@things-factory/auth-base 8.0.37 → 9.0.0-9.0.0-beta.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config.development.js +46 -0
- package/config/config.production.js +45 -0
- package/dist-client/bootstrap.d.ts +1 -1
- package/dist-client/bootstrap.js +4 -4
- package/dist-client/bootstrap.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +1 -1
- package/dist-client/directive/privileged.js +1 -1
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/index.d.ts +4 -3
- package/dist-client/index.js +4 -3
- package/dist-client/index.js.map +1 -1
- package/dist-client/profiled.js +1 -1
- package/dist-client/profiled.js.map +1 -1
- package/dist-client/reducers/auth.js +1 -1
- package/dist-client/reducers/auth.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-client/verify-webauthn.d.ts +13 -0
- package/dist-client/verify-webauthn.js +72 -0
- package/dist-client/verify-webauthn.js.map +1 -0
- package/dist-server/controllers/auth.d.ts +5 -5
- package/dist-server/controllers/auth.js +5 -5
- package/dist-server/controllers/auth.js.map +1 -1
- package/dist-server/controllers/change-pwd.js +19 -19
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.js +4 -4
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.js +10 -15
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.js +20 -25
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.d.ts +5 -5
- package/dist-server/controllers/profile.js +10 -10
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.js +24 -24
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.d.ts +1 -1
- package/dist-server/controllers/signin.js +25 -30
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.d.ts +1 -1
- package/dist-server/controllers/signup.js +14 -19
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.js +17 -17
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/utils/password-rule.js +4 -4
- package/dist-server/controllers/utils/password-rule.js.map +1 -1
- package/dist-server/controllers/utils/save-invitation-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-invitation-token.js +2 -2
- package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/save-verification-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-verification-token.js +3 -3
- package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
- package/dist-server/controllers/verification.js +23 -23
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/errors/auth-error.js +1 -1
- package/dist-server/errors/auth-error.js.map +1 -1
- package/dist-server/errors/index.d.ts +2 -2
- package/dist-server/errors/index.js +2 -2
- package/dist-server/errors/index.js.map +1 -1
- package/dist-server/errors/user-domain-not-match-error.d.ts +1 -1
- package/dist-server/errors/user-domain-not-match-error.js +8 -8
- package/dist-server/errors/user-domain-not-match-error.js.map +1 -1
- package/dist-server/index.d.ts +16 -16
- package/dist-server/index.js +18 -18
- package/dist-server/index.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +11 -11
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/bypass-signin-middleware.d.ts +1 -0
- package/dist-server/middlewares/bypass-signin-middleware.js +20 -0
- package/dist-server/middlewares/bypass-signin-middleware.js.map +1 -0
- package/dist-server/middlewares/domain-authenticate-middleware.d.ts +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.js +9 -9
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/graphql-authenticate-middleware.js +4 -4
- package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.d.ts +5 -5
- package/dist-server/middlewares/index.js +24 -19
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +15 -15
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +2 -2
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/middlewares/verify-recaptcha-middleware.d.ts +3 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js +95 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js.map +1 -0
- package/dist-server/middlewares/webauthn-middleware.js +7 -7
- package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js +6 -6
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/migrations/1566805283882-SeedPrivilege.js +2 -2
- package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
- package/dist-server/migrations/index.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +17 -20
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +16 -23
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +30 -35
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +7 -13
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +13 -9
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/index.d.ts +9 -9
- package/dist-server/router/index.js +9 -9
- package/dist-server/router/index.js.map +1 -1
- package/dist-server/router/oauth2/index.d.ts +2 -2
- package/dist-server/router/oauth2/index.js +2 -2
- package/dist-server/router/oauth2/index.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +6 -6
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.d.ts +1 -1
- package/dist-server/router/oauth2/oauth2-router.js +21 -21
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.js +21 -21
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/site-root-router.js +4 -4
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/router/webauthn-router.js +58 -8
- package/dist-server/router/webauthn-router.js.map +1 -1
- package/dist-server/routes.js +75 -50
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-mutation.js +4 -4
- package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-query.d.ts +4 -4
- package/dist-server/service/app-binding/app-binding-query.js +22 -22
- package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.d.ts +1 -1
- package/dist-server/service/app-binding/app-binding-types.js +2 -2
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.d.ts +2 -2
- package/dist-server/service/app-binding/app-binding.js +4 -4
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/app-binding/index.d.ts +2 -2
- package/dist-server/service/app-binding/index.js +3 -3
- package/dist-server/service/app-binding/index.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.d.ts +2 -2
- package/dist-server/service/appliance/appliance-mutation.js +32 -45
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-query.d.ts +3 -3
- package/dist-server/service/appliance/appliance-query.js +17 -17
- package/dist-server/service/appliance/appliance-query.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.d.ts +1 -1
- package/dist-server/service/appliance/appliance-types.js +2 -2
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.d.ts +3 -1
- package/dist-server/service/appliance/appliance.js +51 -8
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/appliance/index.d.ts +3 -3
- package/dist-server/service/appliance/index.js +5 -5
- package/dist-server/service/appliance/index.js.map +1 -1
- package/dist-server/service/application/application-mutation.d.ts +8 -8
- package/dist-server/service/application/application-mutation.js +20 -20
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-query.d.ts +2 -2
- package/dist-server/service/application/application-query.js +16 -16
- package/dist-server/service/application/application-query.js.map +1 -1
- package/dist-server/service/application/application-types.d.ts +1 -1
- package/dist-server/service/application/application-types.js +4 -4
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.d.ts +1 -1
- package/dist-server/service/application/application.js +12 -12
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/application/index.d.ts +3 -3
- package/dist-server/service/application/index.js +5 -5
- package/dist-server/service/application/index.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-mutation.d.ts +2 -2
- package/dist-server/service/auth-provider/auth-provider-mutation.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-query.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider-query.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.d.ts +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.js +2 -2
- package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider.js +12 -12
- package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
- package/dist-server/service/auth-provider/index.d.ts +3 -3
- package/dist-server/service/auth-provider/index.js +5 -5
- package/dist-server/service/auth-provider/index.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +11 -11
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.js +3 -3
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/domain-generator/index.d.ts +1 -1
- package/dist-server/service/domain-generator/index.js +2 -2
- package/dist-server/service/domain-generator/index.js.map +1 -1
- package/dist-server/service/domain-link/domain-link-mutation.d.ts +9 -0
- package/dist-server/service/domain-link/domain-link-mutation.js +116 -0
- package/dist-server/service/domain-link/domain-link-mutation.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-query.d.ts +11 -0
- package/dist-server/service/domain-link/domain-link-query.js +75 -0
- package/dist-server/service/domain-link/domain-link-query.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-types.d.ts +18 -0
- package/dist-server/service/domain-link/domain-link-types.js +66 -0
- package/dist-server/service/domain-link/domain-link-types.js.map +1 -0
- package/dist-server/service/domain-link/domain-link.d.ts +28 -0
- package/dist-server/service/domain-link/domain-link.js +105 -0
- package/dist-server/service/domain-link/domain-link.js.map +1 -0
- package/dist-server/service/domain-link/index.d.ts +6 -0
- package/dist-server/service/domain-link/index.js +10 -0
- package/dist-server/service/domain-link/index.js.map +1 -0
- package/dist-server/service/granted-role/granted-role-mutation.d.ts +3 -3
- package/dist-server/service/granted-role/granted-role-mutation.js +17 -17
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-query.d.ts +2 -2
- package/dist-server/service/granted-role/granted-role-query.js +13 -13
- package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.d.ts +1 -1
- package/dist-server/service/granted-role/granted-role.js +3 -3
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/granted-role/index.d.ts +3 -3
- package/dist-server/service/granted-role/index.js +5 -5
- package/dist-server/service/granted-role/index.js.map +1 -1
- package/dist-server/service/index.d.ts +27 -25
- package/dist-server/service/index.js +75 -70
- package/dist-server/service/index.js.map +1 -1
- package/dist-server/service/invitation/index.d.ts +3 -3
- package/dist-server/service/invitation/index.js +5 -5
- package/dist-server/service/invitation/index.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.d.ts +2 -2
- package/dist-server/service/invitation/invitation-mutation.js +10 -10
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-query.d.ts +1 -1
- package/dist-server/service/invitation/invitation-query.js +7 -7
- package/dist-server/service/invitation/invitation-query.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.d.ts +1 -1
- package/dist-server/service/invitation/invitation-types.js +2 -2
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.d.ts +1 -1
- package/dist-server/service/invitation/invitation.js +5 -5
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/index.d.ts +2 -2
- package/dist-server/service/login-history/index.js +4 -4
- package/dist-server/service/login-history/index.js.map +1 -1
- package/dist-server/service/login-history/login-history-query.d.ts +3 -3
- package/dist-server/service/login-history/login-history-query.js +11 -11
- package/dist-server/service/login-history/login-history-query.js.map +1 -1
- package/dist-server/service/login-history/login-history-type.d.ts +1 -1
- package/dist-server/service/login-history/login-history-type.js +2 -2
- package/dist-server/service/login-history/login-history-type.js.map +1 -1
- package/dist-server/service/login-history/login-history.d.ts +1 -1
- package/dist-server/service/login-history/login-history.js +4 -4
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/index.d.ts +3 -3
- package/dist-server/service/partner/index.js +5 -5
- package/dist-server/service/partner/index.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.js +8 -8
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-query.d.ts +3 -3
- package/dist-server/service/partner/partner-query.js +17 -17
- package/dist-server/service/partner/partner-query.js.map +1 -1
- package/dist-server/service/partner/partner-types.d.ts +1 -1
- package/dist-server/service/partner/partner-types.js +2 -2
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.d.ts +1 -1
- package/dist-server/service/partner/partner.js +5 -5
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/index.d.ts +1 -1
- package/dist-server/service/password-history/index.js +2 -2
- package/dist-server/service/password-history/index.js.map +1 -1
- package/dist-server/service/privilege/index.d.ts +3 -3
- package/dist-server/service/privilege/index.js +5 -5
- package/dist-server/service/privilege/index.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +2 -2
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.d.ts +2 -2
- package/dist-server/service/privilege/privilege-mutation.js +15 -15
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +4 -4
- package/dist-server/service/privilege/privilege-query.js +20 -20
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege-types.d.ts +1 -1
- package/dist-server/service/privilege/privilege-types.js +2 -2
- package/dist-server/service/privilege/privilege-types.js.map +1 -1
- package/dist-server/service/privilege/privilege.d.ts +2 -2
- package/dist-server/service/privilege/privilege.js +10 -10
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/index.d.ts +3 -3
- package/dist-server/service/role/index.js +5 -5
- package/dist-server/service/role/index.js.map +1 -1
- package/dist-server/service/role/role-mutation.d.ts +2 -2
- package/dist-server/service/role/role-mutation.js +19 -19
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.d.ts +9 -5
- package/dist-server/service/role/role-query.js +38 -31
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.d.ts +1 -1
- package/dist-server/service/role/role-types.js +2 -2
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.d.ts +2 -2
- package/dist-server/service/role/role.js +12 -12
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/domain-query.d.ts +1 -1
- package/dist-server/service/user/domain-query.js +3 -3
- package/dist-server/service/user/domain-query.js.map +1 -1
- package/dist-server/service/user/index.d.ts +4 -4
- package/dist-server/service/user/index.js +6 -6
- package/dist-server/service/user/index.js.map +1 -1
- package/dist-server/service/user/user-mutation.d.ts +3 -3
- package/dist-server/service/user/user-mutation.js +49 -84
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.d.ts +4 -3
- package/dist-server/service/user/user-query.js +31 -21
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.d.ts +1 -1
- package/dist-server/service/user/user-types.js +2 -2
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +3 -3
- package/dist-server/service/user/user.js +41 -46
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/users-auth-providers/index.d.ts +1 -1
- package/dist-server/service/users-auth-providers/index.js +2 -2
- package/dist-server/service/users-auth-providers/index.js.map +1 -1
- package/dist-server/service/users-auth-providers/users-auth-providers.d.ts +2 -2
- package/dist-server/service/users-auth-providers/users-auth-providers.js +8 -8
- package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
- package/dist-server/service/verification-token/index.d.ts +1 -1
- package/dist-server/service/verification-token/index.js +2 -2
- package/dist-server/service/verification-token/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/index.d.ts +1 -1
- package/dist-server/service/web-auth-credential/index.js +2 -2
- package/dist-server/service/web-auth-credential/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.d.ts +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.js +10 -10
- package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/types.d.ts +1 -1
- package/dist-server/types.js.map +1 -1
- package/dist-server/utils/access-token-cookie.js +2 -2
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-permission.d.ts +2 -2
- package/dist-server/utils/check-permission.js +3 -3
- package/dist-server/utils/check-permission.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.d.ts +1 -1
- package/dist-server/utils/check-user-belongs-domain.js +2 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/get-domain-users.d.ts +1 -1
- package/dist-server/utils/get-domain-users.js +2 -2
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-user-domains.d.ts +2 -2
- package/dist-server/utils/get-user-domains.js +7 -5
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/helps/config/recaptcha.ja.md +49 -0
- package/helps/config/recaptcha.ko.md +49 -0
- package/helps/config/recaptcha.md +49 -0
- package/helps/config/recaptcha.ms.md +49 -0
- package/helps/config/recaptcha.zh.md +49 -0
- package/package.json +7 -6
- package/client/actions/auth.ts +0 -24
- package/client/auth.ts +0 -268
- package/client/bootstrap.ts +0 -47
- package/client/directive/privileged.ts +0 -28
- package/client/index.ts +0 -3
- package/client/profiled.ts +0 -83
- package/client/reducers/auth.ts +0 -31
- package/server/constants/error-code.ts +0 -22
- package/server/constants/error-message.ts +0 -0
- package/server/constants/max-age.ts +0 -1
- package/server/controllers/auth.ts +0 -5
- package/server/controllers/change-pwd.ts +0 -100
- package/server/controllers/checkin.ts +0 -21
- package/server/controllers/delete-user.ts +0 -76
- package/server/controllers/invitation.ts +0 -168
- package/server/controllers/profile.ts +0 -55
- package/server/controllers/reset-password.ts +0 -126
- package/server/controllers/signin.ts +0 -103
- package/server/controllers/signup.ts +0 -77
- package/server/controllers/unlock-user.ts +0 -62
- package/server/controllers/utils/make-invitation-token.ts +0 -5
- package/server/controllers/utils/make-verification-token.ts +0 -4
- package/server/controllers/utils/password-rule.ts +0 -120
- package/server/controllers/utils/save-invitation-token.ts +0 -10
- package/server/controllers/utils/save-verification-token.ts +0 -12
- package/server/controllers/verification.ts +0 -84
- package/server/errors/auth-error.ts +0 -24
- package/server/errors/index.ts +0 -2
- package/server/errors/user-domain-not-match-error.ts +0 -29
- package/server/index.ts +0 -37
- package/server/middlewares/authenticate-401-middleware.ts +0 -114
- package/server/middlewares/domain-authenticate-middleware.ts +0 -73
- package/server/middlewares/graphql-authenticate-middleware.ts +0 -13
- package/server/middlewares/index.ts +0 -67
- package/server/middlewares/jwt-authenticate-middleware.ts +0 -84
- package/server/middlewares/signin-middleware.ts +0 -56
- package/server/middlewares/webauthn-middleware.ts +0 -131
- package/server/migrations/1548206416130-SeedUser.ts +0 -60
- package/server/migrations/1566805283882-SeedPrivilege.ts +0 -28
- package/server/migrations/index.ts +0 -9
- package/server/router/auth-checkin-router.ts +0 -115
- package/server/router/auth-private-process-router.ts +0 -127
- package/server/router/auth-public-process-router.ts +0 -319
- package/server/router/auth-signin-router.ts +0 -76
- package/server/router/auth-signup-router.ts +0 -95
- package/server/router/index.ts +0 -9
- package/server/router/oauth2/index.ts +0 -2
- package/server/router/oauth2/oauth2-authorize-router.ts +0 -81
- package/server/router/oauth2/oauth2-router.ts +0 -165
- package/server/router/oauth2/oauth2-server.ts +0 -262
- package/server/router/oauth2/passport-oauth2-client-password.ts +0 -87
- package/server/router/oauth2/passport-refresh-token.ts +0 -87
- package/server/router/path-base-domain-router.ts +0 -8
- package/server/router/site-root-router.ts +0 -48
- package/server/router/webauthn-router.ts +0 -85
- package/server/routes.ts +0 -89
- package/server/service/app-binding/app-binding-mutation.ts +0 -22
- package/server/service/app-binding/app-binding-query.ts +0 -92
- package/server/service/app-binding/app-binding-types.ts +0 -11
- package/server/service/app-binding/app-binding.ts +0 -17
- package/server/service/app-binding/index.ts +0 -4
- package/server/service/appliance/appliance-mutation.ts +0 -113
- package/server/service/appliance/appliance-query.ts +0 -76
- package/server/service/appliance/appliance-types.ts +0 -56
- package/server/service/appliance/appliance.ts +0 -133
- package/server/service/appliance/index.ts +0 -6
- package/server/service/application/application-mutation.ts +0 -104
- package/server/service/application/application-query.ts +0 -98
- package/server/service/application/application-types.ts +0 -76
- package/server/service/application/application.ts +0 -216
- package/server/service/application/index.ts +0 -6
- package/server/service/auth-provider/auth-provider-mutation.ts +0 -159
- package/server/service/auth-provider/auth-provider-parameter-spec.ts +0 -24
- package/server/service/auth-provider/auth-provider-query.ts +0 -88
- package/server/service/auth-provider/auth-provider-type.ts +0 -67
- package/server/service/auth-provider/auth-provider.ts +0 -155
- package/server/service/auth-provider/index.ts +0 -7
- package/server/service/domain-generator/domain-generator-mutation.ts +0 -117
- package/server/service/domain-generator/domain-generator-types.ts +0 -46
- package/server/service/domain-generator/index.ts +0 -3
- package/server/service/granted-role/granted-role-mutation.ts +0 -156
- package/server/service/granted-role/granted-role-query.ts +0 -60
- package/server/service/granted-role/granted-role.ts +0 -27
- package/server/service/granted-role/index.ts +0 -6
- package/server/service/index.ts +0 -90
- package/server/service/invitation/index.ts +0 -6
- package/server/service/invitation/invitation-mutation.ts +0 -78
- package/server/service/invitation/invitation-query.ts +0 -33
- package/server/service/invitation/invitation-types.ts +0 -11
- package/server/service/invitation/invitation.ts +0 -63
- package/server/service/login-history/index.ts +0 -5
- package/server/service/login-history/login-history-query.ts +0 -51
- package/server/service/login-history/login-history-type.ts +0 -12
- package/server/service/login-history/login-history.ts +0 -45
- package/server/service/partner/index.ts +0 -6
- package/server/service/partner/partner-mutation.ts +0 -61
- package/server/service/partner/partner-query.ts +0 -102
- package/server/service/partner/partner-types.ts +0 -11
- package/server/service/partner/partner.ts +0 -57
- package/server/service/password-history/index.ts +0 -3
- package/server/service/password-history/password-history.ts +0 -16
- package/server/service/privilege/index.ts +0 -6
- package/server/service/privilege/privilege-directive.ts +0 -77
- package/server/service/privilege/privilege-mutation.ts +0 -92
- package/server/service/privilege/privilege-query.ts +0 -94
- package/server/service/privilege/privilege-types.ts +0 -60
- package/server/service/privilege/privilege.ts +0 -102
- package/server/service/role/index.ts +0 -6
- package/server/service/role/role-mutation.ts +0 -109
- package/server/service/role/role-query.ts +0 -155
- package/server/service/role/role-types.ts +0 -81
- package/server/service/role/role.ts +0 -72
- package/server/service/user/domain-query.ts +0 -24
- package/server/service/user/index.ts +0 -7
- package/server/service/user/user-mutation.ts +0 -517
- package/server/service/user/user-query.ts +0 -145
- package/server/service/user/user-types.ts +0 -100
- package/server/service/user/user.ts +0 -386
- package/server/service/users-auth-providers/index.ts +0 -5
- package/server/service/users-auth-providers/users-auth-providers.ts +0 -71
- package/server/service/verification-token/index.ts +0 -3
- package/server/service/verification-token/verification-token.ts +0 -60
- package/server/service/web-auth-credential/index.ts +0 -3
- package/server/service/web-auth-credential/web-auth-credential.ts +0 -66
- package/server/templates/account-unlock-email.ts +0 -65
- package/server/templates/invitation-email.ts +0 -66
- package/server/templates/reset-password-email.ts +0 -65
- package/server/templates/verification-email.ts +0 -66
- package/server/types.ts +0 -21
- package/server/utils/accepts.ts +0 -11
- package/server/utils/access-token-cookie.ts +0 -50
- package/server/utils/check-permission.ts +0 -52
- package/server/utils/check-user-belongs-domain.ts +0 -19
- package/server/utils/check-user-has-role.ts +0 -29
- package/server/utils/encrypt-state.ts +0 -22
- package/server/utils/get-aes-256-key.ts +0 -13
- package/server/utils/get-domain-users.ts +0 -38
- package/server/utils/get-secret.ts +0 -13
- package/server/utils/get-user-domains.ts +0 -115
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
export function getUnlockUserEmailForm({ username, name, resetUrl }) {
|
|
2
|
-
return `
|
|
3
|
-
<html lang="en">
|
|
4
|
-
<head>
|
|
5
|
-
<meta charset="utf-8" />
|
|
6
|
-
|
|
7
|
-
<title>reset password</title>
|
|
8
|
-
<meta name="description" content="Password Reset" />
|
|
9
|
-
<meta name="author" content="hatiolab" />
|
|
10
|
-
<meta name="google" content="notranslate"/>
|
|
11
|
-
</head>
|
|
12
|
-
|
|
13
|
-
<body>
|
|
14
|
-
<div style="background-color:#f6f6f6">
|
|
15
|
-
<!--header begin-->
|
|
16
|
-
<div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
|
|
17
|
-
<a href="#" target="_blank"
|
|
18
|
-
><img
|
|
19
|
-
src="http://www.hatiolab.com/assets/img/logo-operato.png"
|
|
20
|
-
style="max-height:50px"
|
|
21
|
-
/></a>
|
|
22
|
-
</div>
|
|
23
|
-
<!--header end-->
|
|
24
|
-
|
|
25
|
-
<!--title begin-->
|
|
26
|
-
<div
|
|
27
|
-
style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
|
|
28
|
-
>
|
|
29
|
-
<img
|
|
30
|
-
src="http://www.hatiolab.com/assets/img/icon-mail.png"
|
|
31
|
-
style="float:left;margin:0 10px 0 40px"
|
|
32
|
-
/>
|
|
33
|
-
<span style="display:block;color:#fff;font-size:20px"
|
|
34
|
-
>Hi ${name}!</span
|
|
35
|
-
>
|
|
36
|
-
<span style="display:block;color:#fff;font-size:34px;font-weight:bold"
|
|
37
|
-
>Unlock Account</span
|
|
38
|
-
>
|
|
39
|
-
</div>
|
|
40
|
-
<!--title end-->
|
|
41
|
-
|
|
42
|
-
<!--body begin-->
|
|
43
|
-
<p style="padding:10px 20px;line-height:1.5;font-size:16px">
|
|
44
|
-
Click the button below to unlock account and reset password.
|
|
45
|
-
<br />
|
|
46
|
-
<a
|
|
47
|
-
href="${resetUrl}"
|
|
48
|
-
style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
|
|
49
|
-
>unlock account</a
|
|
50
|
-
>
|
|
51
|
-
</p>
|
|
52
|
-
<!--body end-->
|
|
53
|
-
|
|
54
|
-
<!--footer begin-->
|
|
55
|
-
<div
|
|
56
|
-
style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
|
|
57
|
-
>
|
|
58
|
-
© Hatio, Lab. Inc. All rights reserved.
|
|
59
|
-
</div>
|
|
60
|
-
<!--footer end-->
|
|
61
|
-
</div>
|
|
62
|
-
</body>
|
|
63
|
-
</html>
|
|
64
|
-
`
|
|
65
|
-
}
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
export function getInvitationEmailForm({ username, email, acceptUrl }) {
|
|
2
|
-
return `
|
|
3
|
-
<html lang="en">
|
|
4
|
-
<head>
|
|
5
|
-
<meta charset="utf-8" />
|
|
6
|
-
|
|
7
|
-
<title>Invitation from Operato</title>
|
|
8
|
-
<meta name="description" content="Invitation" />
|
|
9
|
-
<meta name="author" content="hatiolab" />
|
|
10
|
-
<meta name="google" content="notranslate"/>
|
|
11
|
-
</head>
|
|
12
|
-
|
|
13
|
-
<body>
|
|
14
|
-
<div style="background-color:#f6f6f6">
|
|
15
|
-
<!--header begin-->
|
|
16
|
-
<div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
|
|
17
|
-
<a href="#" target="_blank"
|
|
18
|
-
><img
|
|
19
|
-
src="http://www.hatiolab.com/assets/img/logo-operato.png"
|
|
20
|
-
style="max-height:50px"
|
|
21
|
-
/></a>
|
|
22
|
-
</div>
|
|
23
|
-
<!--header end-->
|
|
24
|
-
|
|
25
|
-
<!--title begin-->
|
|
26
|
-
<div
|
|
27
|
-
style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
|
|
28
|
-
>
|
|
29
|
-
<img
|
|
30
|
-
src="http://www.hatiolab.com/assets/img/icon-mail.png"
|
|
31
|
-
style="float:left;margin:0 10px 0 40px"
|
|
32
|
-
/>
|
|
33
|
-
<span style="display:block;color:#fff;font-size:20px"
|
|
34
|
-
>Hi ${email}!</span
|
|
35
|
-
>
|
|
36
|
-
<span style="display:block;color:#fff;font-size:34px;font-weight:bold"
|
|
37
|
-
>Verify your email</span
|
|
38
|
-
>
|
|
39
|
-
</div>
|
|
40
|
-
<!--title end-->
|
|
41
|
-
|
|
42
|
-
<!--body begin-->
|
|
43
|
-
<p style="padding:10px 20px;line-height:1.5;font-size:16px">
|
|
44
|
-
You're invited from Operato.
|
|
45
|
-
Simply click the button below to verify your email address.
|
|
46
|
-
<br />
|
|
47
|
-
<a
|
|
48
|
-
href="${acceptUrl}"
|
|
49
|
-
style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
|
|
50
|
-
>Verify</a
|
|
51
|
-
>
|
|
52
|
-
</p>
|
|
53
|
-
<!--body end-->
|
|
54
|
-
|
|
55
|
-
<!--footer begin-->
|
|
56
|
-
<div
|
|
57
|
-
style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
|
|
58
|
-
>
|
|
59
|
-
© Hatio, Lab. Inc. All rights reserved.
|
|
60
|
-
</div>
|
|
61
|
-
<!--footer end-->
|
|
62
|
-
</div>
|
|
63
|
-
</body>
|
|
64
|
-
</html>
|
|
65
|
-
`
|
|
66
|
-
}
|
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
export function getResetPasswordEmailForm({ name, resetUrl }) {
|
|
2
|
-
return `
|
|
3
|
-
<html lang="en">
|
|
4
|
-
<head>
|
|
5
|
-
<meta charset="utf-8" />
|
|
6
|
-
|
|
7
|
-
<title>reset password</title>
|
|
8
|
-
<meta name="description" content="Password Reset" />
|
|
9
|
-
<meta name="author" content="hatiolab" />
|
|
10
|
-
<meta name="google" content="notranslate"/>
|
|
11
|
-
</head>
|
|
12
|
-
|
|
13
|
-
<body>
|
|
14
|
-
<div style="background-color:#f6f6f6">
|
|
15
|
-
<!--header begin-->
|
|
16
|
-
<div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
|
|
17
|
-
<a href="#" target="_blank"
|
|
18
|
-
><img
|
|
19
|
-
src="http://www.hatiolab.com/assets/img/logo-operato.png"
|
|
20
|
-
style="max-height:50px"
|
|
21
|
-
/></a>
|
|
22
|
-
</div>
|
|
23
|
-
<!--header end-->
|
|
24
|
-
|
|
25
|
-
<!--title begin-->
|
|
26
|
-
<div
|
|
27
|
-
style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
|
|
28
|
-
>
|
|
29
|
-
<img
|
|
30
|
-
src="http://www.hatiolab.com/assets/img/icon-mail.png"
|
|
31
|
-
style="float:left;margin:0 10px 0 40px"
|
|
32
|
-
/>
|
|
33
|
-
<span style="display:block;color:#fff;font-size:20px"
|
|
34
|
-
>Hi ${name}!</span
|
|
35
|
-
>
|
|
36
|
-
<span style="display:block;color:#fff;font-size:34px;font-weight:bold"
|
|
37
|
-
>Reset password</span
|
|
38
|
-
>
|
|
39
|
-
</div>
|
|
40
|
-
<!--title end-->
|
|
41
|
-
|
|
42
|
-
<!--body begin-->
|
|
43
|
-
<p style="padding:10px 20px;line-height:1.5;font-size:16px">
|
|
44
|
-
Click the button below to reset password.
|
|
45
|
-
<br />
|
|
46
|
-
<a
|
|
47
|
-
href="${resetUrl}"
|
|
48
|
-
style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
|
|
49
|
-
>reset password</a
|
|
50
|
-
>
|
|
51
|
-
</p>
|
|
52
|
-
<!--body end-->
|
|
53
|
-
|
|
54
|
-
<!--footer begin-->
|
|
55
|
-
<div
|
|
56
|
-
style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
|
|
57
|
-
>
|
|
58
|
-
© Hatio, Lab. Inc. All rights reserved.
|
|
59
|
-
</div>
|
|
60
|
-
<!--footer end-->
|
|
61
|
-
</div>
|
|
62
|
-
</body>
|
|
63
|
-
</html>
|
|
64
|
-
`
|
|
65
|
-
}
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
export function getVerificationEmailForm({ username, name, verifyUrl }) {
|
|
2
|
-
return `
|
|
3
|
-
<html lang="en">
|
|
4
|
-
<head>
|
|
5
|
-
<meta charset="utf-8" />
|
|
6
|
-
|
|
7
|
-
<title>Verify your email</title>
|
|
8
|
-
<meta name="description" content="Email Verification" />
|
|
9
|
-
<meta name="author" content="hatiolab" />
|
|
10
|
-
<meta name="google" content="notranslate"/>
|
|
11
|
-
</head>
|
|
12
|
-
|
|
13
|
-
<body>
|
|
14
|
-
<div style="background-color:#f6f6f6">
|
|
15
|
-
<!--header begin-->
|
|
16
|
-
<div style="background-color:#fff;padding:0 10px;border-top: 2px solid #394e64;">
|
|
17
|
-
<a href="#" target="_blank"
|
|
18
|
-
><img
|
|
19
|
-
src="http://www.hatiolab.com/assets/img/logo-operato.png"
|
|
20
|
-
style="max-height:50px"
|
|
21
|
-
/></a>
|
|
22
|
-
</div>
|
|
23
|
-
<!--header end-->
|
|
24
|
-
|
|
25
|
-
<!--title begin-->
|
|
26
|
-
<div
|
|
27
|
-
style="background-color:#22a6a7;padding:12px 10px 10px 10px;min-height:50px;"
|
|
28
|
-
>
|
|
29
|
-
<img
|
|
30
|
-
src="http://www.hatiolab.com/assets/img/icon-mail.png"
|
|
31
|
-
style="float:left;margin:0 10px 0 40px"
|
|
32
|
-
/>
|
|
33
|
-
<span style="display:block;color:#fff;font-size:20px"
|
|
34
|
-
>Hi ${name}!</span
|
|
35
|
-
>
|
|
36
|
-
<span style="display:block;color:#fff;font-size:34px;font-weight:bold"
|
|
37
|
-
>Verify your email</span
|
|
38
|
-
>
|
|
39
|
-
</div>
|
|
40
|
-
<!--title end-->
|
|
41
|
-
|
|
42
|
-
<!--body begin-->
|
|
43
|
-
<p style="padding:10px 20px;line-height:1.5;font-size:16px">
|
|
44
|
-
You're almost ready to start enjoying Operato.
|
|
45
|
-
Simply click the button below to verify your email address.
|
|
46
|
-
<br />
|
|
47
|
-
<a
|
|
48
|
-
href="${verifyUrl}"
|
|
49
|
-
style="display:inline-block;margin:10px 5px 5px 0;border-radius:7px;background-color:#22a6a7;padding:7px 15px;color:#fff;font-size:18px;text-decoration:none;text-transform:capitalize;"
|
|
50
|
-
>Verify</a
|
|
51
|
-
>
|
|
52
|
-
</p>
|
|
53
|
-
<!--body end-->
|
|
54
|
-
|
|
55
|
-
<!--footer begin-->
|
|
56
|
-
<div
|
|
57
|
-
style="background-color:#3d5874;padding:7px 20px 5px 20px;font-size:12px;color:#efefef"
|
|
58
|
-
>
|
|
59
|
-
© Hatio, Lab. Inc. All rights reserved.
|
|
60
|
-
</div>
|
|
61
|
-
<!--footer end-->
|
|
62
|
-
</div>
|
|
63
|
-
</body>
|
|
64
|
-
</html>
|
|
65
|
-
`
|
|
66
|
-
}
|
package/server/types.ts
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
import { TFunction } from 'i18next'
|
|
2
|
-
import { EntityManager } from 'typeorm'
|
|
3
|
-
|
|
4
|
-
import { Domain } from '@things-factory/shell'
|
|
5
|
-
|
|
6
|
-
import { User } from './service/user/user'
|
|
7
|
-
|
|
8
|
-
declare global {
|
|
9
|
-
export type ResolverContext = {
|
|
10
|
-
state: IContextState
|
|
11
|
-
t?: TFunction
|
|
12
|
-
[key: string]: any
|
|
13
|
-
}
|
|
14
|
-
|
|
15
|
-
interface IContextState {
|
|
16
|
-
domain: Domain
|
|
17
|
-
user: User
|
|
18
|
-
tx?: EntityManager
|
|
19
|
-
[key: string]: any
|
|
20
|
-
}
|
|
21
|
-
}
|
package/server/utils/accepts.ts
DELETED
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
import { config } from '@things-factory/env'
|
|
2
|
-
import { MAX_AGE } from '../constants/max-age'
|
|
3
|
-
|
|
4
|
-
const accessTokenCookieKey = config.get('accessTokenCookieKey', 'access_token')
|
|
5
|
-
|
|
6
|
-
export function getAccessTokenCookie(context) {
|
|
7
|
-
return context?.cookies?.get(accessTokenCookieKey)
|
|
8
|
-
}
|
|
9
|
-
|
|
10
|
-
export function setAccessTokenCookie(context, token) {
|
|
11
|
-
const { secure } = context
|
|
12
|
-
|
|
13
|
-
var cookie = {
|
|
14
|
-
secure,
|
|
15
|
-
httpOnly: true,
|
|
16
|
-
maxAge: MAX_AGE,
|
|
17
|
-
sameSite: 'Lax'
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
context.cookies.set(accessTokenCookieKey, token, cookie)
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
export function setSessionAccessToken(context) {
|
|
24
|
-
/* koa-session 을 사용하는 경우에는, cookie 직접 설정이 작동되지 않는다. 그런 경우에는 session에 설정해서 cookie를 변경한다. */
|
|
25
|
-
const { user } = context.state
|
|
26
|
-
|
|
27
|
-
context.session = {
|
|
28
|
-
id: user.id,
|
|
29
|
-
userType: user.type,
|
|
30
|
-
status: user.state
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
|
|
34
|
-
export function clearAccessTokenCookie(context) {
|
|
35
|
-
const { secure } = context
|
|
36
|
-
|
|
37
|
-
var cookie = {
|
|
38
|
-
secure,
|
|
39
|
-
httpOnly: true,
|
|
40
|
-
sameSite: 'Lax'
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
context.cookies.set(accessTokenCookieKey, '', cookie)
|
|
44
|
-
/*
|
|
45
|
-
* TODO clear i18next cookie as well - need to support domain
|
|
46
|
-
* https://github.com/hatiolab/things-factory/issues/70
|
|
47
|
-
*/
|
|
48
|
-
context.cookies.set('i18next', '', cookie)
|
|
49
|
-
context.session = null
|
|
50
|
-
}
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
import { Domain } from '@things-factory/shell'
|
|
2
|
-
import { PrivilegeObject } from '../service/privilege/privilege'
|
|
3
|
-
import { User } from '../service/user/user'
|
|
4
|
-
|
|
5
|
-
export async function checkPermission(
|
|
6
|
-
privilegeObject: PrivilegeObject,
|
|
7
|
-
user: User,
|
|
8
|
-
domain: Domain,
|
|
9
|
-
unsafeIP?: boolean,
|
|
10
|
-
prohibitedPrivileges?: { category: string; privilege: string }[]
|
|
11
|
-
): Promise<boolean> {
|
|
12
|
-
if (!privilegeObject) {
|
|
13
|
-
return true
|
|
14
|
-
}
|
|
15
|
-
|
|
16
|
-
const { owner: domainOwnerGranted, super: superUserGranted, category, privilege } = privilegeObject
|
|
17
|
-
|
|
18
|
-
if (unsafeIP) {
|
|
19
|
-
if (privilege && category) {
|
|
20
|
-
// unsafeIP 상황에서는 ownership granted는 적용되지 않는다.
|
|
21
|
-
if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
|
|
22
|
-
return false
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
return await User.hasPrivilege(privilege, category, domain, user)
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
// privilege, category가 설정되지 않은 경우에는 ownership granted가 설정되었다면 허가하지 않는다.
|
|
29
|
-
return !domainOwnerGranted && !superUserGranted
|
|
30
|
-
} else {
|
|
31
|
-
if (!privilege || !category) {
|
|
32
|
-
// privilege, category가 설정되지 않은 경우에는 ownership granted만을 적용한다.
|
|
33
|
-
return (
|
|
34
|
-
(domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
|
|
35
|
-
(superUserGranted && (await process.superUserGranted(domain, user)))
|
|
36
|
-
)
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
if (
|
|
40
|
-
(domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
|
|
41
|
-
(superUserGranted && (await process.superUserGranted(domain, user)))
|
|
42
|
-
) {
|
|
43
|
-
return true
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
|
|
47
|
-
return false
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
return await User.hasPrivilege(privilege, category, domain, user)
|
|
51
|
-
}
|
|
52
|
-
}
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
import { Domain, getRepository } from '@things-factory/shell'
|
|
2
|
-
|
|
3
|
-
import { User } from '../service/user/user'
|
|
4
|
-
|
|
5
|
-
/**
|
|
6
|
-
* @description Based on domain and user information,
|
|
7
|
-
* Find out whether the user belongs domain or user has partnership with domain
|
|
8
|
-
*
|
|
9
|
-
* @param domain
|
|
10
|
-
* @param user
|
|
11
|
-
*/
|
|
12
|
-
export async function checkUserBelongsDomain(domain: Domain, user: User): Promise<Boolean> {
|
|
13
|
-
if (!user.domains?.length) {
|
|
14
|
-
user = await getRepository(User).findOne({ where: { id: user.id }, relations: ['domains'] })
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
const { domains: userDomains }: User = user
|
|
18
|
-
return Boolean(userDomains.find((userDomain: Domain) => userDomain.id === domain.id))
|
|
19
|
-
}
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
import { Domain, getRepository } from '@things-factory/shell'
|
|
2
|
-
|
|
3
|
-
import { User } from '../service/user/user.js'
|
|
4
|
-
import { Role } from '../service/role/role.js'
|
|
5
|
-
|
|
6
|
-
/**
|
|
7
|
-
* @description 사용자가 특정 도메인 또는 상위 도메인에서 특정 역할을 가지고 있는지 확인합니다.
|
|
8
|
-
*
|
|
9
|
-
* @param roleId 확인할 역할의 ID
|
|
10
|
-
* @param domain 역할을 확인할 도메인
|
|
11
|
-
* @param user 역할을 확인할 사용자
|
|
12
|
-
*
|
|
13
|
-
* @returns 사용자가 도메인 또는 상위 도메인에서 역할을 가지고 있는지 여부를 나타내는 boolean을 반환하는 Promise
|
|
14
|
-
*/
|
|
15
|
-
export async function checkUserHasRole(roleId: string, domain: Domain, user: User): Promise<Boolean> {
|
|
16
|
-
if (!roleId) {
|
|
17
|
-
return true
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
const me = await getRepository(User).findOne({
|
|
21
|
-
where: { id: user.id },
|
|
22
|
-
relations: ['roles']
|
|
23
|
-
})
|
|
24
|
-
|
|
25
|
-
return me.roles
|
|
26
|
-
.filter(role => role.domainId === domain.id || (domain.parentId && role.domainId === domain.parentId))
|
|
27
|
-
.map(role => role.id)
|
|
28
|
-
.includes(roleId)
|
|
29
|
-
}
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
import crypto from 'crypto'
|
|
2
|
-
|
|
3
|
-
/* only for short-term life state encryption */
|
|
4
|
-
const KEY = crypto.randomBytes(32)
|
|
5
|
-
|
|
6
|
-
export function encryptState(text: string) {
|
|
7
|
-
const iv = crypto.randomBytes(16)
|
|
8
|
-
const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(KEY), iv)
|
|
9
|
-
const encrypted = cipher.update(text)
|
|
10
|
-
|
|
11
|
-
return iv.toString('hex') + ':' + Buffer.concat([encrypted, cipher.final()]).toString('hex')
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
export function decryptState(text: string) {
|
|
15
|
-
const textParts = text.split(':')
|
|
16
|
-
const iv = Buffer.from(textParts.shift(), 'hex')
|
|
17
|
-
const encryptedText = Buffer.from(textParts.join(':'), 'hex')
|
|
18
|
-
const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(KEY), iv)
|
|
19
|
-
const decrypted = decipher.update(encryptedText)
|
|
20
|
-
|
|
21
|
-
return Buffer.concat([decrypted, decipher.final()]).toString()
|
|
22
|
-
}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { config } from '@things-factory/env'
|
|
2
|
-
|
|
3
|
-
var _AES_256_KEY = config.get('AES_256_KEY')
|
|
4
|
-
|
|
5
|
-
if (!_AES_256_KEY) {
|
|
6
|
-
if (process.env.NODE_ENV == 'production') {
|
|
7
|
-
throw new TypeError('AES_256_KEY not configured.')
|
|
8
|
-
} else {
|
|
9
|
-
_AES_256_KEY = 'V6g5oHJZb7KcYzIyL6cM95XvIDouon5b'
|
|
10
|
-
}
|
|
11
|
-
}
|
|
12
|
-
|
|
13
|
-
export const AES_256_KEY = _AES_256_KEY
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
import { EntityManager, Repository, SelectQueryBuilder } from 'typeorm'
|
|
2
|
-
|
|
3
|
-
import { Domain, getRepository } from '@things-factory/shell'
|
|
4
|
-
|
|
5
|
-
import { User } from '../service/user/user'
|
|
6
|
-
|
|
7
|
-
export async function getDomainUsers(domain: Partial<Domain>, trxMgr?: EntityManager): Promise<User[]> {
|
|
8
|
-
const domainRepo: Repository<Domain> = trxMgr?.getRepository(Domain) || getRepository(Domain)
|
|
9
|
-
|
|
10
|
-
if (!domain.id) {
|
|
11
|
-
const foundDomain: Domain = await domainRepo.findOne({ where: { id: domain.id } })
|
|
12
|
-
if (!foundDomain) throw new Error(`Failed to find domain by passed condition, ${domain}`)
|
|
13
|
-
|
|
14
|
-
domain = foundDomain
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id)
|
|
18
|
-
return await qb.getMany()
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
export function buildDomainUsersQueryBuilder(
|
|
22
|
-
domainId: string,
|
|
23
|
-
alias: string = 'USER',
|
|
24
|
-
trxMgr?: EntityManager
|
|
25
|
-
): SelectQueryBuilder<User> {
|
|
26
|
-
const userRepo: Repository<User> = trxMgr?.getRepository(User) || getRepository(User)
|
|
27
|
-
const qb: SelectQueryBuilder<User> = userRepo.createQueryBuilder(alias)
|
|
28
|
-
qb.select().andWhere(
|
|
29
|
-
`${alias}.id IN ${qb
|
|
30
|
-
.subQuery()
|
|
31
|
-
.select('USERS_DOMAINS.users_id')
|
|
32
|
-
.from('users_domains', 'USERS_DOMAINS')
|
|
33
|
-
.where('USERS_DOMAINS.domains_id = :domainId', { domainId })
|
|
34
|
-
.getQuery()}`
|
|
35
|
-
)
|
|
36
|
-
|
|
37
|
-
return qb
|
|
38
|
-
}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { config } from '@things-factory/env'
|
|
2
|
-
|
|
3
|
-
var _SECRET = config.get('SECRET')
|
|
4
|
-
|
|
5
|
-
if (!_SECRET) {
|
|
6
|
-
if (process.env.NODE_ENV == 'production') {
|
|
7
|
-
throw new TypeError('SECRET key not configured.')
|
|
8
|
-
} else {
|
|
9
|
-
_SECRET = '0xD58F835B69D207A76CC5F84a70a1D0d4C79dAC95'
|
|
10
|
-
}
|
|
11
|
-
}
|
|
12
|
-
|
|
13
|
-
export const SECRET = _SECRET
|
|
@@ -1,115 +0,0 @@
|
|
|
1
|
-
import { In } from 'typeorm'
|
|
2
|
-
|
|
3
|
-
import { Domain, getRepository } from '@things-factory/shell'
|
|
4
|
-
|
|
5
|
-
import { User } from '../service/user/user'
|
|
6
|
-
|
|
7
|
-
export async function getUserDomains(user: User, extType?: string): Promise<Partial<Domain>[]> {
|
|
8
|
-
return (
|
|
9
|
-
await getRepository(Domain)
|
|
10
|
-
.createQueryBuilder('DOMAIN')
|
|
11
|
-
.where(qb => {
|
|
12
|
-
const subQuery = qb
|
|
13
|
-
.subQuery()
|
|
14
|
-
.distinct(true)
|
|
15
|
-
.select('DOMAIN.id')
|
|
16
|
-
.from(User, 'USER')
|
|
17
|
-
.leftJoin('USER.roles', 'ROLE')
|
|
18
|
-
.leftJoin('ROLE.domain', 'DOMAIN')
|
|
19
|
-
.where('USER.id = :userId', { userId: user.id })
|
|
20
|
-
.getQuery()
|
|
21
|
-
return 'DOMAIN.id IN ' + subQuery
|
|
22
|
-
})
|
|
23
|
-
.orWhere(qb => {
|
|
24
|
-
const subQuery = qb
|
|
25
|
-
.subQuery()
|
|
26
|
-
.select('DOMAIN.id')
|
|
27
|
-
.from(Domain, 'DOMAIN')
|
|
28
|
-
.where('DOMAIN.owner = :owner', { owner: user.id })
|
|
29
|
-
.getQuery()
|
|
30
|
-
return 'DOMAIN.id IN ' + subQuery
|
|
31
|
-
})
|
|
32
|
-
.orderBy('DOMAIN.name', 'ASC')
|
|
33
|
-
.getMany()
|
|
34
|
-
)
|
|
35
|
-
.filter(domain => !extType || domain.extType == extType)
|
|
36
|
-
.map(domain => {
|
|
37
|
-
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
38
|
-
/* do not remove id column for result */
|
|
39
|
-
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
40
|
-
})
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
// export async function getRoleBasedDomains(user: User): Promise<Partial<Domain>[]> {
|
|
44
|
-
// return (
|
|
45
|
-
// await getRepository(Domain)
|
|
46
|
-
// .createQueryBuilder('DOMAIN')
|
|
47
|
-
// .where(qb => {
|
|
48
|
-
// const subQuery = qb
|
|
49
|
-
// .subQuery()
|
|
50
|
-
// .distinct(true)
|
|
51
|
-
// .select('DOMAIN.id')
|
|
52
|
-
// .from(User, 'USER')
|
|
53
|
-
// .leftJoin('USER.roles', 'ROLE')
|
|
54
|
-
// .leftJoin('ROLE.domain', 'DOMAIN')
|
|
55
|
-
// .where('USER.id = :userId', { userId: user.id })
|
|
56
|
-
// .getQuery()
|
|
57
|
-
// return 'DOMAIN.id IN ' + subQuery
|
|
58
|
-
// })
|
|
59
|
-
// .getMany()
|
|
60
|
-
// ).map(domain => {
|
|
61
|
-
// const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
62
|
-
// return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
63
|
-
// })
|
|
64
|
-
// }
|
|
65
|
-
|
|
66
|
-
export async function getDomainsWithPrivilege(
|
|
67
|
-
user: User,
|
|
68
|
-
privilege: string,
|
|
69
|
-
category: string
|
|
70
|
-
): Promise<Partial<Domain>[]> {
|
|
71
|
-
return (
|
|
72
|
-
await getRepository(Domain)
|
|
73
|
-
.createQueryBuilder('DOMAIN')
|
|
74
|
-
.where(qb => {
|
|
75
|
-
const subQuery = qb
|
|
76
|
-
.subQuery()
|
|
77
|
-
.distinct(true)
|
|
78
|
-
.select('DOMAIN.id')
|
|
79
|
-
.from(User, 'USER')
|
|
80
|
-
.leftJoin('USER.roles', 'ROLE')
|
|
81
|
-
.leftJoin('ROLE.domain', 'DOMAIN')
|
|
82
|
-
.leftJoin('ROLE.privileges', 'PRIVILEGE')
|
|
83
|
-
.where('USER.id = :userId', { userId: user.id })
|
|
84
|
-
.andWhere('PRIVILEGE.name = :privilege', { privilege })
|
|
85
|
-
.andWhere('PRIVILEGE.category = :category', { category })
|
|
86
|
-
.getQuery()
|
|
87
|
-
return 'DOMAIN.id IN ' + subQuery
|
|
88
|
-
})
|
|
89
|
-
.orWhere(qb => {
|
|
90
|
-
const subQuery = qb
|
|
91
|
-
.subQuery()
|
|
92
|
-
.select('DOMAIN.id')
|
|
93
|
-
.from(Domain, 'DOMAIN')
|
|
94
|
-
.where('DOMAIN.owner = :owner', { owner: user.id })
|
|
95
|
-
.getQuery()
|
|
96
|
-
return 'DOMAIN.id IN ' + subQuery
|
|
97
|
-
})
|
|
98
|
-
.orderBy('DOMAIN.name', 'ASC')
|
|
99
|
-
.getMany()
|
|
100
|
-
).map(domain => {
|
|
101
|
-
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
102
|
-
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
103
|
-
})
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
export async function getDomainsAsOwner(user: User): Promise<Partial<Domain>[]> {
|
|
107
|
-
return (
|
|
108
|
-
await getRepository(Domain).find({
|
|
109
|
-
where: { owner: user.id }
|
|
110
|
-
})
|
|
111
|
-
).map(domain => {
|
|
112
|
-
const { id, name, description, subdomain, extType, brandName, brandImage } = domain
|
|
113
|
-
return { id, name, description, subdomain, extType, brandName, brandImage }
|
|
114
|
-
})
|
|
115
|
-
}
|