npm - @things-factory/auth-base - Versions diffs - 8.0.0-beta.9 → 8.0.2 - Mend

@things-factory/auth-base 8.0.0-beta.9 → 8.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/client/actions/auth.ts +24 -0
package/client/auth.ts +272 -0
package/client/bootstrap.ts +47 -0
package/client/directive/privileged.ts +28 -0
package/client/index.ts +3 -0
package/client/profiled.ts +83 -0
package/client/reducers/auth.ts +31 -0
package/dist-client/index.d.ts +0 -1
package/dist-client/index.js +0 -1
package/dist-client/index.js.map +1 -1
package/dist-client/tsconfig.tsbuildinfo +1 -1
package/dist-server/constants/error-code.d.ts +0 -2
package/dist-server/constants/error-code.js +1 -3
package/dist-server/constants/error-code.js.map +1 -1
package/dist-server/controllers/change-pwd.js +2 -2
package/dist-server/controllers/change-pwd.js.map +1 -1
package/dist-server/controllers/delete-user.js +12 -13
package/dist-server/controllers/delete-user.js.map +1 -1
package/dist-server/controllers/invitation.d.ts +1 -2
package/dist-server/controllers/invitation.js +5 -30
package/dist-server/controllers/invitation.js.map +1 -1
package/dist-server/controllers/profile.d.ts +3 -4
package/dist-server/controllers/profile.js +2 -20
package/dist-server/controllers/profile.js.map +1 -1
package/dist-server/controllers/signin.d.ts +1 -4
package/dist-server/controllers/signin.js +1 -17
package/dist-server/controllers/signin.js.map +1 -1
package/dist-server/controllers/signup.js +4 -13
package/dist-server/controllers/signup.js.map +1 -1
package/dist-server/controllers/unlock-user.js +0 -1
package/dist-server/controllers/unlock-user.js.map +1 -1
package/dist-server/controllers/verification.js +0 -1
package/dist-server/controllers/verification.js.map +1 -1
package/dist-server/middlewares/signin-middleware.js +4 -9
package/dist-server/middlewares/signin-middleware.js.map +1 -1
package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
package/dist-server/migrations/1548206416130-SeedUser.js +1 -2
package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
package/dist-server/router/auth-checkin-router.js +2 -8
package/dist-server/router/auth-checkin-router.js.map +1 -1
package/dist-server/router/auth-private-process-router.js +7 -12
package/dist-server/router/auth-private-process-router.js.map +1 -1
package/dist-server/router/auth-public-process-router.js +9 -20
package/dist-server/router/auth-public-process-router.js.map +1 -1
package/dist-server/router/auth-signin-router.js +3 -3
package/dist-server/router/auth-signin-router.js.map +1 -1
package/dist-server/router/webauthn-router.js +1 -51
package/dist-server/router/webauthn-router.js.map +1 -1
package/dist-server/service/invitation/invitation-mutation.d.ts +2 -3
package/dist-server/service/invitation/invitation-mutation.js +8 -20
package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
package/dist-server/service/user/user-mutation.d.ts +9 -10
package/dist-server/service/user/user-mutation.js +54 -112
package/dist-server/service/user/user-mutation.js.map +1 -1
package/dist-server/service/user/user-types.d.ts +0 -1
package/dist-server/service/user/user-types.js +0 -4
package/dist-server/service/user/user-types.js.map +1 -1
package/dist-server/service/user/user.d.ts +0 -1
package/dist-server/service/user/user.js +14 -40
package/dist-server/service/user/user.js.map +1 -1
package/dist-server/templates/account-unlock-email.d.ts +1 -2
package/dist-server/templates/account-unlock-email.js +1 -1
package/dist-server/templates/account-unlock-email.js.map +1 -1
package/dist-server/templates/invitation-email.d.ts +1 -2
package/dist-server/templates/invitation-email.js +1 -1
package/dist-server/templates/invitation-email.js.map +1 -1
package/dist-server/templates/verification-email.d.ts +1 -2
package/dist-server/templates/verification-email.js +1 -1
package/dist-server/templates/verification-email.js.map +1 -1
package/dist-server/tsconfig.tsbuildinfo +1 -1
package/package.json +6 -6
package/server/constants/error-code.ts +20 -0
package/server/constants/error-message.ts +0 -0
package/server/constants/max-age.ts +1 -0
package/server/controllers/auth.ts +5 -0
package/server/controllers/change-pwd.ts +99 -0
package/server/controllers/checkin.ts +21 -0
package/server/controllers/delete-user.ts +68 -0
package/server/controllers/invitation.ts +132 -0
package/server/controllers/profile.ts +28 -0
package/server/controllers/reset-password.ts +126 -0
package/server/controllers/signin.ts +79 -0
package/server/controllers/signup.ts +60 -0
package/server/controllers/unlock-user.ts +61 -0
package/server/controllers/utils/make-invitation-token.ts +5 -0
package/server/controllers/utils/make-verification-token.ts +4 -0
package/server/controllers/utils/password-rule.ts +120 -0
package/server/controllers/utils/save-invitation-token.ts +10 -0
package/server/controllers/utils/save-verification-token.ts +12 -0
package/server/controllers/verification.ts +83 -0
package/server/errors/auth-error.ts +24 -0
package/server/errors/index.ts +2 -0
package/server/errors/user-domain-not-match-error.ts +29 -0
package/server/index.ts +37 -0
package/server/middlewares/authenticate-401-middleware.ts +114 -0
package/server/middlewares/domain-authenticate-middleware.ts +78 -0
package/server/middlewares/graphql-authenticate-middleware.ts +13 -0
package/server/middlewares/index.ts +67 -0
package/server/middlewares/jwt-authenticate-middleware.ts +84 -0
package/server/middlewares/signin-middleware.ts +55 -0
package/server/middlewares/webauthn-middleware.ts +127 -0
package/server/migrations/1548206416130-SeedUser.ts +59 -0
package/server/migrations/1566805283882-SeedPrivilege.ts +28 -0
package/server/migrations/index.ts +9 -0
package/server/router/auth-checkin-router.ts +107 -0
package/server/router/auth-private-process-router.ts +107 -0
package/server/router/auth-public-process-router.ts +302 -0
package/server/router/auth-signin-router.ts +55 -0
package/server/router/auth-signup-router.ts +95 -0
package/server/router/index.ts +9 -0
package/server/router/oauth2/index.ts +2 -0
package/server/router/oauth2/oauth2-authorize-router.ts +81 -0
package/server/router/oauth2/oauth2-router.ts +165 -0
package/server/router/oauth2/oauth2-server.ts +262 -0
package/server/router/oauth2/passport-oauth2-client-password.ts +87 -0
package/server/router/oauth2/passport-refresh-token.ts +87 -0
package/server/router/path-base-domain-router.ts +8 -0
package/server/router/site-root-router.ts +48 -0
package/server/router/webauthn-router.ts +87 -0
package/server/routes.ts +80 -0
package/server/service/app-binding/app-binding-mutation.ts +22 -0
package/server/service/app-binding/app-binding-query.ts +92 -0
package/server/service/app-binding/app-binding-types.ts +11 -0
package/server/service/app-binding/app-binding.ts +17 -0
package/server/service/app-binding/index.ts +4 -0
package/server/service/appliance/appliance-mutation.ts +113 -0
package/server/service/appliance/appliance-query.ts +76 -0
package/server/service/appliance/appliance-types.ts +56 -0
package/server/service/appliance/appliance.ts +133 -0
package/server/service/appliance/index.ts +6 -0
package/server/service/application/application-mutation.ts +104 -0
package/server/service/application/application-query.ts +98 -0
package/server/service/application/application-types.ts +76 -0
package/server/service/application/application.ts +216 -0
package/server/service/application/index.ts +6 -0
package/server/service/auth-provider/auth-provider-mutation.ts +159 -0
package/server/service/auth-provider/auth-provider-parameter-spec.ts +24 -0
package/server/service/auth-provider/auth-provider-query.ts +88 -0
package/server/service/auth-provider/auth-provider-type.ts +67 -0
package/server/service/auth-provider/auth-provider.ts +155 -0
package/server/service/auth-provider/index.ts +7 -0
package/server/service/domain-generator/domain-generator-mutation.ts +117 -0
package/server/service/domain-generator/domain-generator-types.ts +46 -0
package/server/service/domain-generator/index.ts +3 -0
package/server/service/granted-role/granted-role-mutation.ts +156 -0
package/server/service/granted-role/granted-role-query.ts +60 -0
package/server/service/granted-role/granted-role.ts +27 -0
package/server/service/granted-role/index.ts +6 -0
package/server/service/index.ts +90 -0
package/server/service/invitation/index.ts +6 -0
package/server/service/invitation/invitation-mutation.ts +63 -0
package/server/service/invitation/invitation-query.ts +33 -0
package/server/service/invitation/invitation-types.ts +11 -0
package/server/service/invitation/invitation.ts +63 -0
package/server/service/login-history/index.ts +5 -0
package/server/service/login-history/login-history-query.ts +51 -0
package/server/service/login-history/login-history-type.ts +12 -0
package/server/service/login-history/login-history.ts +45 -0
package/server/service/partner/index.ts +6 -0
package/server/service/partner/partner-mutation.ts +61 -0
package/server/service/partner/partner-query.ts +102 -0
package/server/service/partner/partner-types.ts +11 -0
package/server/service/partner/partner.ts +57 -0
package/server/service/password-history/index.ts +3 -0
package/server/service/password-history/password-history.ts +16 -0
package/server/service/privilege/index.ts +6 -0
package/server/service/privilege/privilege-directive.ts +77 -0
package/server/service/privilege/privilege-mutation.ts +92 -0
package/server/service/privilege/privilege-query.ts +94 -0
package/server/service/privilege/privilege-types.ts +60 -0
package/server/service/privilege/privilege.ts +102 -0
package/server/service/role/index.ts +6 -0
package/server/service/role/role-mutation.ts +109 -0
package/server/service/role/role-query.ts +155 -0
package/server/service/role/role-types.ts +81 -0
package/server/service/role/role.ts +72 -0
package/server/service/user/domain-query.ts +24 -0
package/server/service/user/index.ts +7 -0
package/server/service/user/user-mutation.ts +413 -0
package/server/service/user/user-query.ts +145 -0
package/server/service/user/user-types.ts +97 -0
package/server/service/user/user.ts +354 -0
package/server/service/users-auth-providers/index.ts +5 -0
package/server/service/users-auth-providers/users-auth-providers.ts +71 -0
package/server/service/verification-token/index.ts +3 -0
package/server/service/verification-token/verification-token.ts +60 -0
package/server/service/web-auth-credential/index.ts +3 -0
package/server/service/web-auth-credential/web-auth-credential.ts +67 -0
package/server/templates/account-unlock-email.ts +65 -0
package/server/templates/invitation-email.ts +66 -0
package/server/templates/reset-password-email.ts +65 -0
package/server/templates/verification-email.ts +66 -0
package/server/types.ts +21 -0
package/server/utils/accepts.ts +11 -0
package/server/utils/access-token-cookie.ts +61 -0
package/server/utils/check-permission.ts +52 -0
package/server/utils/check-user-belongs-domain.ts +19 -0
package/server/utils/check-user-has-role.ts +29 -0
package/server/utils/encrypt-state.ts +22 -0
package/server/utils/get-aes-256-key.ts +13 -0
package/server/utils/get-domain-from-hostname.ts +7 -0
package/server/utils/get-domain-users.ts +38 -0
package/server/utils/get-secret.ts +13 -0
package/server/utils/get-user-domains.ts +112 -0
package/translations/en.json +1 -5
package/translations/ja.json +1 -5
package/translations/ko.json +3 -6
package/translations/ms.json +1 -5
package/translations/zh.json +1 -5
package/dist-client/verify-webauthn.d.ts +0 -13
package/dist-client/verify-webauthn.js +0 -72
package/dist-client/verify-webauthn.js.map +0 -1

package/server/service/user/user.ts ADDED Viewed

@@ -0,0 +1,354 @@
+import crypto from 'crypto'
+import jwt from 'jsonwebtoken'
+import { Directive, Field, ID, ObjectType } from 'type-graphql'
+import { GraphQLEmailAddress } from 'graphql-scalars'
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  JoinTable,
+  ManyToMany,
+  ManyToOne,
+  OneToMany,
+  PrimaryGeneratedColumn,
+  RelationId,
+  UpdateDateColumn
+} from 'typeorm'
+import { config } from '@things-factory/env'
+import { Domain, getRepository } from '@things-factory/shell'
+import { validatePasswordByRule } from '../../controllers/utils/password-rule'
+import { AuthError } from '../../errors/auth-error'
+import { SECRET } from '../../utils/get-secret'
+import { Role } from '../role/role'
+import { Privilege } from '../privilege/privilege'
+import { WebAuthCredential } from '../web-auth-credential/web-auth-credential'
+import { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'
+import { getDomainsWithPrivilege } from '../../utils/get-user-domains'
+const ORMCONFIG = config.get('ormconfig', {})
+const DATABASE_TYPE = ORMCONFIG.type
+const sessionExpirySeconds = Number(config.get('session/expirySeconds')) || '7d'
+export enum UserStatus {
+  INACTIVE = 'inactive',
+  ACTIVATED = 'activated',
+  DELETED = 'deleted',
+  LOCKED = 'locked',
+  BANNED = 'banned',
+  PWD_RESET_REQUIRED = 'password_reset_required'
+}
+@Entity()
+@Index('ix_user_0', (user: User) => [user.email], { unique: true })
+@ObjectType()
+export class User {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id: string
+  @Column()
+  @Field({ nullable: true })
+  name: string
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  description: string
+  @ManyToMany(type => Domain)
+  @JoinTable({ name: 'users_domains' })
+  @Field(type => [Domain])
+  domains?: Domain[]
+  @Column()
+  @Field(type => GraphQLEmailAddress)
+  email: string
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({
+    nullable: true,
+    type:
+      DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? 'longtext'
+        : DATABASE_TYPE == 'oracle'
+          ? 'clob'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    length: DATABASE_TYPE == 'mssql' ? 'MAX' : undefined
+  })
+  password: string
+  @ManyToMany(type => Role, role => role.users)
+  @JoinTable({ name: 'users_roles' })
+  @Field(type => [Role])
+  roles?: Role[]
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  userType: string // default: 'user', enum: 'user', 'application', 'appliance'
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  reference: string
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true })
+  salt: string
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  locale: string
+  @Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
+  @Column({ nullable: true })
+  @Field({ nullable: true })
+  ssoId: string
+  @Column({
+    type:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? 'enum'
+        : DATABASE_TYPE == 'oracle'
+          ? 'varchar2'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    enum:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? UserStatus : undefined,
+    length: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? undefined : 32,
+    default: UserStatus.INACTIVE
+  })
+  @Field(type => String)
+  status: UserStatus
+  @Column({ type: 'smallint', default: 0 })
+  failCount: number
+  @Column({ nullable: true })
+  passwordUpdatedAt: Date
+  @Field({ nullable: true })
+  owner: boolean /* should not be a column */
+  @OneToMany(() => WebAuthCredential, credential => credential.user)
+  credentials: WebAuthCredential[]
+  @OneToMany(() => UsersAuthProviders, usersAuthProviders => usersAuthProviders.user)
+  @Field(type => [UsersAuthProviders], { nullable: true })
+  usersAuthProviders: UsersAuthProviders[]
+  @ManyToOne(type => User, { nullable: true })
+  @Field({ nullable: true })
+  creator: User
+  @RelationId((user: User) => user.creator)
+  creatorId: string
+  @ManyToOne(type => User, { nullable: true })
+  @Field({ nullable: true })
+  updater: User
+  @RelationId((user: User) => user.updater)
+  updaterId: string
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt: Date
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt: Date
+  /* signing for jsonwebtoken */
+  async sign(options?) {
+    var { expiresIn = sessionExpirySeconds, subdomain } = options || {}
+    var user = {
+      id: this.id,
+      userType: this.userType,
+      status: this.status,
+      domain: {
+        subdomain
+      }
+    }
+    return await jwt.sign(user, SECRET, {
+      expiresIn,
+      issuer: 'hatiolab.com',
+      subject: 'user'
+    })
+  }
+  /* validate password through password rule */
+  static validatePasswordByRule(password, lng) {
+    validatePasswordByRule(password, lng)
+  }
+  /* generate salt */
+  static generateSalt() {
+    return crypto.randomBytes(16).toString('hex')
+  }
+  /* encode password */
+  static encode(password: string, salt) {
+    return crypto
+      .createHmac('sha256', salt || SECRET)
+      .update(password)
+      .digest('base64')
+  }
+  /* verify password */
+  static verify(hashed, password, salt) {
+    return (
+      hashed ==
+        crypto
+          .createHmac('sha256', salt || SECRET)
+          .update(password)
+          .digest('base64') ||
+      hashed ==
+        crypto
+          .createHmac('sha1', salt || SECRET)
+          .update(password)
+          .digest('base64')
+    )
+  }
+  static async checkAuthWithEmail(decoded) {
+    if (!decoded?.email) {
+      throw new AuthError({
+        errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
+      })
+    }
+    const repository = getRepository(User)
+    var user = await repository.findOne({
+      where: { email: decoded.email },
+      relations: ['domains'],
+      cache: true
+    })
+    if (!user)
+      throw new AuthError({
+        errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
+      })
+    else {
+      switch (user.status) {
+        case UserStatus.INACTIVE:
+          throw new AuthError({
+            errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
+            detail: {
+              email: user.email
+            }
+          })
+        case UserStatus.LOCKED:
+          throw new AuthError({
+            errorCode: AuthError.ERROR_CODES.USER_LOCKED,
+            detail: {
+              email: user.email
+            }
+          })
+        case UserStatus.DELETED:
+          throw new AuthError({
+            errorCode: AuthError.ERROR_CODES.USER_DELETED
+          })
+      }
+      return user
+    }
+  }
+  static async checkAuth(decoded) {
+    if (decoded?.id === undefined) {
+      throw new AuthError({
+        errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
+      })
+    }
+    const repository = getRepository(User)
+    var user = await repository.findOne({
+      where: { id: decoded.id },
+      relations: ['domains', 'credentials'],
+      cache: true
+    })
+    if (!user)
+      throw new AuthError({
+        errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
+      })
+    else {
+      switch (user.status) {
+        case UserStatus.INACTIVE:
+          throw new AuthError({
+            errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
+            detail: {
+              email: user.email
+            }
+          })
+        case UserStatus.LOCKED:
+          throw new AuthError({
+            errorCode: AuthError.ERROR_CODES.USER_LOCKED,
+            detail: {
+              email: user.email
+            }
+          })
+        case UserStatus.DELETED:
+          throw new AuthError({
+            errorCode: AuthError.ERROR_CODES.USER_DELETED
+          })
+      }
+      const { defaultPassword } = config.get('password')
+      if (defaultPassword && user.password === this.encode(defaultPassword, user.salt)) {
+        user.status = UserStatus.PWD_RESET_REQUIRED
+      }
+      return user
+    }
+  }
+  static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User): Promise<boolean> {
+    const result = await getRepository(Privilege)
+      .createQueryBuilder('privilege')
+      .innerJoin('privilege.roles', 'role')
+      .innerJoin('role.users', 'user')
+      .where('privilege.category = :category', { category })
+      .andWhere('privilege.name = :privilege', { privilege })
+      .andWhere('user.id = :userId', { userId: user.id })
+      .andWhere('role.domain.id = :domainId', { domainId: domain.id })
+      .getCount()
+    return result > 0
+  }
+  static async getPrivilegesByDomain(user: User, domain: Domain): Promise<{ category: string; privilege: string }[]> {
+    const result = await getRepository(User)
+      .createQueryBuilder('user')
+      .leftJoinAndSelect('user.roles', 'role')
+      .leftJoinAndSelect('role.privileges', 'privilege')
+      .select(['privilege.name AS privilege', 'privilege.category AS category'])
+      .where('user.id = :userId', { userId: user.id })
+      .andWhere('role.domain.id = :domainId', { domainId: domain.id })
+      .orderBy('privilege.category')
+      .addOrderBy('privilege.name')
+      .getRawMany()
+    const distinct = result.reduce((acc, current) => {
+      const last = acc[acc.length - 1]
+      if (!last || last.privilege !== current.privilege || last.category !== current.category) {
+        acc.push(current)
+      }
+      return acc
+    }, [])
+    return distinct
+  }
+  static async getDomainsWithPrivilege(privilege: string, category: string, user: User) {
+    return getDomainsWithPrivilege(user, privilege, category)
+  }
+}

package/server/service/users-auth-providers/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { UsersAuthProviders } from './users-auth-providers'
+export const entities = [UsersAuthProviders]
+export const resolvers = []
+export const subscribers = []

package/server/service/users-auth-providers/users-auth-providers.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import {
+  CreateDateColumn,
+  UpdateDateColumn,
+  DeleteDateColumn,
+  Entity,
+  Index,
+  Column,
+  RelationId,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  VersionColumn
+} from 'typeorm'
+import { ObjectType, Field, Int, ID, registerEnumType } from 'type-graphql'
+import { Domain } from '@things-factory/shell'
+import { User } from '../user/user'
+import { AuthProvider } from '../auth-provider/auth-provider'
+@Entity()
+@Index(
+  'ix_users_auth_providers_0',
+  (usersAuthProviders: UsersAuthProviders) => [
+    usersAuthProviders.domain,
+    usersAuthProviders.user,
+    usersAuthProviders.authProvider
+  ],
+  { unique: true }
+)
+@ObjectType({ description: 'Entity for UsersAuthProviders' })
+export class UsersAuthProviders {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id: string
+  @ManyToOne(type => Domain)
+  @Field(type => Domain)
+  domain?: Domain
+  @RelationId((usersAuthProviders: UsersAuthProviders) => usersAuthProviders.domain)
+  domainId?: string
+  @ManyToOne(() => User, user => user.usersAuthProviders, {
+    onDelete: 'CASCADE'
+  })
+  @Field(type => User, { nullable: true })
+  user: User
+  @RelationId((usersAuthProviders: UsersAuthProviders) => usersAuthProviders.user)
+  userId?: string
+  @ManyToOne(() => AuthProvider, authProvider => authProvider.usersAuthProviders, {
+    onDelete: 'CASCADE'
+  })
+  @Field(type => AuthProvider, { nullable: true })
+  authProvider: AuthProvider
+  @RelationId((usersAuthProviders: UsersAuthProviders) => usersAuthProviders.authProvider)
+  authProviderId?: string
+  @Column()
+  @Field({ nullable: true })
+  ssoId: string
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt?: Date
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt: Date
+}

package/server/service/verification-token/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { VerificationToken, VerificationTokenType } from './verification-token'
+export const entities = [VerificationToken, VerificationTokenType]

package/server/service/verification-token/verification-token.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import { Column, CreateDateColumn, Entity, PrimaryColumn, UpdateDateColumn } from 'typeorm'
+import { config } from '@things-factory/env'
+import { ObjectType, Field, ID } from 'type-graphql'
+const ORMCONFIG = config.get('ormconfig', {})
+const DATABASE_TYPE = ORMCONFIG.type
+export enum VerificationTokenType {
+  ACTIVATION = 'activation',
+  PASSWORD_RESET = 'password-reset',
+  UNLOCK = 'unlock',
+  REQUEST_ACCESS_TOKEN = 'access-token'
+}
+@Entity()
+@ObjectType()
+export class VerificationToken {
+  @PrimaryColumn()
+  @Field(type => ID)
+  userId: string
+  @Column({
+    nullable: false
+  })
+  @Field()
+  token: string
+  @Column({
+    nullable: false,
+    type:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? 'enum'
+        : DATABASE_TYPE == 'oracle'
+          ? 'varchar2'
+          : DATABASE_TYPE == 'mssql'
+            ? 'nvarchar'
+            : 'varchar',
+    enum:
+      DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
+        ? VerificationTokenType
+        : undefined,
+    length: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? undefined : 32,
+    default: VerificationTokenType.ACTIVATION
+  })
+  @Field()
+  type: VerificationTokenType
+  @Column({
+    nullable: true
+  })
+  @Field({ nullable: true })
+  suppliment: string
+  @CreateDateColumn()
+  @Field()
+  createdAt: Date
+  @UpdateDateColumn()
+  @Field()
+  updatedAt: Date
+}

package/server/service/web-auth-credential/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { WebAuthCredential } from './web-auth-credential'
+export const entities = [WebAuthCredential]

package/server/service/web-auth-credential/web-auth-credential.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { Field, ID } from 'type-graphql'
+import {
+  CreateDateColumn,
+  UpdateDateColumn,
+  Entity,
+  Index,
+  Column,
+  RelationId,
+  ManyToOne,
+  PrimaryGeneratedColumn
+} from 'typeorm'
+import { User } from '../user/user'
+import { AuthenticatorTransportFuture } from '@simplewebauthn/server/script/deps'
+@Entity()
+@Index(
+  'ix_web_auth_credential_0',
+  (webAuthCredential: WebAuthCredential) => [webAuthCredential.user, webAuthCredential.credentialId],
+  { unique: true }
+)
+export class WebAuthCredential {
+  @PrimaryGeneratedColumn('uuid')
+  @Field(type => ID)
+  readonly id: string
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  user?: User
+  @RelationId((webAuthCredential: WebAuthCredential) => webAuthCredential.user)
+  userId?: string
+  @Column()
+  @Field({ nullable: true })
+  credentialId: string
+  @Column()
+  @Field({ nullable: true })
+  publicKey: string
+  @Column()
+  @Field({ nullable: true })
+  counter: number
+  @CreateDateColumn()
+  @Field({ nullable: true })
+  createdAt?: Date
+  @UpdateDateColumn()
+  @Field({ nullable: true })
+  updatedAt?: Date
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  creator?: User
+  @RelationId((webAuthCredential: WebAuthCredential) => webAuthCredential.creator)
+  creatorId?: string
+  @ManyToOne(type => User, { nullable: true })
+  @Field(type => User, { nullable: true })
+  updater?: User
+  @RelationId((webAuthCredential: WebAuthCredential) => webAuthCredential.updater)
+  updaterId?: string
+}

package/server/templates/account-unlock-email.ts ADDED Viewed

@@ -0,0 +1,65 @@
+export function getUnlockUserEmailForm({ name, resetUrl }) {
+  return `
+  <html lang="en">
+    <head>
+      <meta charset="utf-8" />
+      <title>reset password</title>
+      <meta name="description" content="Password Reset" />
+      <meta name="author" content="hatiolab" />
+      <meta name="google" content="notranslate"/>
+    </head>
+    <body>
+      <div style="background-color:#f6f6f6">
+        <!--header begin-->
+        <div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
+          <a href="#" target="_blank"
+            ><img
+              src="http://www.hatiolab.com/assets/img/logo-operato.png"
+              style="max-height:50px"
+          /></a>
+        </div>
+        <!--header end-->
+        <!--title begin-->
+        <div
+          style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
+        >
+          <img
+            src="http://www.hatiolab.com/assets/img/icon-mail.png"
+            style="float:left;margin:0 10px 0 40px"
+          />
+          <span style="display:block;color:#fff;font-size:20px"
+            >Hi ${name}!</span
+          >
+          <span style="display:block;color:#fff;font-size:34px;font-weight:bold"
+            >Unlock Account</span
+          >
+        </div>
+        <!--title end-->
+        <!--body begin-->
+        <p style="padding:10px 20px;line-height:1.5;font-size:16px">
+          Click the button below to unlock account and reset password.
+          <br />
+          <a
+            href="${resetUrl}"
+            style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
+            >unlock account</a
+          >
+        </p>
+        <!--body end-->
+        <!--footer begin-->
+        <div
+          style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
+        >
+          © Hatio, Lab. Inc. All rights reserved.
+        </div>
+        <!--footer end-->
+      </div>
+    </body>
+  </html>
+  `
+}

package/server/templates/invitation-email.ts ADDED Viewed

@@ -0,0 +1,66 @@
+export function getInvitationEmailForm({ email, acceptUrl }) {
+  return `
+  <html lang="en">
+    <head>
+      <meta charset="utf-8" />
+      <title>Invitation from Operato</title>
+      <meta name="description" content="Invitation" />
+      <meta name="author" content="hatiolab" />
+      <meta name="google" content="notranslate"/>
+    </head>
+    <body>
+      <div style="background-color:#f6f6f6">
+        <!--header begin-->
+        <div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
+          <a href="#" target="_blank"
+            ><img
+              src="http://www.hatiolab.com/assets/img/logo-operato.png"
+              style="max-height:50px"
+          /></a>
+        </div>
+        <!--header end-->
+        <!--title begin-->
+        <div
+          style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
+        >
+          <img
+            src="http://www.hatiolab.com/assets/img/icon-mail.png"
+            style="float:left;margin:0 10px 0 40px"
+          />
+          <span style="display:block;color:#fff;font-size:20px"
+            >Hi ${email}!</span
+          >
+          <span style="display:block;color:#fff;font-size:34px;font-weight:bold"
+            >Verify your email</span
+          >
+        </div>
+        <!--title end-->
+        <!--body begin-->
+        <p style="padding:10px 20px;line-height:1.5;font-size:16px">
+          You're invited from Operato.
+          Simply click the button below to verify your email address.
+          <br />
+          <a
+            href="${acceptUrl}"
+            style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
+            >Verify</a
+          >
+        </p>
+        <!--body end-->
+        <!--footer begin-->
+        <div
+          style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
+        >
+          © Hatio, Lab. Inc. All rights reserved.
+        </div>
+        <!--footer end-->
+      </div>
+    </body>
+  </html>
+  `
+}