@things-factory/auth-base 8.0.0 → 9.0.0-beta.3

package/server/service/partner/partner-mutation.ts

@@ -1,61 +0,0 @@
-import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
-
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { terminateGrantedRoles } from '../granted-role/granted-role-mutation'
-import { Partner } from './partner'
-
-@Resolver(Partner)
-export class PartnerMutation {
-  @Directive('@privilege(category: "partner", privilege: "mutation")')
-  @Mutation(returns => Boolean)
-  async inviteCustomer(@Arg('customerDomainName') customerDomainName: string, @Ctx() context: ResolverContext) {
-    // 1. Try to find existing customer
-    const { domain, user } = context.state
-    const customerDomain: Domain = await getRepository(Domain).findOne({ where: { name: customerDomainName } })
-    if (!customerDomain) throw new Error(`There's no customer which has ${customerDomainName} as name`)
-
-    const isExistingCustomer: boolean = Boolean(
-      await getRepository(Partner).count({
-        where: { domain: { id: domain.id }, partnerDomain: { id: customerDomain.id } }
-      })
-    )
-    if (isExistingCustomer) throw new Error('Partner is registered as customer already')
-
-    await getRepository(Partner).save({
-      domain,
-      partnerDomain: customerDomain,
-      requester: user,
-      approver: user
-    })
-
-    return true
-  }
-
-  @Directive('@privilege(category: "partner", privilege: "mutation")')
-  @Directive('@transaction')
-  @Mutation(returns => Boolean)
-  async terminateContract(@Arg('partnerName') partnerName: string, @Ctx() context: ResolverContext) {
-    const { tx, domain } = context.state
-
-    // Find partnerDomain
-    const partnerDomain: Domain = await tx.getRepository(Domain).findOne({
-      where: { name: partnerName }
-    })
-    if (!partnerDomain) throw new Error(context.t('error.failed to find x', { x: context.t('label.partner') }))
-
-    // Find partner
-    const partner: Partner = await tx.getRepository(Partner).findOne({
-      where: { domain: { id: domain.id }, partnerDomain: { id: partnerDomain.id } }
-    })
-    if (!partner) throw new Error(context.t('error.failed to find x', { x: context.t('label.partner') }))
-
-    // Remove record from partner
-    await tx.getRepository(Partner).delete(partner.id)
-
-    // Remove granted roles
-    await terminateGrantedRoles(domain, partnerDomain, tx)
-
-    return true
-  }
-}

package/server/service/partner/partner-query.ts

@@ -1,102 +0,0 @@
-import { Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
-import { SelectQueryBuilder } from 'typeorm'
-
-import { Domain, DomainList, getRepository, ListParam, getQueryBuilderFromListParams } from '@things-factory/shell'
-
-import { checkUserBelongsDomain } from '../../utils/check-user-belongs-domain'
-import { User } from '../user/user'
-import { Partner } from './partner'
-import { PartnerList } from './partner-types'
-
-@Resolver(Partner)
-export class PartnerQuery {
-  @Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
-  @Query(returns => PartnerList)
-  async partners(@Args(type => ListParam) params: ListParam, @Ctx() context: ResolverContext): Promise<PartnerList> {
-    if (await checkUserBelongsDomain(context.state.domain, context.state.user)) {
-      const { domain } = context.state
-
-      const queryBuilder = getQueryBuilderFromListParams({
-        domain,
-        params,
-        repository: getRepository(Partner),
-        alias: 'partner'
-      })
-
-      const [items, total] = await queryBuilder.getManyAndCount()
-
-      return { items, total }
-    } else {
-      throw new Error(`User doesn't belong in current domain`)
-    }
-  }
-
-  @Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
-  @Query(returns => [Domain])
-  async customers(@Ctx() context: ResolverContext): Promise<Domain[]> {
-    const { domain } = context.state
-    const partners: Partner[] = await getRepository(Partner).find({
-      where: { domain: { id: domain.id } },
-      relations: ['partnerDomain']
-    })
-
-    return partners.map((p: Partner) => p.partnerDomain)
-  }
-
-  @Directive('@privilege(category: "partner", privilege: "query")')
-  @Query(returns => DomainList)
-  async searchCustomers(
-    @Args(type => ListParam) params: ListParam,
-    @Ctx() context: ResolverContext
-  ): Promise<DomainList> {
-    const { domain } = context.state
-    const partners: Partner[] = await getRepository(Partner).find({
-      where: { domain: { id: domain.id } },
-      relations: ['partnerDomain']
-    })
-
-    const qb: SelectQueryBuilder<Domain> = await getQueryBuilderFromListParams({
-      repository: getRepository(Domain),
-      params,
-      searchables: ['name', 'description']
-    })
-
-    qb.andWhereInIds(partners.map((p: Partner) => p.partnerDomain.id))
-    const [items, total] = await qb.getManyAndCount()
-    return { items, total }
-  }
-
-  @Directive('@privilege(category: "partner", privilege: "query", domainOwnerGranted: true)')
-  @Query(returns => [Domain])
-  async vendors(@Ctx() context: ResolverContext): Promise<Domain[]> {
-    const { domain } = context.state
-    const qb: SelectQueryBuilder<Partner> = getRepository(Partner).createQueryBuilder('PARTNER')
-    const partners: Partner[] = await qb
-      .leftJoinAndSelect('PARTNER.domain', 'DOMAIN')
-      .leftJoinAndSelect('PARTNER.partnerDomain', 'P_DOMAIN')
-      .where('P_DOMAIN.id = :domainId', { domainId: domain.id })
-      .getMany()
-
-    return partners.map((p: Partner) => p.domain)
-  }
-
-  @FieldResolver()
-  async domain(@Root() partner: Partner) {
-    return await getRepository(Domain).findOneBy({ id: partner.domainId })
-  }
-
-  @FieldResolver()
-  async partnerDomain(@Root() partner: Partner) {
-    return await getRepository(Domain).findOneBy({ id: partner.partnerDomainId })
-  }
-
-  @FieldResolver()
-  async requester(@Root() partner: Partner) {
-    return await getRepository(User).findOneBy({ id: partner.requesterId })
-  }
-
-  @FieldResolver()
-  async approver(@Root() partner: Partner) {
-    return await getRepository(User).findOneBy({ id: partner.approverId })
-  }
-}

package/server/service/partner/partner-types.ts

@@ -1,11 +0,0 @@
-import { Field, Int, ObjectType } from 'type-graphql'
-import { Partner } from './partner'
-
-@ObjectType()
-export class PartnerList {
-  @Field(type => [Partner], { nullable: true })
-  items: Partner[]
-
-  @Field(type => Int, { nullable: true })
-  total: number
-}

package/server/service/partner/partner.ts

@@ -1,57 +0,0 @@
-import { Domain } from '@things-factory/shell'
-import {
-  CreateDateColumn,
-  Entity,
-  Index,
-  ManyToOne,
-  PrimaryGeneratedColumn,
-  UpdateDateColumn,
-  RelationId
-} from 'typeorm'
-import { ObjectType, Field, ID } from 'type-graphql'
-import { User } from '../user/user'
-
-@Entity()
-@Index('ix_partner_0', (partner: Partner) => [partner.domain, partner.partnerDomain], { unique: true })
-@ObjectType()
-export class Partner {
-  @PrimaryGeneratedColumn('uuid')
-  @Field(type => ID)
-  readonly id: string
-
-  @ManyToOne(type => Domain)
-  @Field(type => Domain)
-  domain?: Domain
-
-  @RelationId((partner: Partner) => partner.domain)
-  domainId: string
-
-  @ManyToOne(type => Domain)
-  @Field(type => Domain)
-  partnerDomain?: Domain
-
-  @RelationId((partner: Partner) => partner.partnerDomain)
-  partnerDomainId: string
-
-  @CreateDateColumn()
-  @Field({ nullable: true })
-  requestedAt: Date
-
-  @UpdateDateColumn()
-  @Field({ nullable: true })
-  approvedAt: Date
-
-  @ManyToOne(type => User, { nullable: true })
-  @Field({ nullable: true })
-  requester: User
-
-  @RelationId((partner: Partner) => partner.requester)
-  requesterId: string
-
-  @ManyToOne(type => User, { nullable: true })
-  @Field({ nullable: true })
-  approver: User
-
-  @RelationId((partner: Partner) => partner.approver)
-  approverId: string
-}

package/server/service/password-history/index.ts

@@ -1,3 +0,0 @@
-import { PasswordHistory } from './password-history'
-
-export const entities = [PasswordHistory]

package/server/service/password-history/password-history.ts

@@ -1,16 +0,0 @@
-import { Entity, Column, PrimaryColumn } from 'typeorm'
-import { ObjectType, Field, ID } from 'type-graphql'
-
-@Entity()
-@ObjectType()
-export class PasswordHistory {
-  @PrimaryColumn()
-  @Field(type => ID)
-  userId: string
-
-  @Column({
-    nullable: true
-  })
-  @Field({ nullable: true })
-  history: string
-}

package/server/service/privilege/index.ts

@@ -1,6 +0,0 @@
-import { Privilege } from './privilege'
-import { PrivilegeQuery } from './privilege-query'
-import { PrivilegeMutation } from './privilege-mutation'
-
-export const entities = [Privilege]
-export const resolvers = [PrivilegeQuery, PrivilegeMutation]

package/server/service/privilege/privilege-directive.ts

@@ -1,77 +0,0 @@
-import { defaultFieldResolver, GraphQLSchema } from 'graphql'
-import gql from 'graphql-tag'
-
-import { getDirective, MapperKind, mapSchema } from '@graphql-tools/utils'
-import { checkPermission } from '../../utils/check-permission'
-
-process['PRIVILEGES'] = {}
-
-const DIRECTIVE = 'privilege'
-
-export const privilegeDirectiveTypeDefs = gql`
-  directive @privilege(
-    category: String
-    privilege: String
-    domainOwnerGranted: Boolean
-    superUserGranted: Boolean
-  ) on FIELD_DEFINITION
-`
-export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
-  mapSchema(schema, {
-    [MapperKind.OBJECT_FIELD]: (fieldConfig, fieldName, typeName, schema) => {
-      const privilegeDirective = getDirective(schema, fieldConfig, DIRECTIVE)?.[0]
-      if (privilegeDirective) {
-        const { resolve = defaultFieldResolver, args } = fieldConfig
-
-        if (!args) {
-          throw new Error(`Unexpected Error. args should be defined in @privilege directive for field ${fieldName}.`)
-        }
-
-        const { domainOwnerGranted, superUserGranted, category, privilege } = privilegeDirective
-        if (category && privilege) {
-          process['PRIVILEGES'][`${category} ${privilege}`] = [category, privilege]
-        }
-
-        // 필드의 기존 description 가져오기
-        const existingDescription = fieldConfig.description || ''
-
-        // 권한 정보를 포함한 새로운 description 생성
-        const privilegeDescription =
-          `\n\n🔒 Requires privilege: ${category}:${privilege}` +
-          (domainOwnerGranted ? ', Domain ownership' : '') +
-          (superUserGranted ? ', System ownership' : '')
-
-        // 기존 description과 결합
-        fieldConfig.description = `${existingDescription} ${privilegeDescription}`.trim()
-
-        fieldConfig.resolve = async function (source, args, context, info) {
-          const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
-
-          if (
-            await checkPermission(
-              {
-                category,
-                privilege,
-                owner: domainOwnerGranted,
-                super: superUserGranted
-              },
-              user,
-              domain,
-              unsafeIP,
-              prohibitedPrivileges
-            )
-          ) {
-            return await resolve.call(this, source, args, context, info)
-          } else {
-            throw new Error(
-              `Unauthorized! ${
-                category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
-              } required`
-            )
-          }
-        }
-
-        return fieldConfig
-      }
-    }
-  })

package/server/service/privilege/privilege-mutation.ts

@@ -1,92 +0,0 @@
-import { Arg, Ctx, Mutation, Resolver, Directive } from 'type-graphql'
-import { In } from 'typeorm'
-
-import { getRepository } from '@things-factory/shell'
-
-import { Role } from '../role/role'
-import { Privilege } from './privilege'
-import { NewPrivilege, PrivilegePatch } from './privilege-types'
-
-@Resolver(Privilege)
-export class PrivilegeMutation {
-  @Directive('@privilege(superUserGranted:true)')
-  @Mutation(returns => Boolean, {
-    description: 'To synchronize privilege master from graphql directives. Only superuser is permitted.'
-  })
-  async synchronizePrivilegeMaster(
-    @Arg('privilege') privilege: NewPrivilege,
-    @Ctx() context: ResolverContext
-  ): Promise<Boolean> {
-    const privileges = process['PRIVILEGES']
-    const privilegeRepository = getRepository(Privilege)
-
-    for (const [category, name] of Object.values(privileges as [string, string])) {
-      if (0 == (await privilegeRepository.count({ where: { category, name } }))) {
-        await privilegeRepository.save({ category, name })
-      }
-    }
-
-    return true
-  }
-
-  @Directive('@privilege(superUserGranted:true)')
-  @Mutation(returns => Privilege, { description: 'To create new privilege' })
-  async createPrivilege(
-    @Arg('privilege') privilege: NewPrivilege,
-    @Ctx() context: ResolverContext
-  ): Promise<Privilege> {
-    if (privilege.roles && privilege.roles.length) {
-      privilege.roles = await getRepository(Role).findBy({
-        id: In(privilege.roles.map((role: Partial<Role>) => role.id))
-      })
-    }
-
-    return await getRepository(Privilege).save({
-      creator: context.state.user,
-      updater: context.state.user,
-      ...privilege
-    })
-  }
-
-  @Directive('@privilege(superUserGranted:true)')
-  @Mutation(returns => Privilege, { description: 'To modify privilege information' })
-  async updatePrivilege(
-    @Arg('name') name: string,
-    @Arg('category') category: string,
-    @Arg('patch') patch: PrivilegePatch,
-    @Ctx() context: ResolverContext
-  ): Promise<Privilege> {
-    const repository = getRepository(Privilege)
-    const privilege = await repository.findOne({
-      where: { name, category },
-      relations: ['roles', 'creator', 'updater']
-    })
-
-    const roleIds = privilege.roles.map(role => role.id)
-    if (patch.roles && patch.roles.length) {
-      patch.roles.forEach(({ id }) => {
-        if (!roleIds.includes(id)) {
-          roleIds.push(id)
-        }
-      })
-    }
-
-    return await repository.save({
-      ...privilege,
-      ...patch,
-      roles: await getRepository(Role).findByIds(roleIds),
-      updater: context.state.user
-    })
-  }
-
-  @Directive('@privilege(superUserGranted:true)')
-  @Mutation(returns => Boolean, { description: 'To delete privilege' })
-  async deletePrivilege(
-    @Arg('name') name: string,
-    @Arg('category') category: string,
-    @Ctx() context: ResolverContext
-  ): Promise<boolean> {
-    await getRepository(Privilege).delete({ name, category })
-    return true
-  }
-}

package/server/service/privilege/privilege-query.ts

@@ -1,94 +0,0 @@
-import { Arg, Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
-import { Domain, getQueryBuilderFromListParams, getRepository, ListParam } from '@things-factory/shell'
-
-import { Role } from '../role/role'
-import { User } from '../user/user'
-import { Privilege } from './privilege'
-import { PrivilegeList } from './privilege-types'
-
-@Resolver(Privilege)
-export class PrivilegeQuery {
-  @Directive('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
-  @Query(returns => PrivilegeList, { description: 'To fetch multiple privileges' })
-  async privileges(
-    @Args(type => ListParam) params: ListParam,
-    @Ctx() context: ResolverContext
-  ): Promise<PrivilegeList> {
-    const [items, total] = await getQueryBuilderFromListParams({
-      params,
-      repository: getRepository(Privilege),
-      alias: 'p',
-      searchables: ['privilege', 'category'],
-      filtersMap: {
-        privilege: {
-          columnName: 'name'
-        }
-      }
-    })
-      .orderBy('p.category', 'ASC')
-      .getManyAndCount()
-
-    return { items, total }
-  }
-
-  @Query(returns => Boolean, { description: 'To query whether I have the given permission' })
-  async hasPrivilege(
-    @Arg('privilege') privilege: string,
-    @Arg('category') category: string,
-    @Ctx() context: ResolverContext
-  ): Promise<Boolean> {
-    const { domain, user } = context.state
-    return await User.hasPrivilege(privilege, category, domain, user)
-  }
-
-  @Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })
-  async domainsWithPrivilege(
-    @Arg('privilege') privilege: string,
-    @Arg('category') category: string,
-    @Ctx() context: ResolverContext
-  ): Promise<Partial<Domain>[]> {
-    const { user } = context.state
-    return await User.getDomainsWithPrivilege(privilege, category, user)
-  }
-
-  @FieldResolver(type => String)
-  async description(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {
-    const { t } = context
-    const { name, category } = privilege
-
-    const keyname = `privilege.name.${name}`
-    const keycategory = `privilege.category.${category}`
-    const tname = t(keyname)
-    const tcategory = t(keycategory)
-
-    return t('privilege.description', {
-      name: tname === keyname ? name : tname,
-      category: tcategory === keycategory ? category : tcategory
-    })
-  }
-
-  @FieldResolver(type => String)
-  async privilege(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {
-    return privilege.name
-  }
-
-  @FieldResolver(type => [Role])
-  async roles(@Root() privilege: Privilege) {
-    return (
-      await getRepository(Privilege).findOne({
-        where: { id: privilege.id },
-        relations: ['roles']
-      })
-    ).roles
-  }
-
-  @FieldResolver(type => User)
-  async updater(@Root() privilege: Privilege): Promise<User> {
-    return await getRepository(User).findOneBy({ id: privilege.updaterId })
-  }
-
-  @FieldResolver(type => User)
-  async creator(@Root() privilege: Privilege): Promise<User> {
-    return await getRepository(User).findOneBy({ id: privilege.creatorId })
-  }
-}

package/server/service/privilege/privilege-types.ts

@@ -1,60 +0,0 @@
-import { ObjectType, InputType, Field, Int } from 'type-graphql'
-import { ObjectRef } from '@things-factory/shell'
-import { Privilege } from './privilege'
-
-@InputType()
-export class NewPrivilege {
-  @Field()
-  name: string
-
-  @Field()
-  category: string
-
-  @Field({ nullable: true })
-  description?: string
-
-  @Field(type => [ObjectRef], { nullable: true })
-  roles: ObjectRef[]
-}
-
-@InputType()
-export class PrivilegePatch {
-  @Field({ nullable: true })
-  id?: string
-
-  @Field({ nullable: true })
-  name?: string
-
-  @Field({ nullable: true })
-  category?: string
-
-  @Field({ nullable: true })
-  description?: string
-
-  @Field(type => [ObjectRef], { nullable: true })
-  roles?: ObjectRef[]
-}
-
-@ObjectType()
-export class PrivilegeList {
-  @Field(type => [Privilege], { nullable: true })
-  items: Privilege[]
-
-  @Field(type => Int, { nullable: true })
-  total: number
-}
-
-@ObjectType()
-export class UserPrivilege {
-  @Field({ nullable: true })
-  id: String
-
-  @Field({ nullable: true })
-  name: String
-
-  @Field({ nullable: true })
-  description: String
-
-  @Field({ nullable: true })
-  assigned: Boolean
-}

package/server/service/privilege/privilege.ts

@@ -1,102 +0,0 @@
-import {
-  Column,
-  CreateDateColumn,
-  Entity,
-  Index,
-  ManyToMany,
-  ManyToOne,
-  JoinTable,
-  RelationId,
-  PrimaryGeneratedColumn,
-  UpdateDateColumn
-} from 'typeorm'
-import { ObjectType, InputType, Field, ID } from 'type-graphql'
-import { Role } from '../role/role'
-import { User } from '../user/user'
-
-@ObjectType()
-export class PrivilegeObject {
-  @Field({ nullable: true })
-  privilege?: string
-
-  @Field({ nullable: true })
-  category?: string
-
-  @Field({ nullable: true })
-  owner?: boolean
-
-  @Field({ nullable: true })
-  super?: boolean
-}
-
-@InputType()
-export class PrivilegeInput {
-  @Field({ nullable: true })
-  privilege?: string
-
-  @Field({ nullable: true })
-  category?: string
-
-  @Field({ nullable: true })
-  owner?: boolean
-
-  @Field({ nullable: true })
-  super?: boolean
-}
-
-@Entity()
-@Index('ix_privilege_0', (privilege: Privilege) => [privilege.name, privilege.category], {
-  unique: false
-})
-@ObjectType()
-export class Privilege {
-  @PrimaryGeneratedColumn('uuid')
-  @Field(type => ID)
-  id: string
-
-  @Column()
-  @Field()
-  name: string
-
-  @Column()
-  @Field({ nullable: true })
-  category: string
-
-  @Column({
-    nullable: true
-  })
-  @Field({ nullable: true })
-  description: string
-
-  @ManyToMany(type => Role, role => role.privileges)
-  @JoinTable({
-    /* case M2M, JoinTable setting should be defined only one side (never set both side) */
-    name: 'roles_privileges',
-    joinColumns: [{ name: 'privileges_id', referencedColumnName: 'id' }],
-    inverseJoinColumns: [{ name: 'roles_id', referencedColumnName: 'id' }]
-  })
-  @Field(type => [Role], { nullable: true })
-  roles: Role[]
-
-  @ManyToOne(type => User, { nullable: true })
-  @Field(type => User, { nullable: true })
-  creator: User
-
-  @RelationId((privilege: Privilege) => privilege.creator)
-  creatorId: string
-
-  @ManyToOne(type => User, { nullable: true })
-  @Field(type => User, { nullable: true })
-  updater: User
-
-  @RelationId((privilege: Privilege) => privilege.updater)
-  updaterId: string
-
-  @CreateDateColumn()
-  @Field({ nullable: true })
-  createdAt: Date
-
-  @UpdateDateColumn()
-  @Field({ nullable: true })
-  updatedAt: Date
-}

package/server/service/role/index.ts

@@ -1,6 +0,0 @@
-import { Role } from './role'
-import { RoleQuery } from './role-query'
-import { RoleMutation } from './role-mutation'
-
-export const entities = [Role]
-export const resolvers = [RoleQuery, RoleMutation]