@things-factory/auth-base 8.0.0 → 9.0.0-beta.3

package/server/templates/reset-password-email.ts

@@ -1,65 +0,0 @@
-export function getResetPasswordEmailForm({ name, resetUrl }) {
-  return `
-  <html lang="en">
-    <head>
-      <meta charset="utf-8" />
-      
-      <title>reset password</title>
-      <meta name="description" content="Password Reset" />
-      <meta name="author" content="hatiolab" />
-      <meta name="google" content="notranslate"/>
-    </head>
-
-    <body>
-      <div style="background-color:#f6f6f6">
-        <!--header begin-->
-        <div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
-          <a href="#" target="_blank"
-            ><img
-              src="http://www.hatiolab.com/assets/img/logo-operato.png"
-              style="max-height:50px"
-          /></a>
-        </div>
-        <!--header end-->
-
-        <!--title begin-->
-        <div
-          style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
-        >
-          <img
-            src="http://www.hatiolab.com/assets/img/icon-mail.png"
-            style="float:left;margin:0 10px 0 40px"
-          />
-          <span style="display:block;color:#fff;font-size:20px"
-            >Hi ${name}!</span
-          >
-          <span style="display:block;color:#fff;font-size:34px;font-weight:bold"
-            >Reset password</span
-          >
-        </div>
-        <!--title end-->
-
-        <!--body begin-->
-        <p style="padding:10px 20px;line-height:1.5;font-size:16px">
-          Click the button below to reset password.
-          <br />
-          <a
-            href="${resetUrl}"
-            style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
-            >reset password</a
-          >
-        </p>
-        <!--body end-->
-
-        <!--footer begin-->
-        <div
-          style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
-        >
-          © Hatio, Lab. Inc. All rights reserved.
-        </div>
-        <!--footer end-->
-      </div>
-    </body>
-  </html>
-  `
-}

package/server/templates/verification-email.ts

@@ -1,66 +0,0 @@
-export function getVerificationEmailForm({ name, verifyUrl }) {
-  return `
-  <html lang="en">
-    <head>
-      <meta charset="utf-8" />
-      
-      <title>Verify your email</title>
-      <meta name="description" content="Email Verification" />
-      <meta name="author" content="hatiolab" />
-      <meta name="google" content="notranslate"/>
-    </head>
-
-    <body>
-      <div style="background-color:#f6f6f6">
-        <!--header begin-->
-        <div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
-          <a href="#" target="_blank"
-            ><img
-              src="http://www.hatiolab.com/assets/img/logo-operato.png"
-              style="max-height:50px"
-          /></a>
-        </div>
-        <!--header end-->
-
-        <!--title begin-->
-        <div
-          style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
-        >
-          <img
-            src="http://www.hatiolab.com/assets/img/icon-mail.png"
-            style="float:left;margin:0 10px 0 40px"
-          />
-          <span style="display:block;color:#fff;font-size:20px"
-            >Hi ${name}!</span
-          >
-          <span style="display:block;color:#fff;font-size:34px;font-weight:bold"
-            >Verify your email</span
-          >
-        </div>
-        <!--title end-->
-
-        <!--body begin-->
-        <p style="padding:10px 20px;line-height:1.5;font-size:16px">
-          You're almost ready to start enjoying Operato. 
-          Simply click the button below to verify your email address.
-          <br />
-          <a
-            href="${verifyUrl}"
-            style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
-            >Verify</a
-          >
-        </p>
-        <!--body end-->
-
-        <!--footer begin-->
-        <div
-          style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
-        >
-          © Hatio, Lab. Inc. All rights reserved.
-        </div>
-        <!--footer end-->
-      </div>
-    </body>
-  </html>
-  `
-}

package/server/types.ts

@@ -1,21 +0,0 @@
-import { TFunction } from 'i18next'
-import { EntityManager } from 'typeorm'
-
-import { Domain } from '@things-factory/shell'
-
-import { User } from './service/user/user'
-
-declare global {
-  export type ResolverContext = {
-    state: IContextState
-    t?: TFunction
-    [key: string]: any
-  }
-
-  interface IContextState {
-    domain: Domain
-    user: User
-    tx?: EntityManager
-    [key: string]: any
-  }
-}

package/server/utils/accepts.ts

@@ -1,11 +0,0 @@
-export function accepts(header: any, accepts?) {
-  accepts = accepts || ['text/html', '*/*']
-  
-  for (let i = 0; i < accepts.length; i++) {
-    if ((header || '').indexOf(accepts[i]) !== -1) {
-      return true
-    }
-  }
-
-  return false
-}

package/server/utils/access-token-cookie.ts

@@ -1,61 +0,0 @@
-import { getCookieDomainFromHostname } from '@things-factory/shell'
-import { config } from '@things-factory/env'
-import { MAX_AGE } from '../constants/max-age'
-
-const accessTokenCookieKey = config.get('accessTokenCookieKey', 'access_token')
-
-export function getAccessTokenCookie(context) {
-  return context?.cookies?.get(accessTokenCookieKey)
-}
-
-export function setAccessTokenCookie(context, token) {
-  const { secure } = context
-
-  var cookie = {
-    secure,
-    httpOnly: true,
-    maxAge: MAX_AGE,
-    sameSite: 'Lax'
-  }
-
-  const cookieDomain = getCookieDomainFromHostname(context.hostname)
-  if (cookieDomain) {
-    cookie['domain'] = cookieDomain
-  }
-
-  context.cookies.set(accessTokenCookieKey, token, cookie)
-}
-
-export function setSessionAccessToken(context) {
-  /* koa-session 을 사용하는 경우에는, cookie 직접 설정이 작동되지 않는다. 그런 경우에는 session에 설정해서 cookie를 변경한다. */
-  const { user } = context.state
-
-  context.session = {
-    id: user.id,
-    userType: user.type,
-    status: user.state
-  }
-}
-
-export function clearAccessTokenCookie(context) {
-  const { secure } = context
-
-  var cookie = {
-    secure,
-    httpOnly: true,
-    sameSite: 'Lax'
-  }
-
-  const cookieDomain = getCookieDomainFromHostname(context.hostname)
-  if (cookieDomain) {
-    cookie['domain'] = cookieDomain
-  }
-
-  context.cookies.set(accessTokenCookieKey, '', cookie)
-  /*
-   * TODO clear i18next cookie as well - need to support domain
-   * https://github.com/hatiolab/things-factory/issues/70
-   */
-  context.cookies.set('i18next', '', cookie)
-  context.session = null
-}

package/server/utils/check-permission.ts

@@ -1,52 +0,0 @@
-import { Domain } from '@things-factory/shell'
-import { PrivilegeObject } from '../service/privilege/privilege'
-import { User } from '../service/user/user'
-
-export async function checkPermission(
-  privilegeObject: PrivilegeObject,
-  user: User,
-  domain: Domain,
-  unsafeIP?: boolean,
-  prohibitedPrivileges?: { category: string; privilege: string }[]
-): Promise<boolean> {
-  if (!privilegeObject) {
-    return true
-  }
-
-  const { owner: domainOwnerGranted, super: superUserGranted, category, privilege } = privilegeObject
-
-  if (unsafeIP) {
-    if (privilege && category) {
-      // unsafeIP 상황에서는 ownership granted는 적용되지 않는다.
-      if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
-        return false
-      }
-
-      return await User.hasPrivilege(privilege, category, domain, user)
-    }
-
-    // privilege, category가 설정되지 않은 경우에는 ownership granted가 설정되었다면 허가하지 않는다.
-    return !domainOwnerGranted && !superUserGranted
-  } else {
-    if (!privilege || !category) {
-      // privilege, category가 설정되지 않은 경우에는 ownership granted만을 적용한다.
-      return (
-        (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
-        (superUserGranted && (await process.superUserGranted(domain, user)))
-      )
-    }
-
-    if (
-      (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
-      (superUserGranted && (await process.superUserGranted(domain, user)))
-    ) {
-      return true
-    }
-
-    if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
-      return false
-    }
-
-    return await User.hasPrivilege(privilege, category, domain, user)
-  }
-}

package/server/utils/check-user-belongs-domain.ts

@@ -1,19 +0,0 @@
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { User } from '../service/user/user'
-
-/**
- * @description Based on domain and user information,
- * Find out whether the user belongs domain or user has partnership with domain
- *
- * @param domain
- * @param user
- */
-export async function checkUserBelongsDomain(domain: Domain, user: User): Promise<Boolean> {
-  if (!user.domains?.length) {
-    user = await getRepository(User).findOne({ where: { id: user.id }, relations: ['domains'] })
-  }
-
-  const { domains: userDomains }: User = user
-  return Boolean(userDomains.find((userDomain: Domain) => userDomain.id === domain.id))
-}

package/server/utils/check-user-has-role.ts

@@ -1,29 +0,0 @@
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { User } from '../service/user/user'
-import { Role } from 'service'
-
-/**
- * @description 사용자가 특정 도메인 또는 상위 도메인에서 특정 역할을 가지고 있는지 확인합니다.
- *
- * @param roleId 확인할 역할의 ID
- * @param domain 역할을 확인할 도메인
- * @param user 역할을 확인할 사용자
- *
- * @returns 사용자가 도메인 또는 상위 도메인에서 역할을 가지고 있는지 여부를 나타내는 boolean을 반환하는 Promise
- */
-export async function checkUserHasRole(roleId: string, domain: Domain, user: User): Promise<Boolean> {
-  if (!roleId) {
-    return true
-  }
-
-  const me = await getRepository(User).findOne({
-    where: { id: user.id },
-    relations: ['roles']
-  })
-
-  return me.roles
-    .filter(role => role.domainId === domain.id || (domain.parentId && role.domainId === domain.parentId))
-    .map(role => role.id)
-    .includes(roleId)
-}

package/server/utils/encrypt-state.ts

@@ -1,22 +0,0 @@
-import crypto from 'crypto'
-
-/* only for short-term life state encryption */
-const KEY = crypto.randomBytes(32)
-
-export function encryptState(text: string) {
-  const iv = crypto.randomBytes(16)
-  const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(KEY), iv)
-  const encrypted = cipher.update(text)
-
-  return iv.toString('hex') + ':' + Buffer.concat([encrypted, cipher.final()]).toString('hex')
-}
-
-export function decryptState(text: string) {
-  const textParts = text.split(':')
-  const iv = Buffer.from(textParts.shift(), 'hex')
-  const encryptedText = Buffer.from(textParts.join(':'), 'hex')
-  const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(KEY), iv)
-  const decrypted = decipher.update(encryptedText)
-
-  return Buffer.concat([decrypted, decipher.final()]).toString()
-}

package/server/utils/get-aes-256-key.ts

@@ -1,13 +0,0 @@
-import { config } from '@things-factory/env'
-
-var _AES_256_KEY = config.get('AES_256_KEY')
-
-if (!_AES_256_KEY) {
-  if (process.env.NODE_ENV == 'production') {
-    throw new TypeError('AES_256_KEY not configured.')
-  } else {
-    _AES_256_KEY = 'V6g5oHJZb7KcYzIyL6cM95XvIDouon5b'
-  }
-}
-
-export const AES_256_KEY = _AES_256_KEY

package/server/utils/get-domain-from-hostname.ts

@@ -1,7 +0,0 @@
-import { config } from '@things-factory/env'
-
-var subdomainOffset = config.get('subdomainOffset', 2)
-
-export function getDomainFromHostname(hostname) {
-  return hostname.split('.').slice(-subdomainOffset).join('.')
-}

package/server/utils/get-domain-users.ts

@@ -1,38 +0,0 @@
-import { EntityManager, Repository, SelectQueryBuilder } from 'typeorm'
-
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { User } from '../service/user/user'
-
-export async function getDomainUsers(domain: Partial<Domain>, trxMgr?: EntityManager): Promise<User[]> {
-  const domainRepo: Repository<Domain> = trxMgr?.getRepository(Domain) || getRepository(Domain)
-
-  if (!domain.id) {
-    const foundDomain: Domain = await domainRepo.findOne({ where: { id: domain.id } })
-    if (!foundDomain) throw new Error(`Failed to find domain by passed condition, ${domain}`)
-
-    domain = foundDomain
-  }
-
-  const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id)
-  return await qb.getMany()
-}
-
-export function buildDomainUsersQueryBuilder(
-  domainId: string,
-  alias: string = 'USER',
-  trxMgr?: EntityManager
-): SelectQueryBuilder<User> {
-  const userRepo: Repository<User> = trxMgr?.getRepository(User) || getRepository(User)
-  const qb: SelectQueryBuilder<User> = userRepo.createQueryBuilder(alias)
-  qb.select().andWhere(
-    `${alias}.id IN ${qb
-      .subQuery()
-      .select('USERS_DOMAINS.users_id')
-      .from('users_domains', 'USERS_DOMAINS')
-      .where('USERS_DOMAINS.domains_id = :domainId', { domainId })
-      .getQuery()}`
-  )
-
-  return qb
-}

package/server/utils/get-secret.ts

@@ -1,13 +0,0 @@
-import { config } from '@things-factory/env'
-
-var _SECRET = config.get('SECRET')
-
-if (!_SECRET) {
-  if (process.env.NODE_ENV == 'production') {
-    throw new TypeError('SECRET key not configured.')
-  } else {
-    _SECRET = '0xD58F835B69D207A76CC5F84a70a1D0d4C79dAC95'
-  }
-}
-
-export const SECRET = _SECRET

package/server/utils/get-user-domains.ts

@@ -1,112 +0,0 @@
-import { In } from 'typeorm'
-
-import { Domain, getRepository } from '@things-factory/shell'
-
-import { User } from '../service/user/user'
-
-export async function getUserDomains(user: User): Promise<Partial<Domain>[]> {
-  return (
-    await getRepository(Domain)
-      .createQueryBuilder('DOMAIN')
-      .where(qb => {
-        const subQuery = qb
-          .subQuery()
-          .distinct(true)
-          .select('DOMAIN.id')
-          .from(User, 'USER')
-          .leftJoin('USER.roles', 'ROLE')
-          .leftJoin('ROLE.domain', 'DOMAIN')
-          .where('USER.id = :userId', { userId: user.id })
-          .getQuery()
-        return 'DOMAIN.id IN ' + subQuery
-      })
-      .orWhere(qb => {
-        const subQuery = qb
-          .subQuery()
-          .select('DOMAIN.id')
-          .from(Domain, 'DOMAIN')
-          .where('DOMAIN.owner = :owner', { owner: user.id })
-          .getQuery()
-        return 'DOMAIN.id IN ' + subQuery
-      })
-      .orderBy('DOMAIN.name', 'ASC')
-      .getMany()
-  ).map(domain => {
-    const { id, name, description, subdomain, extType, brandName, brandImage } = domain
-    return { id, name, description, subdomain, extType, brandName, brandImage }
-  })
-}
-
-export async function getRoleBasedDomains(user: User): Promise<Partial<Domain>[]> {
-  return (
-    await getRepository(Domain)
-      .createQueryBuilder('DOMAIN')
-      .where(qb => {
-        const subQuery = qb
-          .subQuery()
-          .distinct(true)
-          .select('DOMAIN.id')
-          .from(User, 'USER')
-          .leftJoin('USER.roles', 'ROLE')
-          .leftJoin('ROLE.domain', 'DOMAIN')
-          .where('USER.id = :userId', { userId: user.id })
-          .getQuery()
-        return 'DOMAIN.id IN ' + subQuery
-      })
-      .getMany()
-  ).map(domain => {
-    const { id, name, description, subdomain, extType, brandName, brandImage } = domain
-    return { id, name, description, subdomain, extType, brandName, brandImage }
-  })
-}
-
-export async function getDomainsWithPrivilege(
-  user: User,
-  privilege: string,
-  category: string
-): Promise<Partial<Domain>[]> {
-  return (
-    await getRepository(Domain)
-      .createQueryBuilder('DOMAIN')
-      .where(qb => {
-        const subQuery = qb
-          .subQuery()
-          .distinct(true)
-          .select('DOMAIN.id')
-          .from(User, 'USER')
-          .leftJoin('USER.roles', 'ROLE')
-          .leftJoin('ROLE.domain', 'DOMAIN')
-          .leftJoin('ROLE.privileges', 'PRIVILEGE')
-          .where('USER.id = :userId', { userId: user.id })
-          .andWhere('PRIVILEGE.name = :privilege', { privilege })
-          .andWhere('PRIVILEGE.category = :category', { category })
-          .getQuery()
-        return 'DOMAIN.id IN ' + subQuery
-      })
-      .orWhere(qb => {
-        const subQuery = qb
-          .subQuery()
-          .select('DOMAIN.id')
-          .from(Domain, 'DOMAIN')
-          .where('DOMAIN.owner = :owner', { owner: user.id })
-          .getQuery()
-        return 'DOMAIN.id IN ' + subQuery
-      })
-      .orderBy('DOMAIN.name', 'ASC')
-      .getMany()
-  ).map(domain => {
-    const { id, name, description, subdomain, extType, brandName, brandImage } = domain
-    return { id, name, description, subdomain, extType, brandName, brandImage }
-  })
-}
-
-export async function getDomainsAsOwner(user: User): Promise<Partial<Domain>[]> {
-  return (
-    await getRepository(Domain).find({
-      where: { owner: user.id }
-    })
-  ).map(domain => {
-    const { id, name, description, subdomain, extType, brandName, brandImage } = domain
-    return { id, name, description, subdomain, extType, brandName, brandImage }
-  })
-}