npm - @things-factory/auth-base - Versions diffs - 8.0.5 → 9.0.0-beta.12 - Mend

@things-factory/auth-base 8.0.5 → 9.0.0-beta.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (493) hide show

package/server/middlewares/jwt-authenticate-middleware.ts DELETED Viewed

@@ -1,84 +0,0 @@
-import passport from 'koa-passport'
-import { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'
-import { config } from '@things-factory/env'
-import { makeVerificationToken } from '../controllers/utils/make-verification-token'
-import { saveVerificationToken } from '../controllers/utils/save-verification-token'
-import { User, UserStatus } from '../service/user/user'
-import { VerificationTokenType } from '../service/verification-token/verification-token'
-import { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'
-import { SECRET } from '../utils/get-secret'
-const sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')
-passport.use(
-  new JWTstrategy(
-    {
-      secretOrKey: SECRET,
-      passReqToCallback: true,
-      jwtFromRequest: ExtractJwt.fromExtractors([
-        ExtractJwt.fromAuthHeaderAsBearerToken(),
-        ExtractJwt.fromHeader('authorization'),
-        ExtractJwt.fromHeader('x-access-token'),
-        ExtractJwt.fromUrlQueryParameter('access_token'),
-        ExtractJwt.fromBodyField('access_token'),
-        req => {
-          var token = null
-          token = getAccessTokenCookie(req?.ctx)
-          return token
-        }
-      ])
-    },
-    async (request, decoded, done) => {
-      try {
-        return done(null, decoded)
-      } catch (error) {
-        return done(error)
-      }
-    }
-  )
-)
-export async function jwtAuthenticateMiddleware(context, next) {
-  const { path } = context
-  const { user } = context.state
-  if (user) {
-    return await next()
-  }
-  return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {
-    if (err || !decoded) {
-      const e = (context.state.error = err || info)
-      clearAccessTokenCookie(context)
-      context.throw(401, e.message)
-    } else {
-      const userEntity = await User.checkAuth(decoded)
-      if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {
-        try {
-          const token = makeVerificationToken()
-          await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)
-          clearAccessTokenCookie(context)
-          context.redirect(`/auth/reset-password?token=${token}`)
-        } catch (e) {
-          throw err
-        }
-      } else {
-        context.state.user = userEntity
-        context.state.decodedToken = decoded
-        if (sessionExpiryPolicy == 'rolling') {
-          /* To renew the expiry time on each request, a token is issued and the session is updated. */
-          const token = await userEntity.sign()
-          setAccessTokenCookie(context, token)
-        }
-        await next()
-      }
-    }
-  })(context, next)
-}

package/server/middlewares/signin-middleware.ts DELETED Viewed

@@ -1,55 +0,0 @@
-import passport from 'koa-passport'
-import { Strategy as localStrategy } from 'passport-local'
-import { signin } from '../controllers/signin'
-passport.use(
-  'signin',
-  new localStrategy(
-    {
-      usernameField: 'email',
-      passwordField: 'password'
-    },
-    async (email, password, done) => {
-      try {
-        const {
-          user: userInfo,
-          token,
-          domains
-        } = await signin({
-          email,
-          password
-        })
-        return done(
-          null,
-          {
-            user: userInfo,
-            token,
-            domains
-          },
-          {
-            message: 'Logged in Successfully'
-          }
-        )
-      } catch (error) {
-        return done(error)
-      }
-    }
-  )
-)
-export async function signinMiddleware(context, next) {
-  return passport.authenticate('signin', { session: false }, async (err, user, info) => {
-    if (err || !user) {
-      throw err
-    } else {
-      const { user: userInfo, token } = user
-      context.state.user = userInfo
-      context.state.token = token
-      await next()
-    }
-  })(context, next)
-}

package/server/middlewares/webauthn-middleware.ts DELETED Viewed

@@ -1,127 +0,0 @@
-import passport from 'koa-passport'
-import { Strategy as CustomStrategy } from 'passport-custom'
-import { getRepository } from '@things-factory/shell'
-import { User } from '../service/user/user'
-import { AuthError } from '../errors/auth-error'
-import { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential'
-import { verifyRegistrationResponse, verifyAuthenticationResponse } from '@simplewebauthn/server'
-import { AuthenticatorAssertionResponse } from '@simplewebauthn/types'
-passport.use(
-  'webauthn-register',
-  new CustomStrategy(async (context, done) => {
-    const { body, session, user, hostname, origin } = context as any
-    const challenge = session.challenge
-    const verification = await verifyRegistrationResponse({
-      response: body,
-      expectedChallenge: challenge,
-      expectedOrigin: origin,
-      expectedRPID: hostname,
-      expectedType: 'webauthn.create',
-      requireUserVerification: false
-    })
-    if (verification.verified) {
-      const { registrationInfo } = verification
-      const publicKey = Buffer.from(registrationInfo.credentialPublicKey).toString('base64')
-      if (user) {
-        const webAuthRepository = getRepository(WebAuthCredential)
-        await webAuthRepository.save({
-          user,
-          credentialId: registrationInfo.credentialID,
-          publicKey,
-          counter: registrationInfo.counter,
-          creator: user,
-          updater: user
-        })
-      }
-      return done(null, user)
-    } else {
-      return done(null, false)
-    }
-  })
-)
-passport.use(
-  'webauthn-login',
-  new CustomStrategy(async (context, done) => {
-    try {
-      const { body, session, origin, hostname } = context as any
-      const challenge = session.challenge
-      const assertionResponse = body as {
-        id: string
-        response: AuthenticatorAssertionResponse
-      }
-      const credential = await getRepository(WebAuthCredential).findOne({
-        where: {
-          credentialId: assertionResponse.id
-        },
-        relations: ['user']
-      })
-      if (!credential) {
-        return done(null, false)
-      }
-      const verification = await verifyAuthenticationResponse({
-        response: body,
-        expectedChallenge: challenge,
-        expectedOrigin: origin,
-        expectedRPID: hostname,
-        requireUserVerification: false,
-        authenticator: {
-          credentialID: credential.credentialId,
-          credentialPublicKey: new Uint8Array(Buffer.from(credential.publicKey, 'base64')),
-          counter: credential.counter
-        }
-      })
-      if (verification.verified) {
-        const { authenticationInfo } = verification
-        credential.counter = authenticationInfo.newCounter
-        await getRepository(WebAuthCredential).save(credential)
-        const user = credential.user
-        return done(null, user)
-      } else {
-        return done(verification, false)
-      }
-    } catch(error) {
-      return done(error, false)
-    }
-  })
-)
-export function createWebAuthnMiddleware(strategy: 'webauthn-register' | 'webauthn-login') {
-  return async function webAuthnMiddleware(context, next) {
-    return passport.authenticate(
-      strategy,
-      { session: true, failureMessage: true, failWithError: true },
-      async (err, user) => {
-        if (err || !user) {
-          throw new AuthError({
-            errorCode: AuthError.ERROR_CODES.AUTHN_VERIFICATION_FAILED,
-            detail: err
-          })
-        } else {
-          context.state.user = user
-          context.body = { user, verified: true }
-        }
-        await next()
-      }
-    )(context, next)
-  }
-}

package/server/migrations/1548206416130-SeedUser.ts DELETED Viewed

@@ -1,59 +0,0 @@
-import { ILike, MigrationInterface, QueryRunner } from 'typeorm'
-import { config, logger } from '@things-factory/env'
-import { Domain, getRepository } from '@things-factory/shell'
-import { User, UserStatus } from '../service/user/user'
-const ADMIN_ACCOUNT = config.get('adminAccount', {
-  name: 'Admin',
-  email: 'admin@hatiolab.com',
-  password: 'admin'
-})
-const SEED_USERS = [
-  {
-    ...ADMIN_ACCOUNT,
-    userType: 'user',
-    status: UserStatus.ACTIVATED
-  }
-]
-export class SeedUsers1548206416130 implements MigrationInterface {
-  public async up(queryRunner: QueryRunner): Promise<any> {
-    const userRepository = getRepository(User)
-    const domainRepository = getRepository(Domain)
-    const domain: Domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } })
-    try {
-      for (let i = 0; i < SEED_USERS.length; i++) {
-        const user = SEED_USERS[i]
-        const salt = User.generateSalt()
-        const password = User.encode(user.password, salt)
-        await userRepository.save({
-          ...user,
-          salt,
-          password,
-          domains: [domain]
-        })
-      }
-    } catch (e) {
-      logger.error(e)
-    }
-    const admin = await userRepository.findOne({ where: { email: ILike('admin@hatiolab.com') } })
-    domain.owner = admin.id
-    await domainRepository.save(domain)
-  }
-  public async down(queryRunner: QueryRunner): Promise<any> {
-    const repository = getRepository(User)
-    SEED_USERS.reverse().forEach(async user => {
-      let record = await repository.findOneBy({ email: ILike(user.email) })
-      await repository.remove(record)
-    })
-  }
-}

package/server/migrations/1566805283882-SeedPrivilege.ts DELETED Viewed

@@ -1,28 +0,0 @@
-import { MigrationInterface, QueryRunner } from 'typeorm'
-import { logger } from '@things-factory/env'
-import { getRepository } from '@things-factory/shell'
-import { Privilege } from '../service/privilege/privilege'
-export class SeedPrivilege1566805283882 implements MigrationInterface {
-  public async up(queryRunner: QueryRunner): Promise<any> {
-    const privilegeRepository = getRepository(Privilege)
-    const { schema } = require('@things-factory/shell/dist-server/schema')
-    await schema()
-    const privileges = process['PRIVILEGES']
-    try {
-      for (const [category, name] of Object.values(privileges as [string, string])) {
-        if (0 == (await privilegeRepository.count({ where: { category, name } }))) {
-          await privilegeRepository.save({ category, name })
-        }
-      }
-    } catch (e) {
-      logger.error(e)
-    }
-  }
-  public async down(queryRunner: QueryRunner): Promise<any> {}
-}

package/server/migrations/index.ts DELETED Viewed

@@ -1,9 +0,0 @@
-const glob = require('glob')
-const path = require('path')
-export var migrations = []
-glob.sync(path.resolve(__dirname, '.', '**', '*.js')).forEach(function(file) {
-  if (file.indexOf('index.js') !== -1) return
-  migrations = migrations.concat(Object.values(require(path.resolve(file))) || [])
-})

package/server/router/auth-checkin-router.ts DELETED Viewed

@@ -1,107 +0,0 @@
-import Router from 'koa-router'
-import { config } from '@things-factory/env'
-import { Domain, findSubdomainFromPath, getRedirectSubdomainPath } from '@things-factory/shell'
-import { LoginHistory } from '../service/login-history/login-history'
-import { User } from '../service/user/user'
-import { accepts } from '../utils/accepts'
-import { clearAccessTokenCookie } from '../utils/access-token-cookie'
-import { getUserDomains } from '../utils/get-user-domains'
-const domainType = config.get('domainType')
-export const authCheckinRouter = new Router()
-authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
-  const { request, t } = context
-  const header = request.header
-  const { user } = context.state
-  let { subdomain } = context.params
-  let domains: Partial<Domain>[] = await getUserDomains(user)
-  if (domainType) domains = domains.filter(d => d.extType == domainType)
-  if (!accepts(header.accept, ['text/html', '*/*'])) {
-    // When request expects non html response
-    try {
-      if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain
-      const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain
-      if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))
-      await checkIn(checkInDomain, null, context)
-      context.body = true
-    } catch (e) {
-      clearAccessTokenCookie(context)
-      throw e
-    }
-  } else {
-    // When request expects html response
-    const { redirect_to: redirectTo = '/' } = context.query
-    try {
-      let message: string
-      if (!subdomain) {
-        /* try to find domain from redirectTo path */
-        subdomain = findSubdomainFromPath(context, redirectTo)
-      }
-      let checkInDomain: Partial<Domain>
-      if (subdomain) {
-        checkInDomain = domains.find(d => d.subdomain == subdomain)
-        if (!checkInDomain) message = t('error.domain not allowed', { subdomain })
-      } else if (domains.length === 1) {
-        checkInDomain = domains[0]
-      }
-      if (checkInDomain) {
-        return await checkIn(checkInDomain, redirectTo, context)
-      }
-      await context.render('auth-page', {
-        pageElement: 'auth-checkin',
-        elementScript: '/auth/checkin.js',
-        data: {
-          user: { email: user.email, locale: user.locale, name: user.name, userType: user.userType },
-          domains,
-          domainType,
-          redirectTo,
-          message
-        }
-      })
-    } catch (e) {
-      clearAccessTokenCookie(context)
-      context.redirect(
-        `/auth/signin?email=${encodeURIComponent(user.email)}&redirect_to=${encodeURIComponent(redirectTo)}`
-      )
-    }
-  }
-})
-authCheckinRouter.get('/auth/domains', async context => {
-  const { user } = context.state
-  var domains = await getUserDomains(user)
-  if (domainType) {
-    domains = domains.filter(d => d.extType == domainType)
-  }
-  context.body = domains
-})
-async function checkIn(
-  checkInDomain: Partial<Domain>,
-  redirectTo: string | null,
-  context: ResolverContext
-): Promise<void> {
-  const { user }: { user: User } = context.state
-  const remoteAddress = context.req.headers['x-forwarded-for']
-  ? (context.req.headers['x-forwarded-for'] as string).split(',')[0].trim()
-  : context.req.connection.remoteAddress
-  await LoginHistory.stamp(checkInDomain, user, remoteAddress)
-  if (redirectTo) {
-    return context.redirect(getRedirectSubdomainPath(context, checkInDomain.subdomain, redirectTo))
-  }
-}

package/server/router/auth-private-process-router.ts DELETED Viewed

@@ -1,107 +0,0 @@
-import { ILike } from 'typeorm'
-import Router from 'koa-router'
-import { config } from '@things-factory/env'
-import { Domain, getRepository } from '@things-factory/shell'
-import { changePwd } from '../controllers/change-pwd'
-import { deleteUser } from '../controllers/delete-user'
-import { updateProfile } from '../controllers/profile'
-import { User } from '../service/user/user'
-import { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie'
-import { getUserDomains } from '../utils/get-user-domains'
-const domainType = config.get('domainType')
-const languages = config.get('i18n/languages') || []
-export const authPrivateProcessRouter = new Router({
-  prefix: '/auth'
-})
-authPrivateProcessRouter
-  .post('/change-pass', async (context, next) => {
-    const { t } = context
-    let { current_pass, new_pass, confirm_pass } = context.request.body
-    const token = await changePwd(context.state.user, current_pass, new_pass, confirm_pass, context)
-    context.body = t('text.password changed successfully')
-    setAccessTokenCookie(context, token)
-  })
-  .post('/update-profile', async (context, next) => {
-    const { i18next, t } = context
-    const newProfiles = context.request.body
-    await updateProfile(context.state.user, newProfiles)
-    if (newProfiles.locale) {
-      context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully')
-    } else {
-      context.body = t('text.profile changed successfully')
-    }
-  })
-  .post('/delete-user', async (context, next) => {
-    const { t, session } = context
-    var { user } = context.state
-    var { email: userEmail } = user
-    var { password, email } = context.request.body
-    const userRepo = getRepository(User)
-    const userInfo = await userRepo.findOne({
-      where: {
-        email: ILike(userEmail)
-      },
-      relations: ['domains']
-    })
-    if (email != userEmail || !User.verify(userInfo.password, password, userInfo.salt)) {
-      context.status = 401
-      context.body = t('error.user validation failed')
-      return
-    }
-    await deleteUser(user)
-    context.body = t('text.delete account succeed')
-    clearAccessTokenCookie(context)
-  })
-  .get('/profile', async (context, next) => {
-    const { t } = context
-    const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
-    if (!domain) {
-      context.status = 401
-      context.body = t('error.user validation failed')
-      return
-    }
-    let domains: Partial<Domain>[] = await getUserDomains(user)
-    domains = domains.filter((d: Domain) => d.extType == domainType)
-    var privileges = await User.getPrivilegesByDomain(user, domain)
-    if (prohibitedPrivileges) {
-      prohibitedPrivileges.forEach(({ category, privilege }) => {
-        privileges = privileges.filter(p => p.category != category || p.privilege != privilege)
-      })
-    }
-    context.body = {
-      user: {
-        email: user.email,
-        name: user.name,
-        userType: user.userType,
-        owner: await process.domainOwnerGranted(domain, user),
-        super: await process.superUserGranted(domain, user),
-        unsafeIP,
-        privileges
-      },
-      domains,
-      domain: domain && {
-        name: domain.name,
-        subdomain: domain.subdomain
-      },
-      languages
-    }
-  })