@things-factory/auth-base 8.0.37 → 9.0.0-9.0.0-beta.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config.development.js +46 -0
- package/config/config.production.js +45 -0
- package/dist-client/bootstrap.d.ts +1 -1
- package/dist-client/bootstrap.js +4 -4
- package/dist-client/bootstrap.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +1 -1
- package/dist-client/directive/privileged.js +1 -1
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/index.d.ts +4 -3
- package/dist-client/index.js +4 -3
- package/dist-client/index.js.map +1 -1
- package/dist-client/profiled.js +1 -1
- package/dist-client/profiled.js.map +1 -1
- package/dist-client/reducers/auth.js +1 -1
- package/dist-client/reducers/auth.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-client/verify-webauthn.d.ts +13 -0
- package/dist-client/verify-webauthn.js +72 -0
- package/dist-client/verify-webauthn.js.map +1 -0
- package/dist-server/controllers/auth.d.ts +5 -5
- package/dist-server/controllers/auth.js +5 -5
- package/dist-server/controllers/auth.js.map +1 -1
- package/dist-server/controllers/change-pwd.js +19 -19
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.js +4 -4
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.js +10 -15
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.js +20 -25
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.d.ts +5 -5
- package/dist-server/controllers/profile.js +10 -10
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.js +24 -24
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.d.ts +1 -1
- package/dist-server/controllers/signin.js +25 -30
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.d.ts +1 -1
- package/dist-server/controllers/signup.js +14 -19
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.js +17 -17
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/utils/password-rule.js +4 -4
- package/dist-server/controllers/utils/password-rule.js.map +1 -1
- package/dist-server/controllers/utils/save-invitation-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-invitation-token.js +2 -2
- package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/save-verification-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-verification-token.js +3 -3
- package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
- package/dist-server/controllers/verification.js +23 -23
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/errors/auth-error.js +1 -1
- package/dist-server/errors/auth-error.js.map +1 -1
- package/dist-server/errors/index.d.ts +2 -2
- package/dist-server/errors/index.js +2 -2
- package/dist-server/errors/index.js.map +1 -1
- package/dist-server/errors/user-domain-not-match-error.d.ts +1 -1
- package/dist-server/errors/user-domain-not-match-error.js +8 -8
- package/dist-server/errors/user-domain-not-match-error.js.map +1 -1
- package/dist-server/index.d.ts +16 -16
- package/dist-server/index.js +18 -18
- package/dist-server/index.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +11 -11
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/bypass-signin-middleware.d.ts +1 -0
- package/dist-server/middlewares/bypass-signin-middleware.js +20 -0
- package/dist-server/middlewares/bypass-signin-middleware.js.map +1 -0
- package/dist-server/middlewares/domain-authenticate-middleware.d.ts +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.js +9 -9
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/graphql-authenticate-middleware.js +4 -4
- package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.d.ts +5 -5
- package/dist-server/middlewares/index.js +24 -19
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +15 -15
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +2 -2
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/middlewares/verify-recaptcha-middleware.d.ts +3 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js +95 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js.map +1 -0
- package/dist-server/middlewares/webauthn-middleware.js +7 -7
- package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js +6 -6
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/migrations/1566805283882-SeedPrivilege.js +2 -2
- package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
- package/dist-server/migrations/index.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +17 -20
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +16 -23
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +30 -35
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +7 -13
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +13 -9
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/index.d.ts +9 -9
- package/dist-server/router/index.js +9 -9
- package/dist-server/router/index.js.map +1 -1
- package/dist-server/router/oauth2/index.d.ts +2 -2
- package/dist-server/router/oauth2/index.js +2 -2
- package/dist-server/router/oauth2/index.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +6 -6
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.d.ts +1 -1
- package/dist-server/router/oauth2/oauth2-router.js +21 -21
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.js +21 -21
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/site-root-router.js +4 -4
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/router/webauthn-router.js +58 -8
- package/dist-server/router/webauthn-router.js.map +1 -1
- package/dist-server/routes.js +75 -50
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-mutation.js +4 -4
- package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-query.d.ts +4 -4
- package/dist-server/service/app-binding/app-binding-query.js +22 -22
- package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.d.ts +1 -1
- package/dist-server/service/app-binding/app-binding-types.js +2 -2
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.d.ts +2 -2
- package/dist-server/service/app-binding/app-binding.js +4 -4
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/app-binding/index.d.ts +2 -2
- package/dist-server/service/app-binding/index.js +3 -3
- package/dist-server/service/app-binding/index.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.d.ts +2 -2
- package/dist-server/service/appliance/appliance-mutation.js +32 -45
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-query.d.ts +3 -3
- package/dist-server/service/appliance/appliance-query.js +17 -17
- package/dist-server/service/appliance/appliance-query.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.d.ts +1 -1
- package/dist-server/service/appliance/appliance-types.js +2 -2
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.d.ts +3 -1
- package/dist-server/service/appliance/appliance.js +51 -8
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/appliance/index.d.ts +3 -3
- package/dist-server/service/appliance/index.js +5 -5
- package/dist-server/service/appliance/index.js.map +1 -1
- package/dist-server/service/application/application-mutation.d.ts +8 -8
- package/dist-server/service/application/application-mutation.js +20 -20
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-query.d.ts +2 -2
- package/dist-server/service/application/application-query.js +16 -16
- package/dist-server/service/application/application-query.js.map +1 -1
- package/dist-server/service/application/application-types.d.ts +1 -1
- package/dist-server/service/application/application-types.js +4 -4
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.d.ts +1 -1
- package/dist-server/service/application/application.js +12 -12
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/application/index.d.ts +3 -3
- package/dist-server/service/application/index.js +5 -5
- package/dist-server/service/application/index.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-mutation.d.ts +2 -2
- package/dist-server/service/auth-provider/auth-provider-mutation.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-query.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider-query.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.d.ts +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.js +2 -2
- package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider.js +12 -12
- package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
- package/dist-server/service/auth-provider/index.d.ts +3 -3
- package/dist-server/service/auth-provider/index.js +5 -5
- package/dist-server/service/auth-provider/index.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +11 -11
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.js +3 -3
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/domain-generator/index.d.ts +1 -1
- package/dist-server/service/domain-generator/index.js +2 -2
- package/dist-server/service/domain-generator/index.js.map +1 -1
- package/dist-server/service/domain-link/domain-link-mutation.d.ts +9 -0
- package/dist-server/service/domain-link/domain-link-mutation.js +116 -0
- package/dist-server/service/domain-link/domain-link-mutation.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-query.d.ts +11 -0
- package/dist-server/service/domain-link/domain-link-query.js +75 -0
- package/dist-server/service/domain-link/domain-link-query.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-types.d.ts +18 -0
- package/dist-server/service/domain-link/domain-link-types.js +66 -0
- package/dist-server/service/domain-link/domain-link-types.js.map +1 -0
- package/dist-server/service/domain-link/domain-link.d.ts +28 -0
- package/dist-server/service/domain-link/domain-link.js +105 -0
- package/dist-server/service/domain-link/domain-link.js.map +1 -0
- package/dist-server/service/domain-link/index.d.ts +6 -0
- package/dist-server/service/domain-link/index.js +10 -0
- package/dist-server/service/domain-link/index.js.map +1 -0
- package/dist-server/service/granted-role/granted-role-mutation.d.ts +3 -3
- package/dist-server/service/granted-role/granted-role-mutation.js +17 -17
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-query.d.ts +2 -2
- package/dist-server/service/granted-role/granted-role-query.js +13 -13
- package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.d.ts +1 -1
- package/dist-server/service/granted-role/granted-role.js +3 -3
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/granted-role/index.d.ts +3 -3
- package/dist-server/service/granted-role/index.js +5 -5
- package/dist-server/service/granted-role/index.js.map +1 -1
- package/dist-server/service/index.d.ts +27 -25
- package/dist-server/service/index.js +75 -70
- package/dist-server/service/index.js.map +1 -1
- package/dist-server/service/invitation/index.d.ts +3 -3
- package/dist-server/service/invitation/index.js +5 -5
- package/dist-server/service/invitation/index.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.d.ts +2 -2
- package/dist-server/service/invitation/invitation-mutation.js +10 -10
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-query.d.ts +1 -1
- package/dist-server/service/invitation/invitation-query.js +7 -7
- package/dist-server/service/invitation/invitation-query.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.d.ts +1 -1
- package/dist-server/service/invitation/invitation-types.js +2 -2
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.d.ts +1 -1
- package/dist-server/service/invitation/invitation.js +5 -5
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/index.d.ts +2 -2
- package/dist-server/service/login-history/index.js +4 -4
- package/dist-server/service/login-history/index.js.map +1 -1
- package/dist-server/service/login-history/login-history-query.d.ts +3 -3
- package/dist-server/service/login-history/login-history-query.js +11 -11
- package/dist-server/service/login-history/login-history-query.js.map +1 -1
- package/dist-server/service/login-history/login-history-type.d.ts +1 -1
- package/dist-server/service/login-history/login-history-type.js +2 -2
- package/dist-server/service/login-history/login-history-type.js.map +1 -1
- package/dist-server/service/login-history/login-history.d.ts +1 -1
- package/dist-server/service/login-history/login-history.js +4 -4
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/index.d.ts +3 -3
- package/dist-server/service/partner/index.js +5 -5
- package/dist-server/service/partner/index.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.js +8 -8
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-query.d.ts +3 -3
- package/dist-server/service/partner/partner-query.js +17 -17
- package/dist-server/service/partner/partner-query.js.map +1 -1
- package/dist-server/service/partner/partner-types.d.ts +1 -1
- package/dist-server/service/partner/partner-types.js +2 -2
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.d.ts +1 -1
- package/dist-server/service/partner/partner.js +5 -5
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/index.d.ts +1 -1
- package/dist-server/service/password-history/index.js +2 -2
- package/dist-server/service/password-history/index.js.map +1 -1
- package/dist-server/service/privilege/index.d.ts +3 -3
- package/dist-server/service/privilege/index.js +5 -5
- package/dist-server/service/privilege/index.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +2 -2
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.d.ts +2 -2
- package/dist-server/service/privilege/privilege-mutation.js +15 -15
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +4 -4
- package/dist-server/service/privilege/privilege-query.js +20 -20
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege-types.d.ts +1 -1
- package/dist-server/service/privilege/privilege-types.js +2 -2
- package/dist-server/service/privilege/privilege-types.js.map +1 -1
- package/dist-server/service/privilege/privilege.d.ts +2 -2
- package/dist-server/service/privilege/privilege.js +10 -10
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/index.d.ts +3 -3
- package/dist-server/service/role/index.js +5 -5
- package/dist-server/service/role/index.js.map +1 -1
- package/dist-server/service/role/role-mutation.d.ts +2 -2
- package/dist-server/service/role/role-mutation.js +19 -19
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.d.ts +9 -5
- package/dist-server/service/role/role-query.js +38 -31
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.d.ts +1 -1
- package/dist-server/service/role/role-types.js +2 -2
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.d.ts +2 -2
- package/dist-server/service/role/role.js +12 -12
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/domain-query.d.ts +1 -1
- package/dist-server/service/user/domain-query.js +3 -3
- package/dist-server/service/user/domain-query.js.map +1 -1
- package/dist-server/service/user/index.d.ts +4 -4
- package/dist-server/service/user/index.js +6 -6
- package/dist-server/service/user/index.js.map +1 -1
- package/dist-server/service/user/user-mutation.d.ts +3 -3
- package/dist-server/service/user/user-mutation.js +49 -84
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.d.ts +4 -3
- package/dist-server/service/user/user-query.js +31 -21
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.d.ts +1 -1
- package/dist-server/service/user/user-types.js +2 -2
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +3 -3
- package/dist-server/service/user/user.js +41 -46
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/users-auth-providers/index.d.ts +1 -1
- package/dist-server/service/users-auth-providers/index.js +2 -2
- package/dist-server/service/users-auth-providers/index.js.map +1 -1
- package/dist-server/service/users-auth-providers/users-auth-providers.d.ts +2 -2
- package/dist-server/service/users-auth-providers/users-auth-providers.js +8 -8
- package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
- package/dist-server/service/verification-token/index.d.ts +1 -1
- package/dist-server/service/verification-token/index.js +2 -2
- package/dist-server/service/verification-token/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/index.d.ts +1 -1
- package/dist-server/service/web-auth-credential/index.js +2 -2
- package/dist-server/service/web-auth-credential/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.d.ts +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.js +10 -10
- package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/types.d.ts +1 -1
- package/dist-server/types.js.map +1 -1
- package/dist-server/utils/access-token-cookie.js +2 -2
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-permission.d.ts +2 -2
- package/dist-server/utils/check-permission.js +3 -3
- package/dist-server/utils/check-permission.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.d.ts +1 -1
- package/dist-server/utils/check-user-belongs-domain.js +2 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/get-domain-users.d.ts +1 -1
- package/dist-server/utils/get-domain-users.js +2 -2
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-user-domains.d.ts +2 -2
- package/dist-server/utils/get-user-domains.js +7 -5
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/helps/config/recaptcha.ja.md +49 -0
- package/helps/config/recaptcha.ko.md +49 -0
- package/helps/config/recaptcha.md +49 -0
- package/helps/config/recaptcha.ms.md +49 -0
- package/helps/config/recaptcha.zh.md +49 -0
- package/package.json +7 -6
- package/client/actions/auth.ts +0 -24
- package/client/auth.ts +0 -268
- package/client/bootstrap.ts +0 -47
- package/client/directive/privileged.ts +0 -28
- package/client/index.ts +0 -3
- package/client/profiled.ts +0 -83
- package/client/reducers/auth.ts +0 -31
- package/server/constants/error-code.ts +0 -22
- package/server/constants/error-message.ts +0 -0
- package/server/constants/max-age.ts +0 -1
- package/server/controllers/auth.ts +0 -5
- package/server/controllers/change-pwd.ts +0 -100
- package/server/controllers/checkin.ts +0 -21
- package/server/controllers/delete-user.ts +0 -76
- package/server/controllers/invitation.ts +0 -168
- package/server/controllers/profile.ts +0 -55
- package/server/controllers/reset-password.ts +0 -126
- package/server/controllers/signin.ts +0 -103
- package/server/controllers/signup.ts +0 -77
- package/server/controllers/unlock-user.ts +0 -62
- package/server/controllers/utils/make-invitation-token.ts +0 -5
- package/server/controllers/utils/make-verification-token.ts +0 -4
- package/server/controllers/utils/password-rule.ts +0 -120
- package/server/controllers/utils/save-invitation-token.ts +0 -10
- package/server/controllers/utils/save-verification-token.ts +0 -12
- package/server/controllers/verification.ts +0 -84
- package/server/errors/auth-error.ts +0 -24
- package/server/errors/index.ts +0 -2
- package/server/errors/user-domain-not-match-error.ts +0 -29
- package/server/index.ts +0 -37
- package/server/middlewares/authenticate-401-middleware.ts +0 -114
- package/server/middlewares/domain-authenticate-middleware.ts +0 -73
- package/server/middlewares/graphql-authenticate-middleware.ts +0 -13
- package/server/middlewares/index.ts +0 -67
- package/server/middlewares/jwt-authenticate-middleware.ts +0 -84
- package/server/middlewares/signin-middleware.ts +0 -56
- package/server/middlewares/webauthn-middleware.ts +0 -131
- package/server/migrations/1548206416130-SeedUser.ts +0 -60
- package/server/migrations/1566805283882-SeedPrivilege.ts +0 -28
- package/server/migrations/index.ts +0 -9
- package/server/router/auth-checkin-router.ts +0 -115
- package/server/router/auth-private-process-router.ts +0 -127
- package/server/router/auth-public-process-router.ts +0 -319
- package/server/router/auth-signin-router.ts +0 -76
- package/server/router/auth-signup-router.ts +0 -95
- package/server/router/index.ts +0 -9
- package/server/router/oauth2/index.ts +0 -2
- package/server/router/oauth2/oauth2-authorize-router.ts +0 -81
- package/server/router/oauth2/oauth2-router.ts +0 -165
- package/server/router/oauth2/oauth2-server.ts +0 -262
- package/server/router/oauth2/passport-oauth2-client-password.ts +0 -87
- package/server/router/oauth2/passport-refresh-token.ts +0 -87
- package/server/router/path-base-domain-router.ts +0 -8
- package/server/router/site-root-router.ts +0 -48
- package/server/router/webauthn-router.ts +0 -85
- package/server/routes.ts +0 -89
- package/server/service/app-binding/app-binding-mutation.ts +0 -22
- package/server/service/app-binding/app-binding-query.ts +0 -92
- package/server/service/app-binding/app-binding-types.ts +0 -11
- package/server/service/app-binding/app-binding.ts +0 -17
- package/server/service/app-binding/index.ts +0 -4
- package/server/service/appliance/appliance-mutation.ts +0 -113
- package/server/service/appliance/appliance-query.ts +0 -76
- package/server/service/appliance/appliance-types.ts +0 -56
- package/server/service/appliance/appliance.ts +0 -133
- package/server/service/appliance/index.ts +0 -6
- package/server/service/application/application-mutation.ts +0 -104
- package/server/service/application/application-query.ts +0 -98
- package/server/service/application/application-types.ts +0 -76
- package/server/service/application/application.ts +0 -216
- package/server/service/application/index.ts +0 -6
- package/server/service/auth-provider/auth-provider-mutation.ts +0 -159
- package/server/service/auth-provider/auth-provider-parameter-spec.ts +0 -24
- package/server/service/auth-provider/auth-provider-query.ts +0 -88
- package/server/service/auth-provider/auth-provider-type.ts +0 -67
- package/server/service/auth-provider/auth-provider.ts +0 -155
- package/server/service/auth-provider/index.ts +0 -7
- package/server/service/domain-generator/domain-generator-mutation.ts +0 -117
- package/server/service/domain-generator/domain-generator-types.ts +0 -46
- package/server/service/domain-generator/index.ts +0 -3
- package/server/service/granted-role/granted-role-mutation.ts +0 -156
- package/server/service/granted-role/granted-role-query.ts +0 -60
- package/server/service/granted-role/granted-role.ts +0 -27
- package/server/service/granted-role/index.ts +0 -6
- package/server/service/index.ts +0 -90
- package/server/service/invitation/index.ts +0 -6
- package/server/service/invitation/invitation-mutation.ts +0 -78
- package/server/service/invitation/invitation-query.ts +0 -33
- package/server/service/invitation/invitation-types.ts +0 -11
- package/server/service/invitation/invitation.ts +0 -63
- package/server/service/login-history/index.ts +0 -5
- package/server/service/login-history/login-history-query.ts +0 -51
- package/server/service/login-history/login-history-type.ts +0 -12
- package/server/service/login-history/login-history.ts +0 -45
- package/server/service/partner/index.ts +0 -6
- package/server/service/partner/partner-mutation.ts +0 -61
- package/server/service/partner/partner-query.ts +0 -102
- package/server/service/partner/partner-types.ts +0 -11
- package/server/service/partner/partner.ts +0 -57
- package/server/service/password-history/index.ts +0 -3
- package/server/service/password-history/password-history.ts +0 -16
- package/server/service/privilege/index.ts +0 -6
- package/server/service/privilege/privilege-directive.ts +0 -77
- package/server/service/privilege/privilege-mutation.ts +0 -92
- package/server/service/privilege/privilege-query.ts +0 -94
- package/server/service/privilege/privilege-types.ts +0 -60
- package/server/service/privilege/privilege.ts +0 -102
- package/server/service/role/index.ts +0 -6
- package/server/service/role/role-mutation.ts +0 -109
- package/server/service/role/role-query.ts +0 -155
- package/server/service/role/role-types.ts +0 -81
- package/server/service/role/role.ts +0 -72
- package/server/service/user/domain-query.ts +0 -24
- package/server/service/user/index.ts +0 -7
- package/server/service/user/user-mutation.ts +0 -517
- package/server/service/user/user-query.ts +0 -145
- package/server/service/user/user-types.ts +0 -100
- package/server/service/user/user.ts +0 -386
- package/server/service/users-auth-providers/index.ts +0 -5
- package/server/service/users-auth-providers/users-auth-providers.ts +0 -71
- package/server/service/verification-token/index.ts +0 -3
- package/server/service/verification-token/verification-token.ts +0 -60
- package/server/service/web-auth-credential/index.ts +0 -3
- package/server/service/web-auth-credential/web-auth-credential.ts +0 -66
- package/server/templates/account-unlock-email.ts +0 -65
- package/server/templates/invitation-email.ts +0 -66
- package/server/templates/reset-password-email.ts +0 -65
- package/server/templates/verification-email.ts +0 -66
- package/server/types.ts +0 -21
- package/server/utils/accepts.ts +0 -11
- package/server/utils/access-token-cookie.ts +0 -50
- package/server/utils/check-permission.ts +0 -52
- package/server/utils/check-user-belongs-domain.ts +0 -19
- package/server/utils/check-user-has-role.ts +0 -29
- package/server/utils/encrypt-state.ts +0 -22
- package/server/utils/get-aes-256-key.ts +0 -13
- package/server/utils/get-domain-users.ts +0 -38
- package/server/utils/get-secret.ts +0 -13
- package/server/utils/get-user-domains.ts +0 -115
|
@@ -1,100 +0,0 @@
|
|
|
1
|
-
import { ObjectType, InputType, Field, ID, Int } from 'type-graphql'
|
|
2
|
-
import { GraphQLEmailAddress } from 'graphql-scalars'
|
|
3
|
-
import { ObjectRef } from '@things-factory/shell'
|
|
4
|
-
import { User } from './user'
|
|
5
|
-
|
|
6
|
-
@ObjectType()
|
|
7
|
-
export class PasswordRule {
|
|
8
|
-
@Field({ nullable: true })
|
|
9
|
-
lowerCase?: boolean
|
|
10
|
-
|
|
11
|
-
@Field({ nullable: true })
|
|
12
|
-
upperCase?: boolean
|
|
13
|
-
|
|
14
|
-
@Field({ nullable: true })
|
|
15
|
-
digit?: boolean
|
|
16
|
-
|
|
17
|
-
@Field({ nullable: true })
|
|
18
|
-
specialCharacter?: boolean
|
|
19
|
-
|
|
20
|
-
@Field({ nullable: true })
|
|
21
|
-
allowRepeat?: boolean
|
|
22
|
-
|
|
23
|
-
@Field({ nullable: true })
|
|
24
|
-
useTightPattern?: boolean
|
|
25
|
-
|
|
26
|
-
@Field({ nullable: true })
|
|
27
|
-
useLoosePattern?: boolean
|
|
28
|
-
|
|
29
|
-
@Field({ nullable: true })
|
|
30
|
-
tightCharacterLength?: number
|
|
31
|
-
|
|
32
|
-
@Field({ nullable: true })
|
|
33
|
-
looseCharacterLength?: number
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
@InputType()
|
|
37
|
-
export class NewUser {
|
|
38
|
-
@Field()
|
|
39
|
-
username: string
|
|
40
|
-
|
|
41
|
-
@Field()
|
|
42
|
-
name: string
|
|
43
|
-
|
|
44
|
-
@Field({ nullable: true })
|
|
45
|
-
description?: string
|
|
46
|
-
|
|
47
|
-
@Field(type => GraphQLEmailAddress)
|
|
48
|
-
email: string
|
|
49
|
-
|
|
50
|
-
@Field({ nullable: true })
|
|
51
|
-
password?: string
|
|
52
|
-
|
|
53
|
-
@Field({ nullable: true })
|
|
54
|
-
userType?: string
|
|
55
|
-
|
|
56
|
-
@Field(type => [ObjectRef], { nullable: true })
|
|
57
|
-
roles?: ObjectRef[]
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
@InputType()
|
|
61
|
-
export class UserPatch {
|
|
62
|
-
@Field(type => ID, { nullable: true })
|
|
63
|
-
id?: string
|
|
64
|
-
|
|
65
|
-
@Field({ nullable: true })
|
|
66
|
-
name?: string
|
|
67
|
-
|
|
68
|
-
@Field(type => [ObjectRef], { nullable: true })
|
|
69
|
-
domains?: [ObjectRef]
|
|
70
|
-
|
|
71
|
-
@Field({ nullable: true })
|
|
72
|
-
description?: string
|
|
73
|
-
|
|
74
|
-
@Field(type => GraphQLEmailAddress, { nullable: true })
|
|
75
|
-
email?: string
|
|
76
|
-
|
|
77
|
-
@Field({ nullable: true })
|
|
78
|
-
password?: string
|
|
79
|
-
|
|
80
|
-
@Field({ nullable: true })
|
|
81
|
-
status?: string
|
|
82
|
-
|
|
83
|
-
@Field(type => [ObjectRef], { nullable: true })
|
|
84
|
-
roles?: ObjectRef[]
|
|
85
|
-
|
|
86
|
-
@Field({ nullable: true })
|
|
87
|
-
userType?: string
|
|
88
|
-
|
|
89
|
-
@Field({ nullable: true })
|
|
90
|
-
cuFlag?: string
|
|
91
|
-
}
|
|
92
|
-
|
|
93
|
-
@ObjectType()
|
|
94
|
-
export class UserList {
|
|
95
|
-
@Field(type => [User], { nullable: true })
|
|
96
|
-
items: User[]
|
|
97
|
-
|
|
98
|
-
@Field(type => Int, { nullable: true })
|
|
99
|
-
total: number
|
|
100
|
-
}
|
|
@@ -1,386 +0,0 @@
|
|
|
1
|
-
import crypto from 'crypto'
|
|
2
|
-
import jwt from 'jsonwebtoken'
|
|
3
|
-
import { Directive, Field, ID, ObjectType } from 'type-graphql'
|
|
4
|
-
import { GraphQLEmailAddress } from 'graphql-scalars'
|
|
5
|
-
import {
|
|
6
|
-
Column,
|
|
7
|
-
CreateDateColumn,
|
|
8
|
-
Entity,
|
|
9
|
-
ILike,
|
|
10
|
-
Index,
|
|
11
|
-
JoinTable,
|
|
12
|
-
ManyToMany,
|
|
13
|
-
ManyToOne,
|
|
14
|
-
OneToMany,
|
|
15
|
-
PrimaryGeneratedColumn,
|
|
16
|
-
RelationId,
|
|
17
|
-
UpdateDateColumn
|
|
18
|
-
} from 'typeorm'
|
|
19
|
-
|
|
20
|
-
import { config } from '@things-factory/env'
|
|
21
|
-
import { Domain, getRepository } from '@things-factory/shell'
|
|
22
|
-
|
|
23
|
-
import { validatePasswordByRule } from '../../controllers/utils/password-rule'
|
|
24
|
-
import { AuthError } from '../../errors/auth-error'
|
|
25
|
-
import { SECRET } from '../../utils/get-secret'
|
|
26
|
-
import { Role } from '../role/role'
|
|
27
|
-
import { Privilege } from '../privilege/privilege'
|
|
28
|
-
import { WebAuthCredential } from '../web-auth-credential/web-auth-credential'
|
|
29
|
-
import { UsersAuthProviders } from '../users-auth-providers/users-auth-providers'
|
|
30
|
-
import { getDomainsWithPrivilege } from '../../utils/get-user-domains'
|
|
31
|
-
|
|
32
|
-
const ORMCONFIG = config.get('ormconfig', {})
|
|
33
|
-
const DATABASE_TYPE = ORMCONFIG.type
|
|
34
|
-
|
|
35
|
-
const sessionExpirySeconds = Number(config.get('session/expirySeconds')) || '7d'
|
|
36
|
-
|
|
37
|
-
export enum UserStatus {
|
|
38
|
-
INACTIVE = 'inactive',
|
|
39
|
-
ACTIVATED = 'activated',
|
|
40
|
-
DELETED = 'deleted',
|
|
41
|
-
LOCKED = 'locked',
|
|
42
|
-
BANNED = 'banned',
|
|
43
|
-
PWD_RESET_REQUIRED = 'password_reset_required'
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
@Entity()
|
|
47
|
-
@Index('ix_user_0', (user: User) => [user.email], {
|
|
48
|
-
unique: true
|
|
49
|
-
})
|
|
50
|
-
@Index('ix_user_1', (user: User) => [user.username], {
|
|
51
|
-
unique: true,
|
|
52
|
-
where: '"username" IS NOT NULL'
|
|
53
|
-
})
|
|
54
|
-
@ObjectType()
|
|
55
|
-
export class User {
|
|
56
|
-
@PrimaryGeneratedColumn('uuid')
|
|
57
|
-
@Field(type => ID)
|
|
58
|
-
readonly id: string
|
|
59
|
-
|
|
60
|
-
@Column({ nullable: true })
|
|
61
|
-
@Field({ nullable: true })
|
|
62
|
-
username: string
|
|
63
|
-
|
|
64
|
-
@Column()
|
|
65
|
-
@Field({ nullable: true })
|
|
66
|
-
name: string
|
|
67
|
-
|
|
68
|
-
@Column({ nullable: true })
|
|
69
|
-
@Field({ nullable: true })
|
|
70
|
-
description: string
|
|
71
|
-
|
|
72
|
-
@ManyToMany(type => Domain)
|
|
73
|
-
@JoinTable({ name: 'users_domains' })
|
|
74
|
-
@Field(type => [Domain])
|
|
75
|
-
domains?: Domain[]
|
|
76
|
-
|
|
77
|
-
@Column()
|
|
78
|
-
@Field(type => GraphQLEmailAddress)
|
|
79
|
-
email: string
|
|
80
|
-
|
|
81
|
-
@Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
|
|
82
|
-
@Column({
|
|
83
|
-
nullable: true,
|
|
84
|
-
type:
|
|
85
|
-
DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
|
|
86
|
-
? 'longtext'
|
|
87
|
-
: DATABASE_TYPE == 'oracle'
|
|
88
|
-
? 'clob'
|
|
89
|
-
: DATABASE_TYPE == 'mssql'
|
|
90
|
-
? 'nvarchar'
|
|
91
|
-
: 'varchar',
|
|
92
|
-
length: DATABASE_TYPE == 'mssql' ? 'MAX' : undefined
|
|
93
|
-
})
|
|
94
|
-
password: string
|
|
95
|
-
|
|
96
|
-
@ManyToMany(type => Role, role => role.users)
|
|
97
|
-
@JoinTable({ name: 'users_roles' })
|
|
98
|
-
@Field(type => [Role])
|
|
99
|
-
roles?: Role[]
|
|
100
|
-
|
|
101
|
-
@Column({ nullable: true })
|
|
102
|
-
@Field({ nullable: true })
|
|
103
|
-
userType: string // default: 'user', enum: 'user', 'application', 'appliance'
|
|
104
|
-
|
|
105
|
-
@Column({ nullable: true })
|
|
106
|
-
@Field({ nullable: true })
|
|
107
|
-
reference: string
|
|
108
|
-
|
|
109
|
-
@Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
|
|
110
|
-
@Column({ nullable: true })
|
|
111
|
-
salt: string
|
|
112
|
-
|
|
113
|
-
@Column({ nullable: true })
|
|
114
|
-
@Field({ nullable: true })
|
|
115
|
-
locale: string
|
|
116
|
-
|
|
117
|
-
@Directive('@privilege(category: "security", privilege: "query", domainOwnerGranted: true)')
|
|
118
|
-
@Column({ nullable: true })
|
|
119
|
-
@Field({ nullable: true })
|
|
120
|
-
ssoId: string
|
|
121
|
-
|
|
122
|
-
@Column({
|
|
123
|
-
type:
|
|
124
|
-
DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
|
|
125
|
-
? 'enum'
|
|
126
|
-
: DATABASE_TYPE == 'oracle'
|
|
127
|
-
? 'varchar2'
|
|
128
|
-
: DATABASE_TYPE == 'mssql'
|
|
129
|
-
? 'nvarchar'
|
|
130
|
-
: 'varchar',
|
|
131
|
-
enum:
|
|
132
|
-
DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? UserStatus : undefined,
|
|
133
|
-
length: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? undefined : 32,
|
|
134
|
-
default: UserStatus.INACTIVE
|
|
135
|
-
})
|
|
136
|
-
@Field(type => String)
|
|
137
|
-
status: UserStatus
|
|
138
|
-
|
|
139
|
-
@Column({ type: 'smallint', default: 0 })
|
|
140
|
-
failCount: number
|
|
141
|
-
|
|
142
|
-
@Column({ nullable: true })
|
|
143
|
-
passwordUpdatedAt: Date
|
|
144
|
-
|
|
145
|
-
@Field({ nullable: true })
|
|
146
|
-
owner: boolean /* should not be a column */
|
|
147
|
-
|
|
148
|
-
@OneToMany(() => WebAuthCredential, credential => credential.user)
|
|
149
|
-
credentials: WebAuthCredential[]
|
|
150
|
-
|
|
151
|
-
@OneToMany(() => UsersAuthProviders, usersAuthProviders => usersAuthProviders.user)
|
|
152
|
-
@Field(type => [UsersAuthProviders], { nullable: true })
|
|
153
|
-
usersAuthProviders: UsersAuthProviders[]
|
|
154
|
-
|
|
155
|
-
@ManyToOne(type => User, { nullable: true })
|
|
156
|
-
@Field({ nullable: true })
|
|
157
|
-
creator: User
|
|
158
|
-
|
|
159
|
-
@RelationId((user: User) => user.creator)
|
|
160
|
-
creatorId: string
|
|
161
|
-
|
|
162
|
-
@ManyToOne(type => User, { nullable: true })
|
|
163
|
-
@Field({ nullable: true })
|
|
164
|
-
updater: User
|
|
165
|
-
|
|
166
|
-
@RelationId((user: User) => user.updater)
|
|
167
|
-
updaterId: string
|
|
168
|
-
|
|
169
|
-
@CreateDateColumn()
|
|
170
|
-
@Field({ nullable: true })
|
|
171
|
-
createdAt: Date
|
|
172
|
-
|
|
173
|
-
@UpdateDateColumn()
|
|
174
|
-
@Field({ nullable: true })
|
|
175
|
-
updatedAt: Date
|
|
176
|
-
|
|
177
|
-
/* signing for jsonwebtoken */
|
|
178
|
-
async sign(options?) {
|
|
179
|
-
var { expiresIn = sessionExpirySeconds } = options || {}
|
|
180
|
-
|
|
181
|
-
var user = {
|
|
182
|
-
username: this.username || this.email
|
|
183
|
-
}
|
|
184
|
-
|
|
185
|
-
return await jwt.sign(user, SECRET, {
|
|
186
|
-
expiresIn,
|
|
187
|
-
issuer: 'hatiolab.com',
|
|
188
|
-
subject: 'user'
|
|
189
|
-
})
|
|
190
|
-
}
|
|
191
|
-
|
|
192
|
-
/* validate password through password rule */
|
|
193
|
-
static validatePasswordByRule(password, lng) {
|
|
194
|
-
validatePasswordByRule(password, lng)
|
|
195
|
-
}
|
|
196
|
-
|
|
197
|
-
/* generate salt */
|
|
198
|
-
static generateSalt() {
|
|
199
|
-
return crypto.randomBytes(16).toString('hex')
|
|
200
|
-
}
|
|
201
|
-
|
|
202
|
-
/* encode password */
|
|
203
|
-
static encode(password: string, salt) {
|
|
204
|
-
return crypto
|
|
205
|
-
.createHmac('sha256', salt || SECRET)
|
|
206
|
-
.update(password)
|
|
207
|
-
.digest('base64')
|
|
208
|
-
}
|
|
209
|
-
|
|
210
|
-
/* verify password */
|
|
211
|
-
static verify(hashed, password, salt) {
|
|
212
|
-
return (
|
|
213
|
-
hashed ==
|
|
214
|
-
crypto
|
|
215
|
-
.createHmac('sha256', salt || SECRET)
|
|
216
|
-
.update(password)
|
|
217
|
-
.digest('base64') ||
|
|
218
|
-
hashed ==
|
|
219
|
-
crypto
|
|
220
|
-
.createHmac('sha1', salt || SECRET)
|
|
221
|
-
.update(password)
|
|
222
|
-
.digest('base64')
|
|
223
|
-
)
|
|
224
|
-
}
|
|
225
|
-
|
|
226
|
-
static async checkAuthWithEmail(decoded) {
|
|
227
|
-
if (!decoded?.email) {
|
|
228
|
-
throw new AuthError({
|
|
229
|
-
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
230
|
-
})
|
|
231
|
-
}
|
|
232
|
-
|
|
233
|
-
const repository = getRepository(User)
|
|
234
|
-
var user = await repository.findOne({
|
|
235
|
-
where: { email: decoded.email },
|
|
236
|
-
relations: ['domains'],
|
|
237
|
-
cache: true
|
|
238
|
-
})
|
|
239
|
-
|
|
240
|
-
if (!user)
|
|
241
|
-
throw new AuthError({
|
|
242
|
-
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
243
|
-
})
|
|
244
|
-
else {
|
|
245
|
-
switch (user.status) {
|
|
246
|
-
case UserStatus.INACTIVE:
|
|
247
|
-
throw new AuthError({
|
|
248
|
-
errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
|
|
249
|
-
detail: {
|
|
250
|
-
email: user.email
|
|
251
|
-
}
|
|
252
|
-
})
|
|
253
|
-
case UserStatus.LOCKED:
|
|
254
|
-
throw new AuthError({
|
|
255
|
-
errorCode: AuthError.ERROR_CODES.USER_LOCKED,
|
|
256
|
-
detail: {
|
|
257
|
-
email: user.email
|
|
258
|
-
}
|
|
259
|
-
})
|
|
260
|
-
case UserStatus.DELETED:
|
|
261
|
-
throw new AuthError({
|
|
262
|
-
errorCode: AuthError.ERROR_CODES.USER_DELETED
|
|
263
|
-
})
|
|
264
|
-
}
|
|
265
|
-
|
|
266
|
-
return user
|
|
267
|
-
}
|
|
268
|
-
}
|
|
269
|
-
|
|
270
|
-
static async checkAuth(decoded) {
|
|
271
|
-
// id 는 하위호환성을 위해 단기적으로 유지함
|
|
272
|
-
const { id, username } = decoded || {}
|
|
273
|
-
|
|
274
|
-
if (!id && !username) {
|
|
275
|
-
throw new AuthError({
|
|
276
|
-
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
277
|
-
})
|
|
278
|
-
}
|
|
279
|
-
|
|
280
|
-
const repository = getRepository(User)
|
|
281
|
-
if (id) {
|
|
282
|
-
var user = await repository.findOne({
|
|
283
|
-
where: { id },
|
|
284
|
-
relations: ['domains', 'credentials'],
|
|
285
|
-
cache: true
|
|
286
|
-
})
|
|
287
|
-
} else {
|
|
288
|
-
var user = await repository.findOne({
|
|
289
|
-
where: { username },
|
|
290
|
-
relations: ['domains', 'credentials'],
|
|
291
|
-
cache: true
|
|
292
|
-
})
|
|
293
|
-
|
|
294
|
-
/*
|
|
295
|
-
정확한 이메일 정규표현식은 /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(username) 이지만,
|
|
296
|
-
appliance 용으로 사용된 이메일로 {{uuid}}@{{domain slugger}} 식으로 사용했으므로
|
|
297
|
-
email 유효성 판단에 /^[^\s@]+@[^\s@]+$/.test(username) 를 사용함.
|
|
298
|
-
*/
|
|
299
|
-
if (!user && /^[^\s@]+@[^\s@]+$/.test(username)) {
|
|
300
|
-
user = await repository.findOne({
|
|
301
|
-
where: {
|
|
302
|
-
email: ILike(username)
|
|
303
|
-
},
|
|
304
|
-
relations: ['domains', 'credentials'],
|
|
305
|
-
cache: true
|
|
306
|
-
})
|
|
307
|
-
}
|
|
308
|
-
}
|
|
309
|
-
|
|
310
|
-
if (!user)
|
|
311
|
-
throw new AuthError({
|
|
312
|
-
errorCode: AuthError.ERROR_CODES.USER_NOT_FOUND
|
|
313
|
-
})
|
|
314
|
-
else {
|
|
315
|
-
switch (user.status) {
|
|
316
|
-
case UserStatus.INACTIVE:
|
|
317
|
-
throw new AuthError({
|
|
318
|
-
errorCode: AuthError.ERROR_CODES.USER_NOT_ACTIVATED,
|
|
319
|
-
detail: {
|
|
320
|
-
email: user.email
|
|
321
|
-
}
|
|
322
|
-
})
|
|
323
|
-
case UserStatus.LOCKED:
|
|
324
|
-
throw new AuthError({
|
|
325
|
-
errorCode: AuthError.ERROR_CODES.USER_LOCKED,
|
|
326
|
-
detail: {
|
|
327
|
-
email: user.email
|
|
328
|
-
}
|
|
329
|
-
})
|
|
330
|
-
case UserStatus.DELETED:
|
|
331
|
-
throw new AuthError({
|
|
332
|
-
errorCode: AuthError.ERROR_CODES.USER_DELETED
|
|
333
|
-
})
|
|
334
|
-
}
|
|
335
|
-
|
|
336
|
-
const { defaultPassword } = config.get('password')
|
|
337
|
-
|
|
338
|
-
if (defaultPassword && user.password === this.encode(defaultPassword, user.salt)) {
|
|
339
|
-
user.status = UserStatus.PWD_RESET_REQUIRED
|
|
340
|
-
}
|
|
341
|
-
|
|
342
|
-
return user
|
|
343
|
-
}
|
|
344
|
-
}
|
|
345
|
-
|
|
346
|
-
static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User): Promise<boolean> {
|
|
347
|
-
const result = await getRepository(Privilege)
|
|
348
|
-
.createQueryBuilder('privilege')
|
|
349
|
-
.innerJoin('privilege.roles', 'role')
|
|
350
|
-
.innerJoin('role.users', 'user')
|
|
351
|
-
.where('privilege.category = :category', { category })
|
|
352
|
-
.andWhere('privilege.name = :privilege', { privilege })
|
|
353
|
-
.andWhere('user.id = :userId', { userId: user.id })
|
|
354
|
-
.andWhere('role.domain.id = :domainId', { domainId: domain.id })
|
|
355
|
-
.getCount()
|
|
356
|
-
|
|
357
|
-
return result > 0
|
|
358
|
-
}
|
|
359
|
-
|
|
360
|
-
static async getPrivilegesByDomain(user: User, domain: Domain): Promise<{ category: string; privilege: string }[]> {
|
|
361
|
-
const result = await getRepository(User)
|
|
362
|
-
.createQueryBuilder('user')
|
|
363
|
-
.leftJoinAndSelect('user.roles', 'role')
|
|
364
|
-
.leftJoinAndSelect('role.privileges', 'privilege')
|
|
365
|
-
.select(['privilege.name AS privilege', 'privilege.category AS category'])
|
|
366
|
-
.where('user.id = :userId', { userId: user.id })
|
|
367
|
-
.andWhere('role.domain.id = :domainId', { domainId: domain.id })
|
|
368
|
-
.orderBy('privilege.category')
|
|
369
|
-
.addOrderBy('privilege.name')
|
|
370
|
-
.getRawMany()
|
|
371
|
-
|
|
372
|
-
const distinct = result.reduce((acc, current) => {
|
|
373
|
-
const last = acc[acc.length - 1]
|
|
374
|
-
if (!last || last.privilege !== current.privilege || last.category !== current.category) {
|
|
375
|
-
acc.push(current)
|
|
376
|
-
}
|
|
377
|
-
return acc
|
|
378
|
-
}, [])
|
|
379
|
-
|
|
380
|
-
return distinct
|
|
381
|
-
}
|
|
382
|
-
|
|
383
|
-
static async getDomainsWithPrivilege(privilege: string, category: string, user: User) {
|
|
384
|
-
return getDomainsWithPrivilege(user, privilege, category)
|
|
385
|
-
}
|
|
386
|
-
}
|
|
@@ -1,71 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
CreateDateColumn,
|
|
3
|
-
UpdateDateColumn,
|
|
4
|
-
DeleteDateColumn,
|
|
5
|
-
Entity,
|
|
6
|
-
Index,
|
|
7
|
-
Column,
|
|
8
|
-
RelationId,
|
|
9
|
-
ManyToOne,
|
|
10
|
-
PrimaryGeneratedColumn,
|
|
11
|
-
VersionColumn
|
|
12
|
-
} from 'typeorm'
|
|
13
|
-
import { ObjectType, Field, Int, ID, registerEnumType } from 'type-graphql'
|
|
14
|
-
|
|
15
|
-
import { Domain } from '@things-factory/shell'
|
|
16
|
-
import { User } from '../user/user'
|
|
17
|
-
import { AuthProvider } from '../auth-provider/auth-provider'
|
|
18
|
-
|
|
19
|
-
@Entity()
|
|
20
|
-
@Index(
|
|
21
|
-
'ix_users_auth_providers_0',
|
|
22
|
-
(usersAuthProviders: UsersAuthProviders) => [
|
|
23
|
-
usersAuthProviders.domain,
|
|
24
|
-
usersAuthProviders.user,
|
|
25
|
-
usersAuthProviders.authProvider
|
|
26
|
-
],
|
|
27
|
-
{ unique: true }
|
|
28
|
-
)
|
|
29
|
-
@ObjectType({ description: 'Entity for UsersAuthProviders' })
|
|
30
|
-
export class UsersAuthProviders {
|
|
31
|
-
@PrimaryGeneratedColumn('uuid')
|
|
32
|
-
@Field(type => ID)
|
|
33
|
-
readonly id: string
|
|
34
|
-
|
|
35
|
-
@ManyToOne(type => Domain)
|
|
36
|
-
@Field(type => Domain)
|
|
37
|
-
domain?: Domain
|
|
38
|
-
|
|
39
|
-
@RelationId((usersAuthProviders: UsersAuthProviders) => usersAuthProviders.domain)
|
|
40
|
-
domainId?: string
|
|
41
|
-
|
|
42
|
-
@ManyToOne(() => User, user => user.usersAuthProviders, {
|
|
43
|
-
onDelete: 'CASCADE'
|
|
44
|
-
})
|
|
45
|
-
@Field(type => User, { nullable: true })
|
|
46
|
-
user: User
|
|
47
|
-
|
|
48
|
-
@RelationId((usersAuthProviders: UsersAuthProviders) => usersAuthProviders.user)
|
|
49
|
-
userId?: string
|
|
50
|
-
|
|
51
|
-
@ManyToOne(() => AuthProvider, authProvider => authProvider.usersAuthProviders, {
|
|
52
|
-
onDelete: 'CASCADE'
|
|
53
|
-
})
|
|
54
|
-
@Field(type => AuthProvider, { nullable: true })
|
|
55
|
-
authProvider: AuthProvider
|
|
56
|
-
|
|
57
|
-
@RelationId((usersAuthProviders: UsersAuthProviders) => usersAuthProviders.authProvider)
|
|
58
|
-
authProviderId?: string
|
|
59
|
-
|
|
60
|
-
@Column()
|
|
61
|
-
@Field({ nullable: true })
|
|
62
|
-
ssoId: string
|
|
63
|
-
|
|
64
|
-
@CreateDateColumn()
|
|
65
|
-
@Field({ nullable: true })
|
|
66
|
-
createdAt?: Date
|
|
67
|
-
|
|
68
|
-
@UpdateDateColumn()
|
|
69
|
-
@Field({ nullable: true })
|
|
70
|
-
updatedAt: Date
|
|
71
|
-
}
|
|
@@ -1,60 +0,0 @@
|
|
|
1
|
-
import { Column, CreateDateColumn, Entity, PrimaryColumn, UpdateDateColumn } from 'typeorm'
|
|
2
|
-
import { config } from '@things-factory/env'
|
|
3
|
-
import { ObjectType, Field, ID } from 'type-graphql'
|
|
4
|
-
const ORMCONFIG = config.get('ormconfig', {})
|
|
5
|
-
const DATABASE_TYPE = ORMCONFIG.type
|
|
6
|
-
|
|
7
|
-
export enum VerificationTokenType {
|
|
8
|
-
ACTIVATION = 'activation',
|
|
9
|
-
PASSWORD_RESET = 'password-reset',
|
|
10
|
-
UNLOCK = 'unlock',
|
|
11
|
-
REQUEST_ACCESS_TOKEN = 'access-token'
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
@Entity()
|
|
15
|
-
@ObjectType()
|
|
16
|
-
export class VerificationToken {
|
|
17
|
-
@PrimaryColumn()
|
|
18
|
-
@Field(type => ID)
|
|
19
|
-
userId: string
|
|
20
|
-
|
|
21
|
-
@Column({
|
|
22
|
-
nullable: false
|
|
23
|
-
})
|
|
24
|
-
@Field()
|
|
25
|
-
token: string
|
|
26
|
-
|
|
27
|
-
@Column({
|
|
28
|
-
nullable: false,
|
|
29
|
-
type:
|
|
30
|
-
DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
|
|
31
|
-
? 'enum'
|
|
32
|
-
: DATABASE_TYPE == 'oracle'
|
|
33
|
-
? 'varchar2'
|
|
34
|
-
: DATABASE_TYPE == 'mssql'
|
|
35
|
-
? 'nvarchar'
|
|
36
|
-
: 'varchar',
|
|
37
|
-
enum:
|
|
38
|
-
DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb'
|
|
39
|
-
? VerificationTokenType
|
|
40
|
-
: undefined,
|
|
41
|
-
length: DATABASE_TYPE == 'postgres' || DATABASE_TYPE == 'mysql' || DATABASE_TYPE == 'mariadb' ? undefined : 32,
|
|
42
|
-
default: VerificationTokenType.ACTIVATION
|
|
43
|
-
})
|
|
44
|
-
@Field()
|
|
45
|
-
type: VerificationTokenType
|
|
46
|
-
|
|
47
|
-
@Column({
|
|
48
|
-
nullable: true
|
|
49
|
-
})
|
|
50
|
-
@Field({ nullable: true })
|
|
51
|
-
suppliment: string
|
|
52
|
-
|
|
53
|
-
@CreateDateColumn()
|
|
54
|
-
@Field()
|
|
55
|
-
createdAt: Date
|
|
56
|
-
|
|
57
|
-
@UpdateDateColumn()
|
|
58
|
-
@Field()
|
|
59
|
-
updatedAt: Date
|
|
60
|
-
}
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
import { Field, ID } from 'type-graphql'
|
|
2
|
-
import {
|
|
3
|
-
CreateDateColumn,
|
|
4
|
-
UpdateDateColumn,
|
|
5
|
-
Entity,
|
|
6
|
-
Index,
|
|
7
|
-
Column,
|
|
8
|
-
RelationId,
|
|
9
|
-
ManyToOne,
|
|
10
|
-
PrimaryGeneratedColumn
|
|
11
|
-
} from 'typeorm'
|
|
12
|
-
|
|
13
|
-
import { User } from '../user/user'
|
|
14
|
-
|
|
15
|
-
@Entity()
|
|
16
|
-
@Index(
|
|
17
|
-
'ix_web_auth_credential_0',
|
|
18
|
-
(webAuthCredential: WebAuthCredential) => [webAuthCredential.user, webAuthCredential.credentialId],
|
|
19
|
-
{ unique: true }
|
|
20
|
-
)
|
|
21
|
-
export class WebAuthCredential {
|
|
22
|
-
@PrimaryGeneratedColumn('uuid')
|
|
23
|
-
@Field(type => ID)
|
|
24
|
-
readonly id: string
|
|
25
|
-
|
|
26
|
-
@ManyToOne(type => User, { nullable: true })
|
|
27
|
-
@Field(type => User, { nullable: true })
|
|
28
|
-
user?: User
|
|
29
|
-
|
|
30
|
-
@RelationId((webAuthCredential: WebAuthCredential) => webAuthCredential.user)
|
|
31
|
-
userId?: string
|
|
32
|
-
|
|
33
|
-
@Column()
|
|
34
|
-
@Field({ nullable: true })
|
|
35
|
-
credentialId: string
|
|
36
|
-
|
|
37
|
-
@Column()
|
|
38
|
-
@Field({ nullable: true })
|
|
39
|
-
publicKey: string
|
|
40
|
-
|
|
41
|
-
@Column()
|
|
42
|
-
@Field({ nullable: true })
|
|
43
|
-
counter: number
|
|
44
|
-
|
|
45
|
-
@CreateDateColumn()
|
|
46
|
-
@Field({ nullable: true })
|
|
47
|
-
createdAt?: Date
|
|
48
|
-
|
|
49
|
-
@UpdateDateColumn()
|
|
50
|
-
@Field({ nullable: true })
|
|
51
|
-
updatedAt?: Date
|
|
52
|
-
|
|
53
|
-
@ManyToOne(type => User, { nullable: true })
|
|
54
|
-
@Field(type => User, { nullable: true })
|
|
55
|
-
creator?: User
|
|
56
|
-
|
|
57
|
-
@RelationId((webAuthCredential: WebAuthCredential) => webAuthCredential.creator)
|
|
58
|
-
creatorId?: string
|
|
59
|
-
|
|
60
|
-
@ManyToOne(type => User, { nullable: true })
|
|
61
|
-
@Field(type => User, { nullable: true })
|
|
62
|
-
updater?: User
|
|
63
|
-
|
|
64
|
-
@RelationId((webAuthCredential: WebAuthCredential) => webAuthCredential.updater)
|
|
65
|
-
updaterId?: string
|
|
66
|
-
}
|