@things-factory/auth-base 8.0.38 → 9.0.0-9.0.0-beta.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config.development.js +46 -0
- package/config/config.production.js +45 -0
- package/dist-client/bootstrap.d.ts +1 -1
- package/dist-client/bootstrap.js +4 -4
- package/dist-client/bootstrap.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +1 -1
- package/dist-client/directive/privileged.js +1 -1
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/index.d.ts +4 -3
- package/dist-client/index.js +4 -3
- package/dist-client/index.js.map +1 -1
- package/dist-client/profiled.js +1 -1
- package/dist-client/profiled.js.map +1 -1
- package/dist-client/reducers/auth.js +1 -1
- package/dist-client/reducers/auth.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-client/verify-webauthn.d.ts +13 -0
- package/dist-client/verify-webauthn.js +72 -0
- package/dist-client/verify-webauthn.js.map +1 -0
- package/dist-server/controllers/auth.d.ts +5 -5
- package/dist-server/controllers/auth.js +5 -5
- package/dist-server/controllers/auth.js.map +1 -1
- package/dist-server/controllers/change-pwd.js +19 -19
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.js +4 -4
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.js +10 -15
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.js +20 -25
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.d.ts +5 -5
- package/dist-server/controllers/profile.js +10 -10
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.js +24 -24
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.d.ts +1 -1
- package/dist-server/controllers/signin.js +25 -30
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.d.ts +1 -1
- package/dist-server/controllers/signup.js +14 -19
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.js +17 -17
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/utils/password-rule.js +4 -4
- package/dist-server/controllers/utils/password-rule.js.map +1 -1
- package/dist-server/controllers/utils/save-invitation-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-invitation-token.js +2 -2
- package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/save-verification-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-verification-token.js +3 -3
- package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
- package/dist-server/controllers/verification.js +23 -23
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/errors/auth-error.js +1 -1
- package/dist-server/errors/auth-error.js.map +1 -1
- package/dist-server/errors/index.d.ts +2 -2
- package/dist-server/errors/index.js +2 -2
- package/dist-server/errors/index.js.map +1 -1
- package/dist-server/errors/user-domain-not-match-error.d.ts +1 -1
- package/dist-server/errors/user-domain-not-match-error.js +8 -8
- package/dist-server/errors/user-domain-not-match-error.js.map +1 -1
- package/dist-server/index.d.ts +16 -16
- package/dist-server/index.js +18 -18
- package/dist-server/index.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +11 -11
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/bypass-signin-middleware.d.ts +1 -0
- package/dist-server/middlewares/bypass-signin-middleware.js +20 -0
- package/dist-server/middlewares/bypass-signin-middleware.js.map +1 -0
- package/dist-server/middlewares/domain-authenticate-middleware.d.ts +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.js +9 -9
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/graphql-authenticate-middleware.js +4 -4
- package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.d.ts +5 -5
- package/dist-server/middlewares/index.js +24 -19
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +15 -15
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +2 -2
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/middlewares/verify-recaptcha-middleware.d.ts +3 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js +95 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js.map +1 -0
- package/dist-server/middlewares/webauthn-middleware.js +7 -7
- package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js +6 -6
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/migrations/1566805283882-SeedPrivilege.js +2 -2
- package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
- package/dist-server/migrations/index.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +17 -20
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +16 -23
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +30 -35
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +7 -13
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +13 -9
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/index.d.ts +9 -9
- package/dist-server/router/index.js +9 -9
- package/dist-server/router/index.js.map +1 -1
- package/dist-server/router/oauth2/index.d.ts +2 -2
- package/dist-server/router/oauth2/index.js +2 -2
- package/dist-server/router/oauth2/index.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +6 -6
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.d.ts +1 -1
- package/dist-server/router/oauth2/oauth2-router.js +21 -21
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.js +21 -21
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/site-root-router.js +4 -4
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/router/webauthn-router.js +58 -8
- package/dist-server/router/webauthn-router.js.map +1 -1
- package/dist-server/routes.js +75 -50
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-mutation.js +4 -4
- package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-query.d.ts +4 -4
- package/dist-server/service/app-binding/app-binding-query.js +22 -22
- package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.d.ts +1 -1
- package/dist-server/service/app-binding/app-binding-types.js +2 -2
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.d.ts +2 -2
- package/dist-server/service/app-binding/app-binding.js +4 -4
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/app-binding/index.d.ts +2 -2
- package/dist-server/service/app-binding/index.js +3 -3
- package/dist-server/service/app-binding/index.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.d.ts +2 -2
- package/dist-server/service/appliance/appliance-mutation.js +32 -45
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-query.d.ts +3 -3
- package/dist-server/service/appliance/appliance-query.js +17 -17
- package/dist-server/service/appliance/appliance-query.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.d.ts +1 -1
- package/dist-server/service/appliance/appliance-types.js +2 -2
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.d.ts +3 -1
- package/dist-server/service/appliance/appliance.js +51 -8
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/appliance/index.d.ts +3 -3
- package/dist-server/service/appliance/index.js +5 -5
- package/dist-server/service/appliance/index.js.map +1 -1
- package/dist-server/service/application/application-mutation.d.ts +8 -8
- package/dist-server/service/application/application-mutation.js +20 -20
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-query.d.ts +2 -2
- package/dist-server/service/application/application-query.js +16 -16
- package/dist-server/service/application/application-query.js.map +1 -1
- package/dist-server/service/application/application-types.d.ts +1 -1
- package/dist-server/service/application/application-types.js +4 -4
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.d.ts +1 -1
- package/dist-server/service/application/application.js +12 -12
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/application/index.d.ts +3 -3
- package/dist-server/service/application/index.js +5 -5
- package/dist-server/service/application/index.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-mutation.d.ts +2 -2
- package/dist-server/service/auth-provider/auth-provider-mutation.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-query.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider-query.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.d.ts +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.js +2 -2
- package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider.js +12 -12
- package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
- package/dist-server/service/auth-provider/index.d.ts +3 -3
- package/dist-server/service/auth-provider/index.js +5 -5
- package/dist-server/service/auth-provider/index.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +11 -11
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.js +3 -3
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/domain-generator/index.d.ts +1 -1
- package/dist-server/service/domain-generator/index.js +2 -2
- package/dist-server/service/domain-generator/index.js.map +1 -1
- package/dist-server/service/domain-link/domain-link-mutation.d.ts +9 -0
- package/dist-server/service/domain-link/domain-link-mutation.js +116 -0
- package/dist-server/service/domain-link/domain-link-mutation.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-query.d.ts +11 -0
- package/dist-server/service/domain-link/domain-link-query.js +75 -0
- package/dist-server/service/domain-link/domain-link-query.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-types.d.ts +18 -0
- package/dist-server/service/domain-link/domain-link-types.js +66 -0
- package/dist-server/service/domain-link/domain-link-types.js.map +1 -0
- package/dist-server/service/domain-link/domain-link.d.ts +28 -0
- package/dist-server/service/domain-link/domain-link.js +105 -0
- package/dist-server/service/domain-link/domain-link.js.map +1 -0
- package/dist-server/service/domain-link/index.d.ts +6 -0
- package/dist-server/service/domain-link/index.js +10 -0
- package/dist-server/service/domain-link/index.js.map +1 -0
- package/dist-server/service/granted-role/granted-role-mutation.d.ts +3 -3
- package/dist-server/service/granted-role/granted-role-mutation.js +17 -17
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-query.d.ts +2 -2
- package/dist-server/service/granted-role/granted-role-query.js +13 -13
- package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.d.ts +1 -1
- package/dist-server/service/granted-role/granted-role.js +3 -3
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/granted-role/index.d.ts +3 -3
- package/dist-server/service/granted-role/index.js +5 -5
- package/dist-server/service/granted-role/index.js.map +1 -1
- package/dist-server/service/index.d.ts +27 -25
- package/dist-server/service/index.js +75 -70
- package/dist-server/service/index.js.map +1 -1
- package/dist-server/service/invitation/index.d.ts +3 -3
- package/dist-server/service/invitation/index.js +5 -5
- package/dist-server/service/invitation/index.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.d.ts +2 -2
- package/dist-server/service/invitation/invitation-mutation.js +10 -10
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-query.d.ts +1 -1
- package/dist-server/service/invitation/invitation-query.js +7 -7
- package/dist-server/service/invitation/invitation-query.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.d.ts +1 -1
- package/dist-server/service/invitation/invitation-types.js +2 -2
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.d.ts +1 -1
- package/dist-server/service/invitation/invitation.js +5 -5
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/index.d.ts +2 -2
- package/dist-server/service/login-history/index.js +4 -4
- package/dist-server/service/login-history/index.js.map +1 -1
- package/dist-server/service/login-history/login-history-query.d.ts +3 -3
- package/dist-server/service/login-history/login-history-query.js +11 -11
- package/dist-server/service/login-history/login-history-query.js.map +1 -1
- package/dist-server/service/login-history/login-history-type.d.ts +1 -1
- package/dist-server/service/login-history/login-history-type.js +2 -2
- package/dist-server/service/login-history/login-history-type.js.map +1 -1
- package/dist-server/service/login-history/login-history.d.ts +1 -1
- package/dist-server/service/login-history/login-history.js +4 -4
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/index.d.ts +3 -3
- package/dist-server/service/partner/index.js +5 -5
- package/dist-server/service/partner/index.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.js +8 -8
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-query.d.ts +3 -3
- package/dist-server/service/partner/partner-query.js +17 -17
- package/dist-server/service/partner/partner-query.js.map +1 -1
- package/dist-server/service/partner/partner-types.d.ts +1 -1
- package/dist-server/service/partner/partner-types.js +2 -2
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.d.ts +1 -1
- package/dist-server/service/partner/partner.js +5 -5
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/index.d.ts +1 -1
- package/dist-server/service/password-history/index.js +2 -2
- package/dist-server/service/password-history/index.js.map +1 -1
- package/dist-server/service/privilege/index.d.ts +3 -3
- package/dist-server/service/privilege/index.js +5 -5
- package/dist-server/service/privilege/index.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +2 -2
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.d.ts +2 -2
- package/dist-server/service/privilege/privilege-mutation.js +15 -15
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +4 -4
- package/dist-server/service/privilege/privilege-query.js +20 -20
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege-types.d.ts +1 -1
- package/dist-server/service/privilege/privilege-types.js +2 -2
- package/dist-server/service/privilege/privilege-types.js.map +1 -1
- package/dist-server/service/privilege/privilege.d.ts +2 -2
- package/dist-server/service/privilege/privilege.js +10 -10
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/index.d.ts +3 -3
- package/dist-server/service/role/index.js +5 -5
- package/dist-server/service/role/index.js.map +1 -1
- package/dist-server/service/role/role-mutation.d.ts +2 -2
- package/dist-server/service/role/role-mutation.js +19 -19
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.d.ts +9 -5
- package/dist-server/service/role/role-query.js +38 -31
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.d.ts +1 -1
- package/dist-server/service/role/role-types.js +2 -2
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.d.ts +2 -2
- package/dist-server/service/role/role.js +12 -12
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/domain-query.d.ts +1 -1
- package/dist-server/service/user/domain-query.js +3 -3
- package/dist-server/service/user/domain-query.js.map +1 -1
- package/dist-server/service/user/index.d.ts +4 -4
- package/dist-server/service/user/index.js +6 -6
- package/dist-server/service/user/index.js.map +1 -1
- package/dist-server/service/user/user-mutation.d.ts +3 -3
- package/dist-server/service/user/user-mutation.js +49 -84
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.d.ts +4 -3
- package/dist-server/service/user/user-query.js +31 -21
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.d.ts +1 -1
- package/dist-server/service/user/user-types.js +2 -2
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +3 -3
- package/dist-server/service/user/user.js +41 -46
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/users-auth-providers/index.d.ts +1 -1
- package/dist-server/service/users-auth-providers/index.js +2 -2
- package/dist-server/service/users-auth-providers/index.js.map +1 -1
- package/dist-server/service/users-auth-providers/users-auth-providers.d.ts +2 -2
- package/dist-server/service/users-auth-providers/users-auth-providers.js +8 -8
- package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
- package/dist-server/service/verification-token/index.d.ts +1 -1
- package/dist-server/service/verification-token/index.js +2 -2
- package/dist-server/service/verification-token/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/index.d.ts +1 -1
- package/dist-server/service/web-auth-credential/index.js +2 -2
- package/dist-server/service/web-auth-credential/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.d.ts +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.js +10 -10
- package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/types.d.ts +1 -1
- package/dist-server/types.js.map +1 -1
- package/dist-server/utils/access-token-cookie.js +2 -2
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-permission.d.ts +2 -2
- package/dist-server/utils/check-permission.js +3 -3
- package/dist-server/utils/check-permission.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.d.ts +1 -1
- package/dist-server/utils/check-user-belongs-domain.js +2 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/get-domain-users.d.ts +1 -1
- package/dist-server/utils/get-domain-users.js +2 -2
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-user-domains.d.ts +2 -2
- package/dist-server/utils/get-user-domains.js +7 -5
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/helps/config/recaptcha.ja.md +49 -0
- package/helps/config/recaptcha.ko.md +49 -0
- package/helps/config/recaptcha.md +49 -0
- package/helps/config/recaptcha.ms.md +49 -0
- package/helps/config/recaptcha.zh.md +49 -0
- package/package.json +7 -6
- package/client/actions/auth.ts +0 -24
- package/client/auth.ts +0 -268
- package/client/bootstrap.ts +0 -47
- package/client/directive/privileged.ts +0 -28
- package/client/index.ts +0 -3
- package/client/profiled.ts +0 -83
- package/client/reducers/auth.ts +0 -31
- package/server/constants/error-code.ts +0 -22
- package/server/constants/error-message.ts +0 -0
- package/server/constants/max-age.ts +0 -1
- package/server/controllers/auth.ts +0 -5
- package/server/controllers/change-pwd.ts +0 -100
- package/server/controllers/checkin.ts +0 -21
- package/server/controllers/delete-user.ts +0 -76
- package/server/controllers/invitation.ts +0 -168
- package/server/controllers/profile.ts +0 -55
- package/server/controllers/reset-password.ts +0 -126
- package/server/controllers/signin.ts +0 -103
- package/server/controllers/signup.ts +0 -77
- package/server/controllers/unlock-user.ts +0 -62
- package/server/controllers/utils/make-invitation-token.ts +0 -5
- package/server/controllers/utils/make-verification-token.ts +0 -4
- package/server/controllers/utils/password-rule.ts +0 -120
- package/server/controllers/utils/save-invitation-token.ts +0 -10
- package/server/controllers/utils/save-verification-token.ts +0 -12
- package/server/controllers/verification.ts +0 -84
- package/server/errors/auth-error.ts +0 -24
- package/server/errors/index.ts +0 -2
- package/server/errors/user-domain-not-match-error.ts +0 -29
- package/server/index.ts +0 -37
- package/server/middlewares/authenticate-401-middleware.ts +0 -114
- package/server/middlewares/domain-authenticate-middleware.ts +0 -73
- package/server/middlewares/graphql-authenticate-middleware.ts +0 -13
- package/server/middlewares/index.ts +0 -67
- package/server/middlewares/jwt-authenticate-middleware.ts +0 -84
- package/server/middlewares/signin-middleware.ts +0 -56
- package/server/middlewares/webauthn-middleware.ts +0 -131
- package/server/migrations/1548206416130-SeedUser.ts +0 -60
- package/server/migrations/1566805283882-SeedPrivilege.ts +0 -28
- package/server/migrations/index.ts +0 -9
- package/server/router/auth-checkin-router.ts +0 -115
- package/server/router/auth-private-process-router.ts +0 -127
- package/server/router/auth-public-process-router.ts +0 -319
- package/server/router/auth-signin-router.ts +0 -76
- package/server/router/auth-signup-router.ts +0 -95
- package/server/router/index.ts +0 -9
- package/server/router/oauth2/index.ts +0 -2
- package/server/router/oauth2/oauth2-authorize-router.ts +0 -81
- package/server/router/oauth2/oauth2-router.ts +0 -165
- package/server/router/oauth2/oauth2-server.ts +0 -262
- package/server/router/oauth2/passport-oauth2-client-password.ts +0 -87
- package/server/router/oauth2/passport-refresh-token.ts +0 -87
- package/server/router/path-base-domain-router.ts +0 -8
- package/server/router/site-root-router.ts +0 -48
- package/server/router/webauthn-router.ts +0 -85
- package/server/routes.ts +0 -89
- package/server/service/app-binding/app-binding-mutation.ts +0 -22
- package/server/service/app-binding/app-binding-query.ts +0 -92
- package/server/service/app-binding/app-binding-types.ts +0 -11
- package/server/service/app-binding/app-binding.ts +0 -17
- package/server/service/app-binding/index.ts +0 -4
- package/server/service/appliance/appliance-mutation.ts +0 -113
- package/server/service/appliance/appliance-query.ts +0 -76
- package/server/service/appliance/appliance-types.ts +0 -56
- package/server/service/appliance/appliance.ts +0 -133
- package/server/service/appliance/index.ts +0 -6
- package/server/service/application/application-mutation.ts +0 -104
- package/server/service/application/application-query.ts +0 -98
- package/server/service/application/application-types.ts +0 -76
- package/server/service/application/application.ts +0 -216
- package/server/service/application/index.ts +0 -6
- package/server/service/auth-provider/auth-provider-mutation.ts +0 -159
- package/server/service/auth-provider/auth-provider-parameter-spec.ts +0 -24
- package/server/service/auth-provider/auth-provider-query.ts +0 -88
- package/server/service/auth-provider/auth-provider-type.ts +0 -67
- package/server/service/auth-provider/auth-provider.ts +0 -155
- package/server/service/auth-provider/index.ts +0 -7
- package/server/service/domain-generator/domain-generator-mutation.ts +0 -117
- package/server/service/domain-generator/domain-generator-types.ts +0 -46
- package/server/service/domain-generator/index.ts +0 -3
- package/server/service/granted-role/granted-role-mutation.ts +0 -156
- package/server/service/granted-role/granted-role-query.ts +0 -60
- package/server/service/granted-role/granted-role.ts +0 -27
- package/server/service/granted-role/index.ts +0 -6
- package/server/service/index.ts +0 -90
- package/server/service/invitation/index.ts +0 -6
- package/server/service/invitation/invitation-mutation.ts +0 -78
- package/server/service/invitation/invitation-query.ts +0 -33
- package/server/service/invitation/invitation-types.ts +0 -11
- package/server/service/invitation/invitation.ts +0 -63
- package/server/service/login-history/index.ts +0 -5
- package/server/service/login-history/login-history-query.ts +0 -51
- package/server/service/login-history/login-history-type.ts +0 -12
- package/server/service/login-history/login-history.ts +0 -45
- package/server/service/partner/index.ts +0 -6
- package/server/service/partner/partner-mutation.ts +0 -61
- package/server/service/partner/partner-query.ts +0 -102
- package/server/service/partner/partner-types.ts +0 -11
- package/server/service/partner/partner.ts +0 -57
- package/server/service/password-history/index.ts +0 -3
- package/server/service/password-history/password-history.ts +0 -16
- package/server/service/privilege/index.ts +0 -6
- package/server/service/privilege/privilege-directive.ts +0 -77
- package/server/service/privilege/privilege-mutation.ts +0 -92
- package/server/service/privilege/privilege-query.ts +0 -94
- package/server/service/privilege/privilege-types.ts +0 -60
- package/server/service/privilege/privilege.ts +0 -102
- package/server/service/role/index.ts +0 -6
- package/server/service/role/role-mutation.ts +0 -109
- package/server/service/role/role-query.ts +0 -155
- package/server/service/role/role-types.ts +0 -81
- package/server/service/role/role.ts +0 -72
- package/server/service/user/domain-query.ts +0 -24
- package/server/service/user/index.ts +0 -7
- package/server/service/user/user-mutation.ts +0 -517
- package/server/service/user/user-query.ts +0 -145
- package/server/service/user/user-types.ts +0 -100
- package/server/service/user/user.ts +0 -386
- package/server/service/users-auth-providers/index.ts +0 -5
- package/server/service/users-auth-providers/users-auth-providers.ts +0 -71
- package/server/service/verification-token/index.ts +0 -3
- package/server/service/verification-token/verification-token.ts +0 -60
- package/server/service/web-auth-credential/index.ts +0 -3
- package/server/service/web-auth-credential/web-auth-credential.ts +0 -66
- package/server/templates/account-unlock-email.ts +0 -65
- package/server/templates/invitation-email.ts +0 -66
- package/server/templates/reset-password-email.ts +0 -65
- package/server/templates/verification-email.ts +0 -66
- package/server/types.ts +0 -21
- package/server/utils/accepts.ts +0 -11
- package/server/utils/access-token-cookie.ts +0 -50
- package/server/utils/check-permission.ts +0 -52
- package/server/utils/check-user-belongs-domain.ts +0 -19
- package/server/utils/check-user-has-role.ts +0 -29
- package/server/utils/encrypt-state.ts +0 -22
- package/server/utils/get-aes-256-key.ts +0 -13
- package/server/utils/get-domain-users.ts +0 -38
- package/server/utils/get-secret.ts +0 -13
- package/server/utils/get-user-domains.ts +0 -115
|
@@ -1,120 +0,0 @@
|
|
|
1
|
-
import i18next from 'i18next'
|
|
2
|
-
|
|
3
|
-
import { config } from '@things-factory/env'
|
|
4
|
-
|
|
5
|
-
import { PASSWORD_PATTERN_NOT_MATCHED } from '../../constants/error-code'
|
|
6
|
-
import { AuthError } from '../../errors/auth-error'
|
|
7
|
-
|
|
8
|
-
const passwordConfig = config.get('password') || {
|
|
9
|
-
lowerCase: true,
|
|
10
|
-
upperCase: true,
|
|
11
|
-
digit: true,
|
|
12
|
-
specialCharacter: true,
|
|
13
|
-
allowRepeat: false,
|
|
14
|
-
useTightPattern: true,
|
|
15
|
-
useLoosePattern: false,
|
|
16
|
-
tightCharacterLength: 8,
|
|
17
|
-
looseCharacterLength: 15
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
function generatePasswordPatternRegExp({
|
|
21
|
-
lowerCase = true,
|
|
22
|
-
upperCase = true,
|
|
23
|
-
digit = true,
|
|
24
|
-
specialCharacter = true,
|
|
25
|
-
allowRepeat = false,
|
|
26
|
-
useTightPattern = true,
|
|
27
|
-
useLoosePattern = false,
|
|
28
|
-
tightCharacterLength = 8,
|
|
29
|
-
looseCharacterLength = 15
|
|
30
|
-
} = {}) {
|
|
31
|
-
var tightChecklist = useTightPattern
|
|
32
|
-
? [
|
|
33
|
-
lowerCase ? '(?=.*[a-z])' : '', // has at least one lower case character
|
|
34
|
-
upperCase ? '(?=.*[A-Z])' : '', // has at least one upper case character
|
|
35
|
-
digit ? '(?=.*\\d)' : '', // has at least one digit
|
|
36
|
-
specialCharacter ? '(?=.*[!@#$%^&*()])' : '', // has at least one special character
|
|
37
|
-
!allowRepeat ? '(?!.*(.)\\1(?=\\1{1,}))' : '', // has not an repeated character more than twice
|
|
38
|
-
`.{${tightCharacterLength},}` // has a length of 8 and more
|
|
39
|
-
]
|
|
40
|
-
: []
|
|
41
|
-
|
|
42
|
-
var looseChecklist = useLoosePattern
|
|
43
|
-
? [
|
|
44
|
-
`.{${looseCharacterLength},}` // has a length of 15 and more
|
|
45
|
-
]
|
|
46
|
-
: []
|
|
47
|
-
|
|
48
|
-
var checkList = [
|
|
49
|
-
'^', // from start
|
|
50
|
-
...tightChecklist,
|
|
51
|
-
tightChecklist.length && looseChecklist.length ? '|' : '',
|
|
52
|
-
...looseChecklist,
|
|
53
|
-
'$' //to the end"
|
|
54
|
-
]
|
|
55
|
-
|
|
56
|
-
return new RegExp(checkList.join(''))
|
|
57
|
-
}
|
|
58
|
-
|
|
59
|
-
export function generatePasswordPatternHelp(
|
|
60
|
-
{
|
|
61
|
-
lowerCase = true,
|
|
62
|
-
upperCase = true,
|
|
63
|
-
digit = true,
|
|
64
|
-
specialCharacter = true,
|
|
65
|
-
allowRepeat = false,
|
|
66
|
-
useTightPattern = true,
|
|
67
|
-
useLoosePattern = false,
|
|
68
|
-
tightCharacterLength = 8,
|
|
69
|
-
looseCharacterLength = 15
|
|
70
|
-
} = {},
|
|
71
|
-
lng
|
|
72
|
-
) {
|
|
73
|
-
lng = lng || 'en-US'
|
|
74
|
-
var descriptions = []
|
|
75
|
-
|
|
76
|
-
const t = i18next.getFixedT(lng, 'translations')
|
|
77
|
-
|
|
78
|
-
if (useLoosePattern) {
|
|
79
|
-
descriptions.push(`more than ${looseCharacterLength} characters`)
|
|
80
|
-
}
|
|
81
|
-
|
|
82
|
-
if (useTightPattern) {
|
|
83
|
-
!useLoosePattern &&
|
|
84
|
-
descriptions.push(
|
|
85
|
-
t('text.pattern_minimum_charaters', {
|
|
86
|
-
length: tightCharacterLength
|
|
87
|
-
})
|
|
88
|
-
)
|
|
89
|
-
lowerCase && descriptions.push(t('text.pattern_atleast_1_lowercase'))
|
|
90
|
-
upperCase && descriptions.push(t('text.pattern_atleast_1_uppercase'))
|
|
91
|
-
digit && descriptions.push(t('text.pattern_atleast_1_digit'))
|
|
92
|
-
specialCharacter && descriptions.push(t('text.pattern_atleast_1_special'))
|
|
93
|
-
!allowRepeat && descriptions.push(t('text.pattern_not_allowed'))
|
|
94
|
-
}
|
|
95
|
-
|
|
96
|
-
return descriptions.join(', ')
|
|
97
|
-
}
|
|
98
|
-
|
|
99
|
-
export const passwordPattern = generatePasswordPatternRegExp(passwordConfig)
|
|
100
|
-
export function passwordHelp(lng) {
|
|
101
|
-
return generatePasswordPatternHelp(passwordConfig, lng)
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
export function validatePasswordByRule(password, lng) {
|
|
105
|
-
if (!passwordPattern) {
|
|
106
|
-
return
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
if (passwordPattern.test(password)) {
|
|
110
|
-
return
|
|
111
|
-
}
|
|
112
|
-
|
|
113
|
-
const rule = generatePasswordPatternHelp(passwordConfig, lng)
|
|
114
|
-
throw new AuthError({
|
|
115
|
-
errorCode: PASSWORD_PATTERN_NOT_MATCHED,
|
|
116
|
-
detail: {
|
|
117
|
-
rule
|
|
118
|
-
}
|
|
119
|
-
})
|
|
120
|
-
}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import { getRepository } from '@things-factory/shell'
|
|
2
|
-
|
|
3
|
-
import { VerificationToken, VerificationTokenType } from '../../service/verification-token/verification-token'
|
|
4
|
-
|
|
5
|
-
export async function saveVerificationToken(id, token, type = VerificationTokenType.ACTIVATION) {
|
|
6
|
-
const verificationRepo = getRepository(VerificationToken)
|
|
7
|
-
return await verificationRepo.save({
|
|
8
|
-
userId: id,
|
|
9
|
-
token,
|
|
10
|
-
type
|
|
11
|
-
})
|
|
12
|
-
}
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
import { URL } from 'url'
|
|
2
|
-
|
|
3
|
-
import { sendEmail } from '@things-factory/email-base'
|
|
4
|
-
import { getRepository } from '@things-factory/shell'
|
|
5
|
-
|
|
6
|
-
import { AuthError } from '../errors/auth-error'
|
|
7
|
-
import { User, UserStatus } from '../service/user/user'
|
|
8
|
-
import { VerificationToken } from '../service/verification-token/verification-token'
|
|
9
|
-
import { getVerificationEmailForm } from '../templates/verification-email'
|
|
10
|
-
import { makeVerificationToken } from './utils/make-verification-token'
|
|
11
|
-
import { saveVerificationToken } from './utils/save-verification-token'
|
|
12
|
-
|
|
13
|
-
export async function sendVerificationEmail({ user, context }) {
|
|
14
|
-
try {
|
|
15
|
-
var token = makeVerificationToken()
|
|
16
|
-
var verifaction = await saveVerificationToken(user.id, token)
|
|
17
|
-
|
|
18
|
-
if (verifaction) {
|
|
19
|
-
var serviceUrl = new URL(`/auth/verify/${token}`, context.header.referer)
|
|
20
|
-
await sendEmail({
|
|
21
|
-
receiver: user.email,
|
|
22
|
-
subject: 'Verify your email',
|
|
23
|
-
content: getVerificationEmailForm({
|
|
24
|
-
username: user.username,
|
|
25
|
-
name: user.name,
|
|
26
|
-
verifyUrl: serviceUrl
|
|
27
|
-
})
|
|
28
|
-
})
|
|
29
|
-
|
|
30
|
-
return true
|
|
31
|
-
}
|
|
32
|
-
} catch (e) {
|
|
33
|
-
return false
|
|
34
|
-
}
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
export async function verify(token) {
|
|
38
|
-
var verification = await getRepository(VerificationToken).findOne({
|
|
39
|
-
where: {
|
|
40
|
-
token
|
|
41
|
-
}
|
|
42
|
-
})
|
|
43
|
-
|
|
44
|
-
if (!verification) {
|
|
45
|
-
throw new AuthError({
|
|
46
|
-
errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR
|
|
47
|
-
})
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
var userInfo = await getRepository(User).findOneBy({ id: verification.userId })
|
|
51
|
-
if (!userInfo) {
|
|
52
|
-
throw new AuthError({
|
|
53
|
-
errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR
|
|
54
|
-
})
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
if (!(userInfo.status == UserStatus.INACTIVE || userInfo.status == UserStatus.LOCKED)) {
|
|
58
|
-
throw new AuthError({
|
|
59
|
-
errorCode: AuthError.ERROR_CODES.VERIFICATION_ERROR
|
|
60
|
-
})
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
userInfo.status = UserStatus.ACTIVATED
|
|
64
|
-
userInfo.failCount = 0
|
|
65
|
-
|
|
66
|
-
await getRepository(User).save(userInfo)
|
|
67
|
-
await getRepository(VerificationToken).delete(verification)
|
|
68
|
-
}
|
|
69
|
-
|
|
70
|
-
export async function resendVerificationEmail(email, context) {
|
|
71
|
-
var user = await getRepository(User).findOne({
|
|
72
|
-
where: {
|
|
73
|
-
email
|
|
74
|
-
}
|
|
75
|
-
})
|
|
76
|
-
|
|
77
|
-
if (!user) return false
|
|
78
|
-
if (user.status == UserStatus.ACTIVATED) return false
|
|
79
|
-
|
|
80
|
-
return await sendVerificationEmail({
|
|
81
|
-
user,
|
|
82
|
-
context
|
|
83
|
-
})
|
|
84
|
-
}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import * as ERROR_CODES from '../constants/error-code'
|
|
2
|
-
|
|
3
|
-
type AuthErrorArgument = {
|
|
4
|
-
errorCode: string
|
|
5
|
-
detail?: Object
|
|
6
|
-
}
|
|
7
|
-
export class AuthError extends Error {
|
|
8
|
-
static get ERROR_CODES(): any {
|
|
9
|
-
return {
|
|
10
|
-
...ERROR_CODES
|
|
11
|
-
}
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
errorCode: any
|
|
15
|
-
detail: Object
|
|
16
|
-
|
|
17
|
-
constructor({ errorCode, detail }: AuthErrorArgument) {
|
|
18
|
-
super(errorCode)
|
|
19
|
-
|
|
20
|
-
this.name = 'auth-error'
|
|
21
|
-
this.errorCode = errorCode
|
|
22
|
-
this.detail = detail
|
|
23
|
-
}
|
|
24
|
-
}
|
package/server/errors/index.ts
DELETED
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
NO_AVAILABLE_DOMAIN,
|
|
3
|
-
NO_SELECTED_DOMAIN,
|
|
4
|
-
REDIRECT_TO_DEFAULT_DOMAIN,
|
|
5
|
-
UNAVAILABLE_DOMAIN
|
|
6
|
-
} from '../constants/error-code'
|
|
7
|
-
import { AuthError } from './auth-error'
|
|
8
|
-
|
|
9
|
-
export class DomainError extends AuthError {
|
|
10
|
-
static get ERROR_CODES(): any {
|
|
11
|
-
return {
|
|
12
|
-
UNAVAILABLE_DOMAIN,
|
|
13
|
-
NO_AVAILABLE_DOMAIN,
|
|
14
|
-
NO_SELECTED_DOMAIN,
|
|
15
|
-
REDIRECT_TO_DEFAULT_DOMAIN
|
|
16
|
-
}
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
domains: any
|
|
20
|
-
|
|
21
|
-
constructor({ errorCode = UNAVAILABLE_DOMAIN, domains }) {
|
|
22
|
-
super({
|
|
23
|
-
errorCode
|
|
24
|
-
})
|
|
25
|
-
|
|
26
|
-
this.name = 'user-domain-not-match'
|
|
27
|
-
this.domains = domains
|
|
28
|
-
}
|
|
29
|
-
}
|
package/server/index.ts
DELETED
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
import { getRepository } from '@things-factory/shell'
|
|
2
|
-
import { Privilege } from './service/privilege/privilege'
|
|
3
|
-
|
|
4
|
-
import './routes'
|
|
5
|
-
|
|
6
|
-
export * from './service'
|
|
7
|
-
export * from './migrations'
|
|
8
|
-
|
|
9
|
-
export * from './middlewares'
|
|
10
|
-
export * from './routes'
|
|
11
|
-
export * from './router'
|
|
12
|
-
|
|
13
|
-
export * from './utils/get-domain-users'
|
|
14
|
-
export * from './utils/get-user-domains'
|
|
15
|
-
export * from './utils/get-secret'
|
|
16
|
-
export * from './utils/check-user-belongs-domain'
|
|
17
|
-
export * from './utils/access-token-cookie'
|
|
18
|
-
export * from './utils/encrypt-state'
|
|
19
|
-
export * from './utils/check-permission'
|
|
20
|
-
export * from './utils/check-user-has-role'
|
|
21
|
-
|
|
22
|
-
export * from './errors'
|
|
23
|
-
|
|
24
|
-
export * from './types'
|
|
25
|
-
|
|
26
|
-
process.on('bootstrap-module-start' as any, async ({ app, config, client }: any) => {
|
|
27
|
-
const privileges = process['PRIVILEGES']
|
|
28
|
-
const privilegeRepository = getRepository(Privilege)
|
|
29
|
-
|
|
30
|
-
for (const [category, name] of Object.values(privileges as [string, string])) {
|
|
31
|
-
if (0 == (await privilegeRepository.count({ where: { category, name } }))) {
|
|
32
|
-
await privilegeRepository.save({ category, name })
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
console.log('[auth-base:bootstrap] Synchronization for privilege master has just done.')
|
|
37
|
-
})
|
|
@@ -1,114 +0,0 @@
|
|
|
1
|
-
import { config } from '@things-factory/env'
|
|
2
|
-
|
|
3
|
-
import { SUBDOMAIN_NOTFOUND, USER_DUPLICATED, USER_LOCKED, USER_NOT_ACTIVATED } from '../constants/error-code'
|
|
4
|
-
import { AuthError } from '../errors/auth-error'
|
|
5
|
-
import { accepts } from '../utils/accepts'
|
|
6
|
-
|
|
7
|
-
const disableUserSignupProcess = config.get('disableUserSignupProcess', false)
|
|
8
|
-
const disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)
|
|
9
|
-
const languages = config.get('i18n/languages', false)
|
|
10
|
-
|
|
11
|
-
export async function authenticate401Middleware(context, next) {
|
|
12
|
-
try {
|
|
13
|
-
await next()
|
|
14
|
-
} catch (err) {
|
|
15
|
-
var message
|
|
16
|
-
|
|
17
|
-
if (err instanceof AuthError) {
|
|
18
|
-
message = (context.t && context.t(`error.${err.errorCode}`, err.detail || {})) || err.errorCode
|
|
19
|
-
} else {
|
|
20
|
-
if (err?.status !== 401) {
|
|
21
|
-
throw err
|
|
22
|
-
}
|
|
23
|
-
|
|
24
|
-
message = err.message
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
context.status = 401
|
|
28
|
-
context.body = message
|
|
29
|
-
|
|
30
|
-
/*
|
|
31
|
-
* 클라이언트 라우팅을 위한 ApiHistoryFallback의 상황과,
|
|
32
|
-
* 서버라우팅의 상황에서 발생하는 던져지는 401 에러인 경우에는
|
|
33
|
-
* error code에 맞춰서 적절하게 rewriting 되도록 한다.
|
|
34
|
-
*/
|
|
35
|
-
|
|
36
|
-
const { method, header, path, originalUrl } = context
|
|
37
|
-
|
|
38
|
-
if (method == 'POST' && path.startsWith('/graphql')) {
|
|
39
|
-
if (err.errorCode == SUBDOMAIN_NOTFOUND) {
|
|
40
|
-
context.status = 403
|
|
41
|
-
}
|
|
42
|
-
return
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
if (!accepts(header.accept, ['text/html', '*/*'])) {
|
|
46
|
-
return
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
const { redirect_to } = context.query
|
|
50
|
-
const { redirectTo = redirect_to || originalUrl } = context.request.body || {}
|
|
51
|
-
|
|
52
|
-
switch (err.errorCode) {
|
|
53
|
-
case SUBDOMAIN_NOTFOUND:
|
|
54
|
-
context.redirect(`/auth/checkin?redirect_to=${encodeURIComponent(redirectTo)}`)
|
|
55
|
-
break
|
|
56
|
-
|
|
57
|
-
case USER_LOCKED:
|
|
58
|
-
return await context.render('auth-page', {
|
|
59
|
-
pageElement: 'auth-activate',
|
|
60
|
-
elementScript: '/auth/activate.js',
|
|
61
|
-
data: {
|
|
62
|
-
...err.detail,
|
|
63
|
-
message,
|
|
64
|
-
redirectTo,
|
|
65
|
-
disableUserSignupProcess,
|
|
66
|
-
disableUserFavoredLanguage,
|
|
67
|
-
languages
|
|
68
|
-
}
|
|
69
|
-
})
|
|
70
|
-
|
|
71
|
-
case USER_NOT_ACTIVATED:
|
|
72
|
-
return await context.render('auth-page', {
|
|
73
|
-
pageElement: 'auth-activate',
|
|
74
|
-
elementScript: '/auth/activate.js',
|
|
75
|
-
data: {
|
|
76
|
-
...err.detail,
|
|
77
|
-
message,
|
|
78
|
-
redirectTo,
|
|
79
|
-
disableUserSignupProcess,
|
|
80
|
-
disableUserFavoredLanguage,
|
|
81
|
-
languages
|
|
82
|
-
}
|
|
83
|
-
})
|
|
84
|
-
|
|
85
|
-
case USER_DUPLICATED:
|
|
86
|
-
return await context.render('auth-page', {
|
|
87
|
-
pageElement: 'auth-signup',
|
|
88
|
-
elementScript: '/auth/signup.js',
|
|
89
|
-
data: {
|
|
90
|
-
...err.detail,
|
|
91
|
-
message,
|
|
92
|
-
redirectTo,
|
|
93
|
-
disableUserSignupProcess,
|
|
94
|
-
disableUserFavoredLanguage,
|
|
95
|
-
languages
|
|
96
|
-
}
|
|
97
|
-
})
|
|
98
|
-
|
|
99
|
-
default:
|
|
100
|
-
return await context.render('auth-page', {
|
|
101
|
-
pageElement: 'auth-signin',
|
|
102
|
-
elementScript: '/auth/signin.js',
|
|
103
|
-
data: {
|
|
104
|
-
...err.detail,
|
|
105
|
-
message: err instanceof AuthError ? message : '',
|
|
106
|
-
redirectTo,
|
|
107
|
-
disableUserSignupProcess,
|
|
108
|
-
disableUserFavoredLanguage,
|
|
109
|
-
languages
|
|
110
|
-
}
|
|
111
|
-
})
|
|
112
|
-
}
|
|
113
|
-
}
|
|
114
|
-
}
|
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
import { Domain, getRepository } from '@things-factory/shell'
|
|
2
|
-
|
|
3
|
-
import { AuthError } from '../errors/auth-error'
|
|
4
|
-
import { User } from '../service/user/user'
|
|
5
|
-
import { getUserDomains } from '../utils/get-user-domains'
|
|
6
|
-
|
|
7
|
-
declare global {
|
|
8
|
-
namespace NodeJS {
|
|
9
|
-
interface Process {
|
|
10
|
-
domainOwnerGranted: (domain: Domain, user: User) => Promise<boolean>
|
|
11
|
-
superUserGranted: (domain: Domain, user: User) => Promise<boolean>
|
|
12
|
-
}
|
|
13
|
-
}
|
|
14
|
-
}
|
|
15
|
-
|
|
16
|
-
process.domainOwnerGranted = async (domain: Domain, user: User): Promise<boolean> => {
|
|
17
|
-
return user && domain && domain.owner === user.id
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
process.superUserGranted = async (domain: Domain, user: User): Promise<boolean> => {
|
|
21
|
-
if (!user) {
|
|
22
|
-
return false
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
if (!user.domains.length) {
|
|
26
|
-
user = await getRepository(User).findOne({
|
|
27
|
-
where: { id: user.id },
|
|
28
|
-
relations: ['domains']
|
|
29
|
-
})
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
const systemDomain: Domain = user.domains.find((domain: Domain) => domain.subdomain === 'system')
|
|
33
|
-
if (!systemDomain) {
|
|
34
|
-
return false
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
return systemDomain.owner === user.id
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
/*
|
|
41
|
-
* 현재 subdomain 과 user의 domain list와의 비교를 통해서,
|
|
42
|
-
* 인증 성공 또는 인증 에러를 발생시킬 것인지를 결정한다.
|
|
43
|
-
* 1. 현재 subdomain 이 결정되지 않은 경우.
|
|
44
|
-
* - checkin로 이동한다.
|
|
45
|
-
* 2. superUser 판단
|
|
46
|
-
* 3. 현재 subdomain 이 결정된 경우.
|
|
47
|
-
* - user의 domains 리스트에 해당 subdomain이 없다면, 인증 오류를 발생한다.
|
|
48
|
-
*/
|
|
49
|
-
|
|
50
|
-
export async function domainAuthenticateMiddleware(context: any, next: any) {
|
|
51
|
-
const { t } = context
|
|
52
|
-
const { domain, user } = context.state
|
|
53
|
-
|
|
54
|
-
const subdomain: string = domain?.subdomain
|
|
55
|
-
|
|
56
|
-
// 1. 현재 subdomain 이 결정되지 않은 경우.
|
|
57
|
-
// - checkin로 이동한다.
|
|
58
|
-
if (!subdomain) {
|
|
59
|
-
throw new AuthError({
|
|
60
|
-
errorCode: AuthError.ERROR_CODES.SUBDOMAIN_NOTFOUND
|
|
61
|
-
})
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
// 2. 현재 subdomain 이 결정된 경우.
|
|
65
|
-
const userDomains: Partial<Domain>[] = await getUserDomains(user)
|
|
66
|
-
if (userDomains.find(domain => domain.subdomain == subdomain) || (await process.superUserGranted(domain, user))) {
|
|
67
|
-
return await next()
|
|
68
|
-
}
|
|
69
|
-
|
|
70
|
-
throw new AuthError({
|
|
71
|
-
errorCode: AuthError.ERROR_CODES.SUBDOMAIN_NOTFOUND
|
|
72
|
-
})
|
|
73
|
-
}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { domainAuthenticateMiddleware } from './domain-authenticate-middleware'
|
|
2
|
-
import { jwtAuthenticateMiddleware } from './jwt-authenticate-middleware'
|
|
3
|
-
|
|
4
|
-
export async function graphqlAuthenticateMiddleware(context, next) {
|
|
5
|
-
const { method, path } = context
|
|
6
|
-
|
|
7
|
-
if (method == 'POST' && path.startsWith('/graphql')) {
|
|
8
|
-
await jwtAuthenticateMiddleware(context, () => {})
|
|
9
|
-
await domainAuthenticateMiddleware(context, () => {})
|
|
10
|
-
}
|
|
11
|
-
|
|
12
|
-
await next()
|
|
13
|
-
}
|
|
@@ -1,67 +0,0 @@
|
|
|
1
|
-
import session from 'koa-session'
|
|
2
|
-
import passport from 'koa-passport'
|
|
3
|
-
|
|
4
|
-
import { config } from '@things-factory/env'
|
|
5
|
-
import { SECRET } from '../utils/get-secret'
|
|
6
|
-
|
|
7
|
-
import { authenticate401Middleware } from './authenticate-401-middleware'
|
|
8
|
-
import { domainAuthenticateMiddleware } from './domain-authenticate-middleware'
|
|
9
|
-
import { graphqlAuthenticateMiddleware } from './graphql-authenticate-middleware'
|
|
10
|
-
import { jwtAuthenticateMiddleware } from './jwt-authenticate-middleware'
|
|
11
|
-
|
|
12
|
-
import { User } from '../service/user/user'
|
|
13
|
-
import { MAX_AGE } from '../constants/max-age'
|
|
14
|
-
|
|
15
|
-
const accessTokenCookieKey = config.get('accessTokenCookieKey', 'access_token')
|
|
16
|
-
|
|
17
|
-
export function initMiddlewares(app: any) {
|
|
18
|
-
/* oauth2orize-koa 에서 oauth 트랜잭션 관리를 위해서 session을 사용함. */
|
|
19
|
-
app.keys = [SECRET]
|
|
20
|
-
app.use(
|
|
21
|
-
session(
|
|
22
|
-
{
|
|
23
|
-
key: 'tfsession',
|
|
24
|
-
maxAge: MAX_AGE,
|
|
25
|
-
overwrite: true,
|
|
26
|
-
httpOnly: true,
|
|
27
|
-
signed: true,
|
|
28
|
-
rolling: false,
|
|
29
|
-
renew: false
|
|
30
|
-
},
|
|
31
|
-
app
|
|
32
|
-
)
|
|
33
|
-
)
|
|
34
|
-
|
|
35
|
-
passport.serializeUser((profile, done) => {
|
|
36
|
-
done(null, profile)
|
|
37
|
-
})
|
|
38
|
-
|
|
39
|
-
passport.deserializeUser(async (profile, done) => {
|
|
40
|
-
done(null, await User.checkAuth(profile))
|
|
41
|
-
})
|
|
42
|
-
|
|
43
|
-
/* passport initialize */
|
|
44
|
-
app.use(passport.initialize())
|
|
45
|
-
|
|
46
|
-
/* passport use session - for oauth transaction */
|
|
47
|
-
app.use(passport.session())
|
|
48
|
-
|
|
49
|
-
/* authentication error handling */
|
|
50
|
-
app.use(authenticate401Middleware)
|
|
51
|
-
|
|
52
|
-
/*
|
|
53
|
-
* post:graphql 에 대해서는 graphqlAuthenticationMiddleware를 적용한다.
|
|
54
|
-
* graphql app을 router에 적용하지 못하기 때문임.
|
|
55
|
-
*/
|
|
56
|
-
app.use(graphqlAuthenticateMiddleware)
|
|
57
|
-
}
|
|
58
|
-
|
|
59
|
-
process.on('bootstrap-module-subscription' as any, (app, subscriptionMiddleware) => {
|
|
60
|
-
subscriptionMiddleware.push(jwtAuthenticateMiddleware, domainAuthenticateMiddleware)
|
|
61
|
-
})
|
|
62
|
-
|
|
63
|
-
export * from './jwt-authenticate-middleware'
|
|
64
|
-
export * from './domain-authenticate-middleware'
|
|
65
|
-
export * from './signin-middleware'
|
|
66
|
-
export * from './webauthn-middleware'
|
|
67
|
-
export * from './authenticate-401-middleware'
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
import passport from 'koa-passport'
|
|
2
|
-
import { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'
|
|
3
|
-
|
|
4
|
-
import { config } from '@things-factory/env'
|
|
5
|
-
|
|
6
|
-
import { makeVerificationToken } from '../controllers/utils/make-verification-token'
|
|
7
|
-
import { saveVerificationToken } from '../controllers/utils/save-verification-token'
|
|
8
|
-
import { User, UserStatus } from '../service/user/user'
|
|
9
|
-
import { VerificationTokenType } from '../service/verification-token/verification-token'
|
|
10
|
-
import { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'
|
|
11
|
-
import { SECRET } from '../utils/get-secret'
|
|
12
|
-
|
|
13
|
-
const sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')
|
|
14
|
-
|
|
15
|
-
passport.use(
|
|
16
|
-
new JWTstrategy(
|
|
17
|
-
{
|
|
18
|
-
secretOrKey: SECRET,
|
|
19
|
-
passReqToCallback: true,
|
|
20
|
-
jwtFromRequest: ExtractJwt.fromExtractors([
|
|
21
|
-
ExtractJwt.fromAuthHeaderAsBearerToken(),
|
|
22
|
-
ExtractJwt.fromHeader('authorization'),
|
|
23
|
-
ExtractJwt.fromHeader('x-access-token'),
|
|
24
|
-
ExtractJwt.fromUrlQueryParameter('access_token'),
|
|
25
|
-
ExtractJwt.fromBodyField('access_token'),
|
|
26
|
-
req => {
|
|
27
|
-
var token = null
|
|
28
|
-
token = getAccessTokenCookie(req?.ctx)
|
|
29
|
-
return token
|
|
30
|
-
}
|
|
31
|
-
])
|
|
32
|
-
},
|
|
33
|
-
async (request, decoded, done) => {
|
|
34
|
-
try {
|
|
35
|
-
return done(null, decoded)
|
|
36
|
-
} catch (error) {
|
|
37
|
-
return done(error)
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
)
|
|
41
|
-
)
|
|
42
|
-
|
|
43
|
-
export async function jwtAuthenticateMiddleware(context, next) {
|
|
44
|
-
const { path } = context
|
|
45
|
-
const { user } = context.state
|
|
46
|
-
if (user) {
|
|
47
|
-
return await next()
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {
|
|
51
|
-
if (err || !decoded) {
|
|
52
|
-
const e = (context.state.error = err || info)
|
|
53
|
-
|
|
54
|
-
clearAccessTokenCookie(context)
|
|
55
|
-
|
|
56
|
-
context.throw(401, e.message)
|
|
57
|
-
} else {
|
|
58
|
-
const userEntity = await User.checkAuth(decoded)
|
|
59
|
-
|
|
60
|
-
if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {
|
|
61
|
-
try {
|
|
62
|
-
const token = makeVerificationToken()
|
|
63
|
-
await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)
|
|
64
|
-
clearAccessTokenCookie(context)
|
|
65
|
-
context.redirect(`/auth/reset-password?token=${token}`)
|
|
66
|
-
} catch (e) {
|
|
67
|
-
throw err
|
|
68
|
-
}
|
|
69
|
-
} else {
|
|
70
|
-
context.state.user = userEntity
|
|
71
|
-
context.state.decodedToken = decoded
|
|
72
|
-
|
|
73
|
-
if (sessionExpiryPolicy == 'rolling') {
|
|
74
|
-
/* To renew the expiry time on each request, a token is issued and the session is updated. */
|
|
75
|
-
|
|
76
|
-
const token = await userEntity.sign()
|
|
77
|
-
setAccessTokenCookie(context, token)
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
await next()
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
|
-
})(context, next)
|
|
84
|
-
}
|