders => usersAuthProviders.authProvider)
+  @Field(type => [UsersAuthProviders], { nullable: true })
+  usersAuthProviders?: UsersAuthProviders[]
+
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt?: Date
+
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt?: Date
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  creator?: User
+
+  @RelationId((authProvider: AuthProvider) => authProvider.creator)
+  creatorId?: string
+
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  updater?: User
+
+  @RelationId((authProvider: AuthProvider) => authProvider.updater)
+  updaterId?: string
+
+  static registry = {}
+
+  public static register(type: string, provider: AuthProviderImpl) {
+    AuthProvider.registry[type] = provider
+  }
+
+  public static getAuthProviderTypes(): AuthProviderTypeList {
+    const items = Object.values(AuthProvider.registry).map(({ type, description, help, parameterSpec }) => {
+      return {
+        type,
+        description,
+        help,
+        parameterSpec
+      }
+    })
+
+    return {
+      items,
+      total: items.length
+    }
+  }
+
+  public static getAuthProviderImpl(type: string) {
+    return AuthProvider.registry[type]
+  }
+}

package/server/service/auth-provider/index.ts

@@ -0,0 +1,7 @@
+import { AuthProvider } from './auth-provider'
+import { AuthProviderQuery } from './auth-provider-query'
+import { AuthProviderMutation } from './auth-provider-mutation'
+
+export const entities = [AuthProvider]
+export const resolvers = [AuthProviderQuery, AuthProviderMutation]
+export const subscribers = []

package/server/service/domain-generator/domain-generator-mutation.ts

@@ -0,0 +1,117 @@
+import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
+import { ILike, In, Repository } from 'typeorm'
+
+import { Domain, getRepository } from '@things-factory/shell'
+import { slugger } from '@things-factory/utils'
+
+import { Privilege } from '../privilege/privilege'
+import { Role } from '../role/role'
+import { User } from '../user/user'
+import { DomainGeneratorInput, DomainUserRoleInput } from './domain-generator-types'
+
+@Resolver()
+export class DomainGeneratorMutation {
+  @Directive('@privilege(superUserGranted: true)')
+  @Directive('@transaction')
+  @Mutation(returns => Domain)
+  async domainRegister(
+    @Arg('domainInput') domainInput: DomainGeneratorInput,
+    @Ctx() context: ResolverContext
+  ): Promise<Domain> {
+    const { user } = context.state
+    const { name, description } = domainInput
+    const domainRepo: Repository<Domain> = getRepository(Domain)
+    const subdomain: string = slugger(name)
+
+    const domain: Domain = await domainRepo.findOneBy({ subdomain })
+    if (domain) {
+      throw new Error('domain is duplicated')
+    }
+
+    return await domainRepo.save({ name, description, subdomain, owner: user.id })
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Domain)
+  async domainUserRoleRegister(
+    @Arg('newDomainInfo') newDomainInfo: DomainUserRoleInput,
+    @Ctx() context: ResolverContext
+  ): Promise<Domain> {
+    const { tx } = context.state
+    // 도메인 생성
+    const { domain, users, roles } = newDomainInfo
+    const domainOwner = users.find(user => user.owner === true)
+
+    const domainRepository: Repository<Domain> = tx.getRepository(Domain)
+    const roleRepository: Repository<Role> = tx.getRepository(Role)
+    const userRepository: Repository<User> = tx.getRepository(User)
+    const privilegeRepository: Repository<Privilege> = tx.getRepository(Privilege)
+
+    const subdomain: string = slugger(domain.name)
+
+    const newDomain = await domainRepository.save({
+      name: domain.name,
+      description: domain.description,
+      subdomain
+    })
+
+    // 역할 생성
+    const newRoles: Role[] = await Promise.all(
+      roles.map(async (role: Role) => {
+        if (role.privileges?.length) {
+          const privilegeIds: string[] = role.privileges.map((p: Privilege) => p.id)
+          role.privileges = await privilegeRepository.findBy({
+            id: In(privilegeIds)
+          })
+        }
+
+        role.domain = newDomain
+        return await roleRepository.save(role)
+      })
+    )
+
+    // 사용자 생성
+    let inviteUsers = []
+    let createUsers = []
+    users.forEach(user => (user.isInvitee ? inviteUsers.push(user) : createUsers.push(user)))
+
+    // create user
+    await Promise.all(
+      createUsers.map(async user => {
+        user.domains = [newDomain]
+        user.password = User.encode(user.password, user.salt)
+        user.salt = User.generateSalt()
+        user.passwordUpdatedAt = new Date()
+        user.userType = 'user'
+        user.roles = filterUserRoles(user.roles, newRoles)
+
+        return await userRepository.save(user)
+      })
+    )
+
+    // invite user
+    await Promise.all(
+      inviteUsers.map(async inviteUser => {
+        const user: User = await userRepository.findOne({
+          where: { email: inviteUser.email },
+          relations: ['domains', 'roles']
+        })
+
+        user.domains = [...user.domains, newDomain]
+        user.roles = [...user.roles, ...filterUserRoles(inviteUser.roles, newRoles)]
+
+        return await userRepository.save(user)
+      })
+    )
+
+    // domain owner
+    const { id } = await userRepository.findOne({ where: { email: ILike(domainOwner.email) } })
+    newDomain.owner = id
+    return await domainRepository.save(newDomain)
+  }
+}
+
+function filterUserRoles(userRoles: Role[], newRoles: Role[]): Role[] {
+  const userRoleNames: string[] = userRoles.map((r: Role) => r.name)
+  return newRoles.filter((r: Role) => userRoleNames.indexOf(r.name) >= 0)
+}

package/server/service/domain-generator/domain-generator-types.ts

@@ -0,0 +1,46 @@
+import { Field, InputType } from 'type-graphql'
+import { GraphQLEmailAddress } from 'graphql-scalars'
+import { DomainInput } from '@things-factory/shell'
+import { NewRole } from '../role/role-types'
+
+@InputType()
+export class DomainGeneratorInput {
+  @Field()
+  name: string
+
+  @Field({ nullable: true })
+  description?: string
+}
+
+@InputType()
+export class DomainUserRoleInput {
+  @Field(type => DomainInput)
+  domain: DomainInput
+
+  @Field(type => [NewUserByDomainWizardInput])
+  users: NewUserByDomainWizardInput[]
+
+  @Field(type => [NewRole])
+  roles: NewRole[]
+}
+
+@InputType()
+export class NewUserByDomainWizardInput {
+  @Field()
+  name: string
+
+  @Field(type => GraphQLEmailAddress)
+  email: string
+
+  @Field({ nullable: true })
+  password: string
+
+  @Field({ nullable: true })
+  isInvitee: Boolean
+
+  @Field()
+  owner: Boolean
+
+  @Field(type => [NewRole])
+  roles: NewRole[]
+}

package/server/service/domain-generator/index.ts

@@ -0,0 +1,3 @@
+import { DomainGeneratorMutation } from './domain-generator-mutation'
+
+export const resolvers = [DomainGeneratorMutation]