@things-factory/auth-base 9.0.0-beta.4 → 9.0.0-beta.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config.development.js +46 -0
- package/config/config.production.js +45 -0
- package/dist-client/auth.js +0 -3
- package/dist-client/auth.js.map +1 -1
- package/dist-client/bootstrap.d.ts +1 -1
- package/dist-client/bootstrap.js +4 -4
- package/dist-client/bootstrap.js.map +1 -1
- package/dist-client/directive/privileged.d.ts +1 -1
- package/dist-client/directive/privileged.js +1 -1
- package/dist-client/directive/privileged.js.map +1 -1
- package/dist-client/index.d.ts +4 -4
- package/dist-client/index.js +4 -4
- package/dist-client/index.js.map +1 -1
- package/dist-client/profiled.js +1 -1
- package/dist-client/profiled.js.map +1 -1
- package/dist-client/reducers/auth.js +1 -1
- package/dist-client/reducers/auth.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/controllers/auth.d.ts +5 -5
- package/dist-server/controllers/auth.js +5 -5
- package/dist-server/controllers/auth.js.map +1 -1
- package/dist-server/controllers/change-pwd.js +19 -19
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.js +4 -4
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.js +9 -9
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/invitation.js +19 -19
- package/dist-server/controllers/invitation.js.map +1 -1
- package/dist-server/controllers/profile.d.ts +5 -5
- package/dist-server/controllers/profile.js +10 -10
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.js +24 -24
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.d.ts +1 -1
- package/dist-server/controllers/signin.js +24 -24
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.d.ts +1 -1
- package/dist-server/controllers/signup.js +13 -13
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/controllers/unlock-user.js +17 -17
- package/dist-server/controllers/unlock-user.js.map +1 -1
- package/dist-server/controllers/utils/password-rule.js +4 -4
- package/dist-server/controllers/utils/password-rule.js.map +1 -1
- package/dist-server/controllers/utils/save-invitation-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-invitation-token.js +2 -2
- package/dist-server/controllers/utils/save-invitation-token.js.map +1 -1
- package/dist-server/controllers/utils/save-verification-token.d.ts +1 -1
- package/dist-server/controllers/utils/save-verification-token.js +3 -3
- package/dist-server/controllers/utils/save-verification-token.js.map +1 -1
- package/dist-server/controllers/verification.js +23 -23
- package/dist-server/controllers/verification.js.map +1 -1
- package/dist-server/errors/auth-error.js +1 -1
- package/dist-server/errors/auth-error.js.map +1 -1
- package/dist-server/errors/index.d.ts +2 -2
- package/dist-server/errors/index.js +2 -2
- package/dist-server/errors/index.js.map +1 -1
- package/dist-server/errors/user-domain-not-match-error.d.ts +1 -1
- package/dist-server/errors/user-domain-not-match-error.js +8 -8
- package/dist-server/errors/user-domain-not-match-error.js.map +1 -1
- package/dist-server/index.d.ts +16 -16
- package/dist-server/index.js +18 -18
- package/dist-server/index.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +11 -11
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/bypass-signin-middleware.d.ts +1 -0
- package/dist-server/middlewares/bypass-signin-middleware.js +20 -0
- package/dist-server/middlewares/bypass-signin-middleware.js.map +1 -0
- package/dist-server/middlewares/domain-authenticate-middleware.d.ts +1 -1
- package/dist-server/middlewares/domain-authenticate-middleware.js +9 -13
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/graphql-authenticate-middleware.js +4 -4
- package/dist-server/middlewares/graphql-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.d.ts +5 -5
- package/dist-server/middlewares/index.js +24 -19
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +15 -15
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/signin-middleware.js +2 -2
- package/dist-server/middlewares/signin-middleware.js.map +1 -1
- package/dist-server/middlewares/verify-recaptcha-middleware.d.ts +3 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js +95 -0
- package/dist-server/middlewares/verify-recaptcha-middleware.js.map +1 -0
- package/dist-server/middlewares/webauthn-middleware.js +7 -7
- package/dist-server/middlewares/webauthn-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js +6 -6
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/migrations/1566805283882-SeedPrivilege.js +2 -2
- package/dist-server/migrations/1566805283882-SeedPrivilege.js.map +1 -1
- package/dist-server/migrations/index.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +18 -17
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +27 -19
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-public-process-router.js +24 -24
- package/dist-server/router/auth-public-process-router.js.map +1 -1
- package/dist-server/router/auth-signin-router.js +6 -6
- package/dist-server/router/auth-signin-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +11 -8
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/index.d.ts +9 -9
- package/dist-server/router/index.js +9 -9
- package/dist-server/router/index.js.map +1 -1
- package/dist-server/router/oauth2/index.d.ts +2 -2
- package/dist-server/router/oauth2/index.js +2 -2
- package/dist-server/router/oauth2/index.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +6 -6
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.d.ts +1 -1
- package/dist-server/router/oauth2/oauth2-router.js +21 -21
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.js +21 -21
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/site-root-router.js +4 -4
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/router/webauthn-router.js +9 -9
- package/dist-server/router/webauthn-router.js.map +1 -1
- package/dist-server/routes.js +77 -51
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-mutation.js +4 -4
- package/dist-server/service/app-binding/app-binding-mutation.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-query.d.ts +4 -4
- package/dist-server/service/app-binding/app-binding-query.js +22 -22
- package/dist-server/service/app-binding/app-binding-query.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.d.ts +1 -1
- package/dist-server/service/app-binding/app-binding-types.js +2 -2
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.d.ts +2 -2
- package/dist-server/service/app-binding/app-binding.js +4 -4
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/app-binding/index.d.ts +2 -2
- package/dist-server/service/app-binding/index.js +3 -3
- package/dist-server/service/app-binding/index.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.d.ts +2 -2
- package/dist-server/service/appliance/appliance-mutation.js +21 -21
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-query.d.ts +3 -3
- package/dist-server/service/appliance/appliance-query.js +17 -17
- package/dist-server/service/appliance/appliance-query.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.d.ts +1 -1
- package/dist-server/service/appliance/appliance-types.js +2 -2
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.d.ts +1 -1
- package/dist-server/service/appliance/appliance.js +8 -8
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/appliance/index.d.ts +3 -3
- package/dist-server/service/appliance/index.js +5 -5
- package/dist-server/service/appliance/index.js.map +1 -1
- package/dist-server/service/application/application-mutation.d.ts +8 -8
- package/dist-server/service/application/application-mutation.js +20 -20
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-query.d.ts +2 -2
- package/dist-server/service/application/application-query.js +16 -16
- package/dist-server/service/application/application-query.js.map +1 -1
- package/dist-server/service/application/application-types.d.ts +1 -1
- package/dist-server/service/application/application-types.js +4 -4
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.d.ts +1 -1
- package/dist-server/service/application/application.js +12 -12
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/application/index.d.ts +3 -3
- package/dist-server/service/application/index.js +5 -5
- package/dist-server/service/application/index.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-mutation.d.ts +2 -2
- package/dist-server/service/auth-provider/auth-provider-mutation.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-query.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider-query.js +20 -20
- package/dist-server/service/auth-provider/auth-provider-query.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.d.ts +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.js +2 -2
- package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider.d.ts +3 -3
- package/dist-server/service/auth-provider/auth-provider.js +12 -12
- package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
- package/dist-server/service/auth-provider/index.d.ts +3 -3
- package/dist-server/service/auth-provider/index.js +5 -5
- package/dist-server/service/auth-provider/index.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +11 -11
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.d.ts +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.js +3 -3
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/domain-generator/index.d.ts +1 -1
- package/dist-server/service/domain-generator/index.js +2 -2
- package/dist-server/service/domain-generator/index.js.map +1 -1
- package/dist-server/service/domain-link/domain-link-mutation.d.ts +9 -0
- package/dist-server/service/domain-link/domain-link-mutation.js +116 -0
- package/dist-server/service/domain-link/domain-link-mutation.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-query.d.ts +11 -0
- package/dist-server/service/domain-link/domain-link-query.js +75 -0
- package/dist-server/service/domain-link/domain-link-query.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-types.d.ts +18 -0
- package/dist-server/service/domain-link/domain-link-types.js +66 -0
- package/dist-server/service/domain-link/domain-link-types.js.map +1 -0
- package/dist-server/service/domain-link/domain-link.d.ts +28 -0
- package/dist-server/service/domain-link/domain-link.js +105 -0
- package/dist-server/service/domain-link/domain-link.js.map +1 -0
- package/dist-server/service/domain-link/index.d.ts +6 -0
- package/dist-server/service/domain-link/index.js +10 -0
- package/dist-server/service/domain-link/index.js.map +1 -0
- package/dist-server/service/granted-role/granted-role-mutation.d.ts +3 -3
- package/dist-server/service/granted-role/granted-role-mutation.js +17 -17
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role-query.d.ts +2 -2
- package/dist-server/service/granted-role/granted-role-query.js +13 -13
- package/dist-server/service/granted-role/granted-role-query.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.d.ts +1 -1
- package/dist-server/service/granted-role/granted-role.js +3 -3
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/granted-role/index.d.ts +3 -3
- package/dist-server/service/granted-role/index.js +5 -5
- package/dist-server/service/granted-role/index.js.map +1 -1
- package/dist-server/service/index.d.ts +27 -25
- package/dist-server/service/index.js +75 -70
- package/dist-server/service/index.js.map +1 -1
- package/dist-server/service/invitation/index.d.ts +3 -3
- package/dist-server/service/invitation/index.js +5 -5
- package/dist-server/service/invitation/index.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.d.ts +2 -2
- package/dist-server/service/invitation/invitation-mutation.js +10 -10
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-query.d.ts +1 -1
- package/dist-server/service/invitation/invitation-query.js +7 -7
- package/dist-server/service/invitation/invitation-query.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.d.ts +1 -1
- package/dist-server/service/invitation/invitation-types.js +2 -2
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.d.ts +1 -1
- package/dist-server/service/invitation/invitation.js +5 -5
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/index.d.ts +2 -2
- package/dist-server/service/login-history/index.js +4 -4
- package/dist-server/service/login-history/index.js.map +1 -1
- package/dist-server/service/login-history/login-history-query.d.ts +3 -3
- package/dist-server/service/login-history/login-history-query.js +11 -11
- package/dist-server/service/login-history/login-history-query.js.map +1 -1
- package/dist-server/service/login-history/login-history-type.d.ts +1 -1
- package/dist-server/service/login-history/login-history-type.js +2 -2
- package/dist-server/service/login-history/login-history-type.js.map +1 -1
- package/dist-server/service/login-history/login-history.d.ts +1 -1
- package/dist-server/service/login-history/login-history.js +4 -4
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/index.d.ts +3 -3
- package/dist-server/service/partner/index.js +5 -5
- package/dist-server/service/partner/index.js.map +1 -1
- package/dist-server/service/partner/partner-mutation.js +8 -8
- package/dist-server/service/partner/partner-mutation.js.map +1 -1
- package/dist-server/service/partner/partner-query.d.ts +3 -3
- package/dist-server/service/partner/partner-query.js +17 -17
- package/dist-server/service/partner/partner-query.js.map +1 -1
- package/dist-server/service/partner/partner-types.d.ts +1 -1
- package/dist-server/service/partner/partner-types.js +2 -2
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.d.ts +1 -1
- package/dist-server/service/partner/partner.js +5 -5
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/index.d.ts +1 -1
- package/dist-server/service/password-history/index.js +2 -2
- package/dist-server/service/password-history/index.js.map +1 -1
- package/dist-server/service/privilege/index.d.ts +3 -3
- package/dist-server/service/privilege/index.js +5 -5
- package/dist-server/service/privilege/index.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +2 -2
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.d.ts +2 -2
- package/dist-server/service/privilege/privilege-mutation.js +15 -15
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege-query.d.ts +4 -4
- package/dist-server/service/privilege/privilege-query.js +20 -20
- package/dist-server/service/privilege/privilege-query.js.map +1 -1
- package/dist-server/service/privilege/privilege-types.d.ts +1 -1
- package/dist-server/service/privilege/privilege-types.js +2 -2
- package/dist-server/service/privilege/privilege-types.js.map +1 -1
- package/dist-server/service/privilege/privilege.d.ts +2 -2
- package/dist-server/service/privilege/privilege.js +10 -10
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/index.d.ts +3 -3
- package/dist-server/service/role/index.js +5 -5
- package/dist-server/service/role/index.js.map +1 -1
- package/dist-server/service/role/role-mutation.d.ts +2 -2
- package/dist-server/service/role/role-mutation.js +19 -19
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.d.ts +4 -4
- package/dist-server/service/role/role-query.js +29 -29
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.d.ts +1 -1
- package/dist-server/service/role/role-types.js +2 -2
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.d.ts +2 -2
- package/dist-server/service/role/role.js +12 -12
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/domain-query.d.ts +1 -1
- package/dist-server/service/user/domain-query.js +3 -3
- package/dist-server/service/user/domain-query.js.map +1 -1
- package/dist-server/service/user/index.d.ts +4 -4
- package/dist-server/service/user/index.js +6 -6
- package/dist-server/service/user/index.js.map +1 -1
- package/dist-server/service/user/user-mutation.d.ts +3 -3
- package/dist-server/service/user/user-mutation.js +42 -42
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.d.ts +3 -3
- package/dist-server/service/user/user-query.js +21 -21
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.d.ts +1 -1
- package/dist-server/service/user/user-types.js +2 -2
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +3 -3
- package/dist-server/service/user/user.js +40 -40
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/users-auth-providers/index.d.ts +1 -1
- package/dist-server/service/users-auth-providers/index.js +2 -2
- package/dist-server/service/users-auth-providers/index.js.map +1 -1
- package/dist-server/service/users-auth-providers/users-auth-providers.d.ts +2 -2
- package/dist-server/service/users-auth-providers/users-auth-providers.js +8 -8
- package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
- package/dist-server/service/verification-token/index.d.ts +1 -1
- package/dist-server/service/verification-token/index.js +2 -2
- package/dist-server/service/verification-token/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/index.d.ts +1 -1
- package/dist-server/service/web-auth-credential/index.js +2 -2
- package/dist-server/service/web-auth-credential/index.js.map +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.d.ts +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.js +10 -10
- package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/types.d.ts +1 -1
- package/dist-server/types.js.map +1 -1
- package/dist-server/utils/access-token-cookie.js +2 -11
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-permission.d.ts +2 -2
- package/dist-server/utils/check-permission.js +3 -3
- package/dist-server/utils/check-permission.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.d.ts +1 -1
- package/dist-server/utils/check-user-belongs-domain.js +2 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/check-user-has-role.d.ts +1 -1
- package/dist-server/utils/check-user-has-role.js +2 -2
- package/dist-server/utils/check-user-has-role.js.map +1 -1
- package/dist-server/utils/get-domain-users.d.ts +1 -1
- package/dist-server/utils/get-domain-users.js +2 -2
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-user-domains.d.ts +2 -3
- package/dist-server/utils/get-user-domains.js +30 -26
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/helps/config/recaptcha.ja.md +49 -0
- package/helps/config/recaptcha.ko.md +49 -0
- package/helps/config/recaptcha.md +49 -0
- package/helps/config/recaptcha.ms.md +49 -0
- package/helps/config/recaptcha.zh.md +49 -0
- package/package.json +7 -6
- package/dist-server/utils/get-domain-from-hostname.d.ts +0 -1
- package/dist-server/utils/get-domain-from-hostname.js +0 -9
- package/dist-server/utils/get-domain-from-hostname.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/jwt-authenticate-middleware.ts"],"names":[],"mappings":";;AA0CA,8DAyCC;;AAnFD,wEAAmC;AACnC,+CAAkE;AAElE,6CAA4C;AAE5C,
|
|
1
|
+
{"version":3,"file":"jwt-authenticate-middleware.js","sourceRoot":"","sources":["../../server/middlewares/jwt-authenticate-middleware.ts"],"names":[],"mappings":";;AA0CA,8DAyCC;;AAnFD,wEAAmC;AACnC,+CAAkE;AAElE,6CAA4C;AAE5C,gGAAuF;AACvF,gGAAuF;AACvF,qDAA0D;AAC1D,+FAA2F;AAC3F,4EAAoH;AACpH,0DAA+C;AAE/C,MAAM,mBAAmB,GAAG,YAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAA;AAEvE,sBAAQ,CAAC,GAAG,CACV,IAAI,uBAAW,CACb;IACE,WAAW,EAAE,sBAAM;IACnB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,yBAAU,CAAC,cAAc,CAAC;QACxC,yBAAU,CAAC,2BAA2B,EAAE;QACxC,yBAAU,CAAC,UAAU,CAAC,eAAe,CAAC;QACtC,yBAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;QACvC,yBAAU,CAAC,qBAAqB,CAAC,cAAc,CAAC;QAChD,yBAAU,CAAC,aAAa,CAAC,cAAc,CAAC;QACxC,GAAG,CAAC,EAAE;YACJ,IAAI,KAAK,GAAG,IAAI,CAAA;YAChB,KAAK,GAAG,IAAA,6CAAoB,EAAC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,CAAC,CAAA;YACtC,OAAO,KAAK,CAAA;QACd,CAAC;KACF,CAAC;CACH,EACD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IACxB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,MAAM,IAAI,EAAE,CAAA;IACrB,CAAC;IAED,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,IAAI,IAAI,CAAC,CAAA;YAE7C,IAAA,+CAAsB,EAAC,OAAO,CAAC,CAAA;YAE/B,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,MAAM,cAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;YAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,oBAAU,CAAC,kBAAkB,EAAE,CAAC;gBACxD,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAA,kDAAqB,GAAE,CAAA;oBACrC,MAAM,IAAA,kDAAqB,EAAC,UAAU,CAAC,EAAE,EAAE,KAAK,EAAE,6CAAqB,CAAC,cAAc,CAAC,CAAA;oBACvF,IAAA,+CAAsB,EAAC,OAAO,CAAC,CAAA;oBAC/B,OAAO,CAAC,QAAQ,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAA;gBACzD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,UAAU,CAAA;gBAC/B,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,OAAO,CAAA;gBAEpC,IAAI,mBAAmB,IAAI,SAAS,EAAE,CAAC;oBACrC,6FAA6F;oBAE7F,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAA;oBACrC,IAAA,6CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBACtC,CAAC;gBAED,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC","sourcesContent":["import passport from 'koa-passport'\nimport { ExtractJwt, Strategy as JWTstrategy } from 'passport-jwt'\n\nimport { config } from '@things-factory/env'\n\nimport { makeVerificationToken } from '../controllers/utils/make-verification-token.js'\nimport { saveVerificationToken } from '../controllers/utils/save-verification-token.js'\nimport { User, UserStatus } from '../service/user/user.js'\nimport { VerificationTokenType } from '../service/verification-token/verification-token.js'\nimport { clearAccessTokenCookie, getAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie.js'\nimport { SECRET } from '../utils/get-secret.js'\n\nconst sessionExpiryPolicy = config.get('session/expiryPolicy', 'fixed')\n\npassport.use(\n new JWTstrategy(\n {\n secretOrKey: SECRET,\n passReqToCallback: true,\n jwtFromRequest: ExtractJwt.fromExtractors([\n ExtractJwt.fromAuthHeaderAsBearerToken(),\n ExtractJwt.fromHeader('authorization'),\n ExtractJwt.fromHeader('x-access-token'),\n ExtractJwt.fromUrlQueryParameter('access_token'),\n ExtractJwt.fromBodyField('access_token'),\n req => {\n var token = null\n token = getAccessTokenCookie(req?.ctx)\n return token\n }\n ])\n },\n async (request, decoded, done) => {\n try {\n return done(null, decoded)\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function jwtAuthenticateMiddleware(context, next) {\n const { path } = context\n const { user } = context.state\n if (user) {\n return await next()\n }\n\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (err || !decoded) {\n const e = (context.state.error = err || info)\n\n clearAccessTokenCookie(context)\n\n context.throw(401, e.message)\n } else {\n const userEntity = await User.checkAuth(decoded)\n\n if (userEntity.status === UserStatus.PWD_RESET_REQUIRED) {\n try {\n const token = makeVerificationToken()\n await saveVerificationToken(userEntity.id, token, VerificationTokenType.PASSWORD_RESET)\n clearAccessTokenCookie(context)\n context.redirect(`/auth/reset-password?token=${token}`)\n } catch (e) {\n throw err\n }\n } else {\n context.state.user = userEntity\n context.state.decodedToken = decoded\n\n if (sessionExpiryPolicy == 'rolling') {\n /* To renew the expiry time on each request, a token is issued and the session is updated. */\n\n const token = await userEntity.sign()\n setAccessTokenCookie(context, token)\n }\n\n await next()\n }\n }\n })(context, next)\n}\n"]}
|
|
@@ -4,14 +4,14 @@ exports.signinMiddleware = signinMiddleware;
|
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
|
|
6
6
|
const passport_local_1 = require("passport-local");
|
|
7
|
-
const
|
|
7
|
+
const signin_js_1 = require("../controllers/signin.js");
|
|
8
8
|
koa_passport_1.default.use('signin', new passport_local_1.Strategy({
|
|
9
9
|
usernameField: 'username',
|
|
10
10
|
passwordField: 'password',
|
|
11
11
|
passReqToCallback: true
|
|
12
12
|
}, async (req, username, password, done) => {
|
|
13
13
|
try {
|
|
14
|
-
const { user: userInfo, token, domains } = await (0,
|
|
14
|
+
const { user: userInfo, token, domains } = await (0, signin_js_1.signin)({
|
|
15
15
|
username,
|
|
16
16
|
password
|
|
17
17
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signin-middleware.js","sourceRoot":"","sources":["../../server/middlewares/signin-middleware.ts"],"names":[],"mappings":";;AA0CA,4CAaC;;AAvDD,wEAAmC;AACnC,mDAA0D;AAE1D,
|
|
1
|
+
{"version":3,"file":"signin-middleware.js","sourceRoot":"","sources":["../../server/middlewares/signin-middleware.ts"],"names":[],"mappings":";;AA0CA,4CAaC;;AAvDD,wEAAmC;AACnC,mDAA0D;AAE1D,wDAAiD;AAEjD,sBAAQ,CAAC,GAAG,CACV,QAAQ,EACR,IAAI,yBAAa,CACf;IACE,aAAa,EAAE,UAAU;IACzB,aAAa,EAAE,UAAU;IACzB,iBAAiB,EAAE,IAAI;CACxB,EACD,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;IACtC,IAAI,CAAC;QACH,MAAM,EACJ,IAAI,EAAE,QAAQ,EACd,KAAK,EACL,OAAO,EACR,GAAG,MAAM,IAAA,kBAAM,EAAC;YACf,QAAQ;YACR,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,IAAI,CACT,IAAI,EACJ;YACE,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,OAAO;SACR,EACD;YACE,OAAO,EAAE,wBAAwB;SAClC,CACF,CAAA;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;AACH,CAAC,CACF,CACF,CAAA;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAAO,EAAE,IAAI;IAClD,OAAO,sBAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;QACnF,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,GAAG,CAAA;QACX,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAEtC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAA;YAC7B,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;YAE3B,MAAM,IAAI,EAAE,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as localStrategy } from 'passport-local'\n\nimport { signin } from '../controllers/signin.js'\n\npassport.use(\n 'signin',\n new localStrategy(\n {\n usernameField: 'username',\n passwordField: 'password',\n passReqToCallback: true\n },\n async (req, username, password, done) => {\n try {\n const {\n user: userInfo,\n token,\n domains\n } = await signin({\n username,\n password\n })\n\n return done(\n null,\n {\n user: userInfo,\n token,\n domains\n },\n {\n message: 'Logged in Successfully'\n }\n )\n } catch (error) {\n return done(error)\n }\n }\n )\n)\n\nexport async function signinMiddleware(context, next) {\n return passport.authenticate('signin', { session: false }, async (err, user, info) => {\n if (err || !user) {\n throw err\n } else {\n const { user: userInfo, token } = user\n\n context.state.user = userInfo\n context.state.token = token\n\n await next()\n }\n })(context, next)\n}\n"]}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.verifyRecaptcaMiddleware = verifyRecaptcaMiddleware;
|
|
4
|
+
const recaptcha_enterprise_1 = require("@google-cloud/recaptcha-enterprise");
|
|
5
|
+
const env_1 = require("@things-factory/env");
|
|
6
|
+
const recaptchaConfig = env_1.config.get('recaptcha') || {};
|
|
7
|
+
const { serviceAccount, siteKey } = recaptchaConfig || {};
|
|
8
|
+
var client, projectPath;
|
|
9
|
+
if (serviceAccount) {
|
|
10
|
+
try {
|
|
11
|
+
env_1.logger.info('creating reCAPTCHA service client...');
|
|
12
|
+
client = new recaptcha_enterprise_1.RecaptchaEnterpriseServiceClient({
|
|
13
|
+
projectId: serviceAccount.project_id,
|
|
14
|
+
credentials: serviceAccount
|
|
15
|
+
});
|
|
16
|
+
projectPath = client.projectPath(serviceAccount.project_id);
|
|
17
|
+
env_1.logger.info('reCAPTCHA service client created');
|
|
18
|
+
}
|
|
19
|
+
catch (err) {
|
|
20
|
+
env_1.logger.error('incorrect reCAPTCHA configuration');
|
|
21
|
+
env_1.logger.error(err);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Creates an assessment to analyze the risk of a UI action.
|
|
26
|
+
*
|
|
27
|
+
* projectID: The Google Cloud project ID.
|
|
28
|
+
* token: The generated token obtained from the client.
|
|
29
|
+
* recaptchaAction: The action name corresponding to the token.
|
|
30
|
+
*/
|
|
31
|
+
async function createReCaptchaAssessment({ token, recaptchaAction }) {
|
|
32
|
+
// Create the assessment request.
|
|
33
|
+
const request = {
|
|
34
|
+
assessment: {
|
|
35
|
+
event: {
|
|
36
|
+
token: token,
|
|
37
|
+
siteKey
|
|
38
|
+
}
|
|
39
|
+
},
|
|
40
|
+
parent: projectPath
|
|
41
|
+
};
|
|
42
|
+
const [response] = await client.createAssessment(request);
|
|
43
|
+
// Verify if the token is valid.
|
|
44
|
+
if (!response.tokenProperties.valid) {
|
|
45
|
+
console.log(`The CreateAssessment call failed because the token was: ${response.tokenProperties.invalidReason}`);
|
|
46
|
+
return null;
|
|
47
|
+
}
|
|
48
|
+
if (response.tokenProperties.action === recaptchaAction) {
|
|
49
|
+
// Get the risk score and reasons.
|
|
50
|
+
// For more details on interpreting the assessment, see:
|
|
51
|
+
// https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
|
|
52
|
+
console.log(`The reCAPTCHA score is: ${response.riskAnalysis.score}`);
|
|
53
|
+
response.riskAnalysis.reasons.forEach(reason => {
|
|
54
|
+
console.log(reason);
|
|
55
|
+
});
|
|
56
|
+
return response.riskAnalysis.score;
|
|
57
|
+
}
|
|
58
|
+
else {
|
|
59
|
+
console.log('The action attribute in your reCAPTCHA tag does not match the action you are expecting to score');
|
|
60
|
+
return null;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
function verifyRecaptcaMiddleware({ action }) {
|
|
64
|
+
return async (context, next) => {
|
|
65
|
+
if (!client) {
|
|
66
|
+
if (siteKey) {
|
|
67
|
+
console.error(`The RecaptchaEnterpriseServiceClient creation failed. Please check the service account configuration.`);
|
|
68
|
+
}
|
|
69
|
+
await next();
|
|
70
|
+
return;
|
|
71
|
+
}
|
|
72
|
+
const { 'recaptcha-response': recaptchaToken } = context.request.body;
|
|
73
|
+
// Handle error if token does not exist
|
|
74
|
+
if (!recaptchaToken) {
|
|
75
|
+
context.status = 400;
|
|
76
|
+
context.body = { message: 'reCAPTCHA token is required' };
|
|
77
|
+
return;
|
|
78
|
+
}
|
|
79
|
+
// Google reCAPTCHA assessment request
|
|
80
|
+
const score = await createReCaptchaAssessment({
|
|
81
|
+
token: recaptchaToken,
|
|
82
|
+
recaptchaAction: action
|
|
83
|
+
});
|
|
84
|
+
if (score === null || score < 0.5) {
|
|
85
|
+
// Treat as spam if the score is low
|
|
86
|
+
context.status = 400;
|
|
87
|
+
context.body = { message: 'Spam behavior detected. Please try again.' };
|
|
88
|
+
return;
|
|
89
|
+
}
|
|
90
|
+
// Continue processing the request if the score is valid
|
|
91
|
+
console.log(`reCAPTCHA score: ${score}`);
|
|
92
|
+
await next();
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
//# sourceMappingURL=verify-recaptcha-middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-recaptcha-middleware.js","sourceRoot":"","sources":["../../server/middlewares/verify-recaptcha-middleware.ts"],"names":[],"mappings":";;AAqEA,4DAwCC;AA7GD,6EAAqF;AACrF,6CAAoD;AAEpD,MAAM,eAAe,GAAG,YAAM,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAA;AACrD,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,eAAe,IAAI,EAAE,CAAA;AAEzD,IAAI,MAAM,EAAE,WAAW,CAAA;AAEvB,IAAI,cAAc,EAAE,CAAC;IACnB,IAAI,CAAC;QACH,YAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAA;QAEnD,MAAM,GAAG,IAAI,uDAAgC,CAAC;YAC5C,SAAS,EAAE,cAAc,CAAC,UAAU;YACpC,WAAW,EAAE,cAAc;SAC5B,CAAC,CAAA;QAEF,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,UAAU,CAAC,CAAA;QAE3D,YAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;IACjD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,YAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;QACjD,YAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACnB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,yBAAyB,CAAC,EAAE,KAAK,EAAE,eAAe,EAA8C;IAC7G,iCAAiC;IACjC,MAAM,OAAO,GAAG;QACd,UAAU,EAAE;YACV,KAAK,EAAE;gBACL,KAAK,EAAE,KAAK;gBACZ,OAAO;aACR;SACF;QACD,MAAM,EAAE,WAAW;KACpB,CAAA;IAED,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAA;IAEzD,gCAAgC;IAChC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,2DAA2D,QAAQ,CAAC,eAAe,CAAC,aAAa,EAAE,CAAC,CAAA;QAChH,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QACxD,kCAAkC;QAClC,wDAAwD;QACxD,0EAA0E;QAC1E,OAAO,CAAC,GAAG,CAAC,2BAA2B,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC,CAAA;QACrE,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YAC7C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrB,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAA;IACpC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,iGAAiG,CAAC,CAAA;QAC9G,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAgB,wBAAwB,CAAC,EAAE,MAAM,EAAsB;IACrE,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC7B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CACX,uGAAuG,CACxG,CAAA;YACH,CAAC;YAED,MAAM,IAAI,EAAE,CAAA;YACZ,OAAM;QACR,CAAC;QAED,MAAM,EAAE,oBAAoB,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAErE,uCAAuC;QACvC,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACpB,OAAO,CAAC,IAAI,GAAG,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAA;YACzD,OAAM;QACR,CAAC;QAED,sCAAsC;QACtC,MAAM,KAAK,GAAG,MAAM,yBAAyB,CAAC;YAC5C,KAAK,EAAE,cAAc;YACrB,eAAe,EAAE,MAAM;SACxB,CAAC,CAAA;QAEF,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;YAClC,oCAAoC;YACpC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;YACpB,OAAO,CAAC,IAAI,GAAG,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAA;YACvE,OAAM;QACR,CAAC;QAED,wDAAwD;QACxD,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAA;QAExC,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC","sourcesContent":["import { RecaptchaEnterpriseServiceClient } from '@google-cloud/recaptcha-enterprise'\nimport { config, logger } from '@things-factory/env'\n\nconst recaptchaConfig = config.get('recaptcha') || {}\nconst { serviceAccount, siteKey } = recaptchaConfig || {}\n\nvar client, projectPath\n\nif (serviceAccount) {\n try {\n logger.info('creating reCAPTCHA service client...')\n\n client = new RecaptchaEnterpriseServiceClient({\n projectId: serviceAccount.project_id,\n credentials: serviceAccount\n })\n\n projectPath = client.projectPath(serviceAccount.project_id)\n\n logger.info('reCAPTCHA service client created')\n } catch (err) {\n logger.error('incorrect reCAPTCHA configuration')\n logger.error(err)\n }\n}\n\n/**\n * Creates an assessment to analyze the risk of a UI action.\n *\n * projectID: The Google Cloud project ID.\n * token: The generated token obtained from the client.\n * recaptchaAction: The action name corresponding to the token.\n */\nasync function createReCaptchaAssessment({ token, recaptchaAction }: { token: string; recaptchaAction: string }) {\n // Create the assessment request.\n const request = {\n assessment: {\n event: {\n token: token,\n siteKey\n }\n },\n parent: projectPath\n }\n\n const [response] = await client.createAssessment(request)\n\n // Verify if the token is valid.\n if (!response.tokenProperties.valid) {\n console.log(`The CreateAssessment call failed because the token was: ${response.tokenProperties.invalidReason}`)\n return null\n }\n\n if (response.tokenProperties.action === recaptchaAction) {\n // Get the risk score and reasons.\n // For more details on interpreting the assessment, see:\n // https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment\n console.log(`The reCAPTCHA score is: ${response.riskAnalysis.score}`)\n response.riskAnalysis.reasons.forEach(reason => {\n console.log(reason)\n })\n\n return response.riskAnalysis.score\n } else {\n console.log('The action attribute in your reCAPTCHA tag does not match the action you are expecting to score')\n return null\n }\n}\n\nexport function verifyRecaptcaMiddleware({ action }: { action: string }) {\n return async (context, next) => {\n if (!client) {\n if (siteKey) {\n console.error(\n `The RecaptchaEnterpriseServiceClient creation failed. Please check the service account configuration.`\n )\n }\n\n await next()\n return\n }\n\n const { 'recaptcha-response': recaptchaToken } = context.request.body\n\n // Handle error if token does not exist\n if (!recaptchaToken) {\n context.status = 400\n context.body = { message: 'reCAPTCHA token is required' }\n return\n }\n\n // Google reCAPTCHA assessment request\n const score = await createReCaptchaAssessment({\n token: recaptchaToken,\n recaptchaAction: action\n })\n\n if (score === null || score < 0.5) {\n // Treat as spam if the score is low\n context.status = 400\n context.body = { message: 'Spam behavior detected. Please try again.' }\n return\n }\n\n // Continue processing the request if the score is valid\n console.log(`reCAPTCHA score: ${score}`)\n\n await next()\n }\n}\n"]}
|
|
@@ -5,8 +5,8 @@ const tslib_1 = require("tslib");
|
|
|
5
5
|
const koa_passport_1 = tslib_1.__importDefault(require("koa-passport"));
|
|
6
6
|
const passport_custom_1 = require("passport-custom");
|
|
7
7
|
const shell_1 = require("@things-factory/shell");
|
|
8
|
-
const
|
|
9
|
-
const
|
|
8
|
+
const auth_error_js_1 = require("../errors/auth-error.js");
|
|
9
|
+
const web_auth_credential_js_1 = require("../service/web-auth-credential/web-auth-credential.js");
|
|
10
10
|
const server_1 = require("@simplewebauthn/server");
|
|
11
11
|
koa_passport_1.default.use('webauthn-register', new passport_custom_1.Strategy(async (context, done) => {
|
|
12
12
|
const { body, session, user, hostname, origin } = context;
|
|
@@ -26,7 +26,7 @@ koa_passport_1.default.use('webauthn-register', new passport_custom_1.Strategy(a
|
|
|
26
26
|
return done(null, false);
|
|
27
27
|
}
|
|
28
28
|
if (user) {
|
|
29
|
-
const webAuthRepository = (0, shell_1.getRepository)(
|
|
29
|
+
const webAuthRepository = (0, shell_1.getRepository)(web_auth_credential_js_1.WebAuthCredential);
|
|
30
30
|
await webAuthRepository.save({
|
|
31
31
|
user,
|
|
32
32
|
credentialId: registrationInfo.credential.id,
|
|
@@ -47,7 +47,7 @@ koa_passport_1.default.use('webauthn-login', new passport_custom_1.Strategy(asyn
|
|
|
47
47
|
const { body, session, origin, hostname } = context;
|
|
48
48
|
const challenge = session.challenge;
|
|
49
49
|
const assertionResponse = body;
|
|
50
|
-
const credential = await (0, shell_1.getRepository)(
|
|
50
|
+
const credential = await (0, shell_1.getRepository)(web_auth_credential_js_1.WebAuthCredential).findOne({
|
|
51
51
|
where: {
|
|
52
52
|
credentialId: assertionResponse.id
|
|
53
53
|
},
|
|
@@ -71,7 +71,7 @@ koa_passport_1.default.use('webauthn-login', new passport_custom_1.Strategy(asyn
|
|
|
71
71
|
if (verification.verified) {
|
|
72
72
|
const { authenticationInfo } = verification;
|
|
73
73
|
credential.counter = authenticationInfo.newCounter;
|
|
74
|
-
await (0, shell_1.getRepository)(
|
|
74
|
+
await (0, shell_1.getRepository)(web_auth_credential_js_1.WebAuthCredential).save(credential);
|
|
75
75
|
const user = credential.user;
|
|
76
76
|
return done(null, user);
|
|
77
77
|
}
|
|
@@ -87,8 +87,8 @@ function createWebAuthnMiddleware(strategy) {
|
|
|
87
87
|
return async function webAuthnMiddleware(context, next) {
|
|
88
88
|
return koa_passport_1.default.authenticate(strategy, { session: true, failureMessage: true, failWithError: true }, async (err, user) => {
|
|
89
89
|
if (err || !user) {
|
|
90
|
-
throw new
|
|
91
|
-
errorCode:
|
|
90
|
+
throw new auth_error_js_1.AuthError({
|
|
91
|
+
errorCode: auth_error_js_1.AuthError.ERROR_CODES.AUTHN_VERIFICATION_FAILED,
|
|
92
92
|
detail: err
|
|
93
93
|
});
|
|
94
94
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;AA4GA,4DAqBC;;AAjID,wEAAmC;AACnC,qDAA4D;AAE5D,iDAAqD;AAErD,
|
|
1
|
+
{"version":3,"file":"webauthn-middleware.js","sourceRoot":"","sources":["../../server/middlewares/webauthn-middleware.ts"],"names":[],"mappings":";;AA4GA,4DAqBC;;AAjID,wEAAmC;AACnC,qDAA4D;AAE5D,iDAAqD;AAErD,2DAAmD;AAEnD,kGAAyF;AACzF,mDAI+B;AAE/B,sBAAQ,CAAC,GAAG,CACV,mBAAmB,EACnB,IAAI,0BAAc,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAc,CAAA;IAEhE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAEnC,MAAM,YAAY,GAAG,MAAM,IAAA,mCAA0B,EAAC;QACpD,QAAQ,EAAE,IAAI;QACd,iBAAiB,EAAE,SAAS;QAC5B,cAAc,EAAE,MAAM;QACtB,YAAY,EAAE,QAAQ;QACtB,YAAY,EAAE,iBAAiB;QAC/B,uBAAuB,EAAE,KAAK;KAC/B,CAAC,CAAA;IAEF,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAA;QACzC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QACvF,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC1B,CAAC;QACD,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAA;YAC1D,MAAM,iBAAiB,CAAC,IAAI,CAAC;gBAC3B,IAAI;gBACJ,YAAY,EAAE,gBAAgB,CAAC,UAAU,CAAC,EAAE;gBAC5C,SAAS;gBACT,OAAO,EAAE,gBAAgB,CAAC,UAAU,CAAC,OAAO;gBAC5C,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,IAAI;aACd,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;IAC1B,CAAC;AACH,CAAC,CAAC,CACH,CAAA;AAED,sBAAQ,CAAC,GAAG,CACV,gBAAgB,EAChB,IAAI,0BAAc,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzC,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAc,CAAA;QAE1D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;QAEnC,MAAM,iBAAiB,GAAG,IAGzB,CAAA;QAED,MAAM,UAAU,GAAG,MAAM,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAC,OAAO,CAAC;YAChE,KAAK,EAAE;gBACL,YAAY,EAAE,iBAAiB,CAAC,EAAE;aACnC;YACD,SAAS,EAAE,CAAC,MAAM,CAAC;SACpB,CAAC,CAAA;QAEF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC1B,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAA,qCAA4B,EAAC;YACtD,QAAQ,EAAE,IAAI;YACd,iBAAiB,EAAE,SAAS;YAC5B,cAAc,EAAE,MAAM;YACtB,YAAY,EAAE,QAAQ;YACtB,uBAAuB,EAAE,KAAK;YAC9B,UAAU,EAAE;gBACV,EAAE,EAAE,UAAU,CAAC,YAAY;gBAC3B,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACtE,OAAO,EAAE,UAAU,CAAC,OAAO;aAC5B;SACF,CAAC,CAAA;QAEF,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,EAAE,kBAAkB,EAAE,GAAG,YAAY,CAAA;YAC3C,UAAU,CAAC,OAAO,GAAG,kBAAkB,CAAC,UAAU,CAAA;YAClD,MAAM,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAEvD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAA;YAC5B,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC,CAAC,CACH,CAAA;AAED,SAAgB,wBAAwB,CAAC,QAAgD;IACvF,OAAO,KAAK,UAAU,kBAAkB,CAAC,OAAO,EAAE,IAAI;QACpD,OAAO,sBAAQ,CAAC,YAAY,CAC1B,QAAQ,EACR,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAClB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,IAAI,yBAAS,CAAC;oBAClB,SAAS,EAAE,yBAAS,CAAC,WAAW,CAAC,yBAAyB;oBAC1D,MAAM,EAAE,GAAG;iBACZ,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;gBAEzB,OAAO,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;YACzC,CAAC;YAED,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CACF,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAClB,CAAC,CAAA;AACH,CAAC","sourcesContent":["import passport from 'koa-passport'\nimport { Strategy as CustomStrategy } from 'passport-custom'\n\nimport { getRepository } from '@things-factory/shell'\n\nimport { AuthError } from '../errors/auth-error.js'\n\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential.js'\nimport {\n AuthenticatorAssertionResponse,\n verifyRegistrationResponse,\n verifyAuthenticationResponse\n} from '@simplewebauthn/server'\n\npassport.use(\n 'webauthn-register',\n new CustomStrategy(async (context, done) => {\n const { body, session, user, hostname, origin } = context as any\n\n const challenge = session.challenge\n\n const verification = await verifyRegistrationResponse({\n response: body,\n expectedChallenge: challenge,\n expectedOrigin: origin,\n expectedRPID: hostname,\n expectedType: 'webauthn.create',\n requireUserVerification: false\n })\n\n if (verification.verified) {\n const { registrationInfo } = verification\n const publicKey = Buffer.from(registrationInfo.credential.publicKey).toString('base64')\n if (!registrationInfo) {\n return done(null, false)\n }\n if (user) {\n const webAuthRepository = getRepository(WebAuthCredential)\n await webAuthRepository.save({\n user,\n credentialId: registrationInfo.credential.id,\n publicKey,\n counter: registrationInfo.credential.counter,\n creator: user,\n updater: user\n })\n }\n\n return done(null, user)\n } else {\n return done(null, false)\n }\n })\n)\n\npassport.use(\n 'webauthn-login',\n new CustomStrategy(async (context, done) => {\n try {\n const { body, session, origin, hostname } = context as any\n\n const challenge = session.challenge\n\n const assertionResponse = body as {\n id: string\n response: AuthenticatorAssertionResponse\n }\n\n const credential = await getRepository(WebAuthCredential).findOne({\n where: {\n credentialId: assertionResponse.id\n },\n relations: ['user']\n })\n\n if (!credential) {\n return done(null, false)\n }\n\n const verification = await verifyAuthenticationResponse({\n response: body,\n expectedChallenge: challenge,\n expectedOrigin: origin,\n expectedRPID: hostname,\n requireUserVerification: false,\n credential: {\n id: credential.credentialId,\n publicKey: new Uint8Array(Buffer.from(credential.publicKey, 'base64')),\n counter: credential.counter\n }\n })\n\n if (verification.verified) {\n const { authenticationInfo } = verification\n credential.counter = authenticationInfo.newCounter\n await getRepository(WebAuthCredential).save(credential)\n\n const user = credential.user\n return done(null, user)\n } else {\n return done(verification, false)\n }\n } catch (error) {\n return done(error, false)\n }\n })\n)\n\nexport function createWebAuthnMiddleware(strategy: 'webauthn-register' | 'webauthn-login') {\n return async function webAuthnMiddleware(context, next) {\n return passport.authenticate(\n strategy,\n { session: true, failureMessage: true, failWithError: true },\n async (err, user) => {\n if (err || !user) {\n throw new AuthError({\n errorCode: AuthError.ERROR_CODES.AUTHN_VERIFICATION_FAILED,\n detail: err\n })\n } else {\n context.state.user = user\n\n context.body = { user, verified: true }\n }\n\n await next()\n }\n )(context, next)\n }\n}\n"]}
|
|
@@ -4,7 +4,7 @@ exports.SeedUsers1548206416130 = void 0;
|
|
|
4
4
|
const typeorm_1 = require("typeorm");
|
|
5
5
|
const env_1 = require("@things-factory/env");
|
|
6
6
|
const shell_1 = require("@things-factory/shell");
|
|
7
|
-
const
|
|
7
|
+
const user_js_1 = require("../service/user/user.js");
|
|
8
8
|
const ADMIN_ACCOUNT = env_1.config.get('adminAccount', {
|
|
9
9
|
username: 'admin',
|
|
10
10
|
name: 'Admin',
|
|
@@ -12,18 +12,18 @@ const ADMIN_ACCOUNT = env_1.config.get('adminAccount', {
|
|
|
12
12
|
password: 'admin'
|
|
13
13
|
});
|
|
14
14
|
const SEED_USERS = [
|
|
15
|
-
Object.assign(Object.assign({}, ADMIN_ACCOUNT), { userType: 'user', status:
|
|
15
|
+
Object.assign(Object.assign({}, ADMIN_ACCOUNT), { userType: 'user', status: user_js_1.UserStatus.ACTIVATED })
|
|
16
16
|
];
|
|
17
17
|
class SeedUsers1548206416130 {
|
|
18
18
|
async up(queryRunner) {
|
|
19
|
-
const userRepository = (0, shell_1.getRepository)(
|
|
19
|
+
const userRepository = (0, shell_1.getRepository)(user_js_1.User);
|
|
20
20
|
const domainRepository = (0, shell_1.getRepository)(shell_1.Domain);
|
|
21
21
|
const domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } });
|
|
22
22
|
try {
|
|
23
23
|
for (let i = 0; i < SEED_USERS.length; i++) {
|
|
24
24
|
const user = SEED_USERS[i];
|
|
25
|
-
const salt =
|
|
26
|
-
const password =
|
|
25
|
+
const salt = user_js_1.User.generateSalt();
|
|
26
|
+
const password = user_js_1.User.encode(user.password, salt);
|
|
27
27
|
await userRepository.save(Object.assign(Object.assign({}, user), { salt,
|
|
28
28
|
password, domains: [domain] }));
|
|
29
29
|
}
|
|
@@ -36,7 +36,7 @@ class SeedUsers1548206416130 {
|
|
|
36
36
|
await domainRepository.save(domain);
|
|
37
37
|
}
|
|
38
38
|
async down(queryRunner) {
|
|
39
|
-
const repository = (0, shell_1.getRepository)(
|
|
39
|
+
const repository = (0, shell_1.getRepository)(user_js_1.User);
|
|
40
40
|
SEED_USERS.reverse().forEach(async (user) => {
|
|
41
41
|
let record = await repository.findOneBy({ email: (0, typeorm_1.ILike)(user.email) });
|
|
42
42
|
await repository.remove(record);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"1548206416130-SeedUser.js","sourceRoot":"","sources":["../../server/migrations/1548206416130-SeedUser.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAEhE,6CAAoD;AACpD,iDAA6D;AAE7D
|
|
1
|
+
{"version":3,"file":"1548206416130-SeedUser.js","sourceRoot":"","sources":["../../server/migrations/1548206416130-SeedUser.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAEhE,6CAAoD;AACpD,iDAA6D;AAE7D,qDAA0D;AAE1D,MAAM,aAAa,GAAG,YAAM,CAAC,GAAG,CAAC,cAAc,EAAE;IAC/C,QAAQ,EAAE,OAAO;IACjB,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,oBAAoB;IAC3B,QAAQ,EAAE,OAAO;CAClB,CAAC,CAAA;AAEF,MAAM,UAAU,GAAG;oCAEZ,aAAa,KAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,oBAAU,CAAC,SAAS;CAE/B,CAAA;AACD,MAAa,sBAAsB;IAC1B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,cAAc,GAAG,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAA;QAE9C,MAAM,MAAM,GAAW,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAEpF,IAAI,CAAC;YACH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,IAAI,GAAG,cAAI,CAAC,YAAY,EAAE,CAAA;gBAChC,MAAM,QAAQ,GAAG,cAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;gBAEjD,MAAM,cAAc,CAAC,IAAI,iCACpB,IAAI,KACP,IAAI;oBACJ,QAAQ,EACR,OAAO,EAAE,CAAC,MAAM,CAAC,IACjB,CAAA;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,aAAa,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;QAC5F,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,EAAE,CAAA;QAEvB,MAAM,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB;QACxC,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAA;QAEtC,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;YACxC,IAAI,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;YACrE,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAtCD,wDAsCC","sourcesContent":["import { ILike, MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { config, logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { User, UserStatus } from '../service/user/user.js'\n\nconst ADMIN_ACCOUNT = config.get('adminAccount', {\n username: 'admin',\n name: 'Admin',\n email: 'admin@hatiolab.com',\n password: 'admin'\n})\n\nconst SEED_USERS = [\n {\n ...ADMIN_ACCOUNT,\n userType: 'user',\n status: UserStatus.ACTIVATED\n }\n]\nexport class SeedUsers1548206416130 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const userRepository = getRepository(User)\n const domainRepository = getRepository(Domain)\n\n const domain: Domain = await domainRepository.findOne({ where: { name: 'SYSTEM' } })\n\n try {\n for (let i = 0; i < SEED_USERS.length; i++) {\n const user = SEED_USERS[i]\n const salt = User.generateSalt()\n const password = User.encode(user.password, salt)\n\n await userRepository.save({\n ...user,\n salt,\n password,\n domains: [domain]\n })\n }\n } catch (e) {\n logger.error(e)\n }\n\n const admin = await userRepository.findOne({ where: { email: ILike(ADMIN_ACCOUNT.email) } })\n domain.owner = admin.id\n\n await domainRepository.save(domain)\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {\n const repository = getRepository(User)\n\n SEED_USERS.reverse().forEach(async user => {\n let record = await repository.findOneBy({ email: ILike(user.email) })\n await repository.remove(record)\n })\n }\n}\n"]}
|
|
@@ -3,10 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.SeedPrivilege1566805283882 = void 0;
|
|
4
4
|
const env_1 = require("@things-factory/env");
|
|
5
5
|
const shell_1 = require("@things-factory/shell");
|
|
6
|
-
const
|
|
6
|
+
const privilege_js_1 = require("../service/privilege/privilege.js");
|
|
7
7
|
class SeedPrivilege1566805283882 {
|
|
8
8
|
async up(queryRunner) {
|
|
9
|
-
const privilegeRepository = (0, shell_1.getRepository)(
|
|
9
|
+
const privilegeRepository = (0, shell_1.getRepository)(privilege_js_1.Privilege);
|
|
10
10
|
const { schema } = require('@things-factory/shell/dist-server/schema');
|
|
11
11
|
await schema();
|
|
12
12
|
const privileges = process['PRIVILEGES'];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"1566805283882-SeedPrivilege.js","sourceRoot":"","sources":["../../server/migrations/1566805283882-SeedPrivilege.ts"],"names":[],"mappings":";;;AAEA,6CAA4C;AAC5C,iDAAqD;AAErD,
|
|
1
|
+
{"version":3,"file":"1566805283882-SeedPrivilege.js","sourceRoot":"","sources":["../../server/migrations/1566805283882-SeedPrivilege.ts"],"names":[],"mappings":";;;AAEA,6CAA4C;AAC5C,iDAAqD;AAErD,oEAA6D;AAE7D,MAAa,0BAA0B;IAC9B,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,MAAM,mBAAmB,GAAG,IAAA,qBAAa,EAAC,wBAAS,CAAC,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,0CAA0C,CAAC,CAAA;QACtE,MAAM,MAAM,EAAE,CAAA;QACd,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;QAExC,IAAI,CAAC;YACH,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAA8B,CAAC,EAAE,CAAC;gBAC7E,IAAI,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC1E,MAAM,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;gBACpD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB,IAAiB,CAAC;CAC7D;AApBD,gEAoBC","sourcesContent":["import { MigrationInterface, QueryRunner } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { getRepository } from '@things-factory/shell'\n\nimport { Privilege } from '../service/privilege/privilege.js'\n\nexport class SeedPrivilege1566805283882 implements MigrationInterface {\n public async up(queryRunner: QueryRunner): Promise<any> {\n const privilegeRepository = getRepository(Privilege)\n\n const { schema } = require('@things-factory/shell/dist-server/schema')\n await schema()\n const privileges = process['PRIVILEGES']\n\n try {\n for (const [category, name] of Object.values(privileges as [string, string])) {\n if (0 == (await privilegeRepository.count({ where: { category, name } }))) {\n await privilegeRepository.save({ category, name })\n }\n }\n } catch (e) {\n logger.error(e)\n }\n }\n\n public async down(queryRunner: QueryRunner): Promise<any> {}\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../server/migrations/index.ts"],"names":[],"mappings":";;;AAAA,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAEjB,QAAA,UAAU,GAAG,EAAE,CAAA;AAE1B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../server/migrations/index.ts"],"names":[],"mappings":";;;AAAA,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAEjB,QAAA,UAAU,GAAG,EAAE,CAAA;AAE1B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI;IAC1E,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAAE,OAAM;IAC3C,kBAAU,GAAG,kBAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;AAClF,CAAC,CAAC,CAAA","sourcesContent":["const glob = require('glob')\nconst path = require('path')\n\nexport var migrations = []\n\nglob.sync(path.resolve(__dirname, '.', '**', '*.js')).forEach(function (file) {\n if (file.indexOf('index.js') !== -1) return\n migrations = migrations.concat(Object.values(require(path.resolve(file))) || [])\n})\n"]}
|
|
@@ -5,21 +5,22 @@ const tslib_1 = require("tslib");
|
|
|
5
5
|
const koa_router_1 = tslib_1.__importDefault(require("koa-router"));
|
|
6
6
|
const env_1 = require("@things-factory/env");
|
|
7
7
|
const shell_1 = require("@things-factory/shell");
|
|
8
|
-
const
|
|
9
|
-
const
|
|
10
|
-
const
|
|
11
|
-
const
|
|
12
|
-
const
|
|
8
|
+
const login_history_js_1 = require("../service/login-history/login-history.js");
|
|
9
|
+
const accepts_js_1 = require("../utils/accepts.js");
|
|
10
|
+
const access_token_cookie_js_1 = require("../utils/access-token-cookie.js");
|
|
11
|
+
const get_user_domains_js_1 = require("../utils/get-user-domains.js");
|
|
12
|
+
const domainTypes = env_1.config.get('domainTypes');
|
|
13
13
|
exports.authCheckinRouter = new koa_router_1.default();
|
|
14
14
|
exports.authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {
|
|
15
15
|
const { request, t } = context;
|
|
16
16
|
const header = request.header;
|
|
17
17
|
const { user } = context.state;
|
|
18
18
|
let { subdomain } = context.params;
|
|
19
|
-
let domains = await (0,
|
|
20
|
-
if (
|
|
21
|
-
domains = domains.filter(d => d.extType
|
|
22
|
-
|
|
19
|
+
let domains = await (0, get_user_domains_js_1.getUserDomains)(user);
|
|
20
|
+
if (domainTypes) {
|
|
21
|
+
domains = domains.filter(d => !d.extType || domainTypes.includes(d.extType));
|
|
22
|
+
}
|
|
23
|
+
if (!(0, accepts_js_1.accepts)(header.accept, ['text/html', '*/*'])) {
|
|
23
24
|
// When request expects non html response
|
|
24
25
|
try {
|
|
25
26
|
if (!subdomain)
|
|
@@ -31,7 +32,7 @@ exports.authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next)
|
|
|
31
32
|
context.body = true;
|
|
32
33
|
}
|
|
33
34
|
catch (e) {
|
|
34
|
-
(0,
|
|
35
|
+
(0, access_token_cookie_js_1.clearAccessTokenCookie)(context);
|
|
35
36
|
throw e;
|
|
36
37
|
}
|
|
37
38
|
}
|
|
@@ -68,23 +69,23 @@ exports.authCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next)
|
|
|
68
69
|
userType: user.userType
|
|
69
70
|
},
|
|
70
71
|
domains,
|
|
71
|
-
|
|
72
|
+
domainTypes,
|
|
72
73
|
redirectTo,
|
|
73
74
|
message
|
|
74
75
|
}
|
|
75
76
|
});
|
|
76
77
|
}
|
|
77
78
|
catch (e) {
|
|
78
|
-
(0,
|
|
79
|
+
(0, access_token_cookie_js_1.clearAccessTokenCookie)(context);
|
|
79
80
|
context.redirect(`/auth/signin?username=${encodeURIComponent(user.username)}&redirect_to=${encodeURIComponent(redirectTo)}`);
|
|
80
81
|
}
|
|
81
82
|
}
|
|
82
83
|
});
|
|
83
84
|
exports.authCheckinRouter.get('/auth/domains', async (context) => {
|
|
84
85
|
const { user } = context.state;
|
|
85
|
-
var domains = await (0,
|
|
86
|
-
if (
|
|
87
|
-
domains = domains.filter(d => d.extType ==
|
|
86
|
+
var domains = await (0, get_user_domains_js_1.getUserDomains)(user);
|
|
87
|
+
if (domainTypes) {
|
|
88
|
+
domains = domains.filter(d => d.extType == domainTypes);
|
|
88
89
|
}
|
|
89
90
|
context.body = domains;
|
|
90
91
|
});
|
|
@@ -93,9 +94,9 @@ async function checkIn(checkInDomain, redirectTo, context) {
|
|
|
93
94
|
const remoteAddress = context.req.headers['x-forwarded-for']
|
|
94
95
|
? context.req.headers['x-forwarded-for'].split(',')[0].trim()
|
|
95
96
|
: context.req.connection.remoteAddress;
|
|
96
|
-
await
|
|
97
|
+
await login_history_js_1.LoginHistory.stamp(checkInDomain, user, remoteAddress);
|
|
97
98
|
if (redirectTo) {
|
|
98
|
-
return context.redirect((0, shell_1.getRedirectSubdomainPath)(context, checkInDomain
|
|
99
|
+
return context.redirect((0, shell_1.getRedirectSubdomainPath)(context, checkInDomain, redirectTo));
|
|
99
100
|
}
|
|
100
101
|
}
|
|
101
102
|
//# sourceMappingURL=auth-checkin-router.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-checkin-router.js","sourceRoot":"","sources":["../../server/router/auth-checkin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA+F;AAE/F,
|
|
1
|
+
{"version":3,"file":"auth-checkin-router.js","sourceRoot":"","sources":["../../server/router/auth-checkin-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA+F;AAE/F,gFAAwE;AAExE,oDAA6C;AAC7C,4EAAwE;AACxE,sEAA6D;AAE7D,MAAM,WAAW,GAAG,YAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;AAEhC,QAAA,iBAAiB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE7C,yBAAiB,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAElC,IAAI,OAAO,GAAsB,MAAM,IAAA,oCAAc,EAAC,IAAI,CAAC,CAAA;IAC3D,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAA;IAC9E,CAAC;IAED,IAAI,CAAC,IAAA,oBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QAClD,yCAAyC;QACzC,IAAI,CAAC;YACH,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA,CAAC,qCAAqC;YACrH,MAAM,aAAa,GAAgC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAA,CAAC,wCAAwC;YACxI,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;YAEnF,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;QACrB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAA,+CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,MAAM,CAAC,CAAA;QACT,CAAC;IACH,CAAC;SAAM,CAAC;QACN,qCAAqC;QACrC,MAAM,EAAE,WAAW,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEvD,IAAI,CAAC;YACH,IAAI,OAAe,CAAA;YAEnB,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,6CAA6C;gBAC7C,SAAS,GAAG,IAAA,6BAAqB,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YACxD,CAAC;YAED,IAAI,aAA8B,CAAA;YAClC,IAAI,SAAS,EAAE,CAAC;gBACd,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;gBAC3D,IAAI,CAAC,aAAa;oBAAE,OAAO,GAAG,CAAC,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;YAC5E,CAAC;iBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;YAC5B,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,MAAM,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,cAAc;gBAC3B,aAAa,EAAE,kBAAkB;gBACjC,IAAI,EAAE;oBACJ,IAAI,EAAE;wBACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;qBACxB;oBACD,OAAO;oBACP,WAAW;oBACX,UAAU;oBACV,OAAO;iBACR;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAA,+CAAsB,EAAC,OAAO,CAAC,CAAA;YAC/B,OAAO,CAAC,QAAQ,CACd,yBAAyB,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC3G,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,yBAAiB,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAC,OAAO,EAAC,EAAE;IACrD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,IAAI,OAAO,GAAG,MAAM,IAAA,oCAAc,EAAC,IAAI,CAAC,CAAA;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,WAAW,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,KAAK,UAAU,OAAO,CACpB,aAA8B,EAC9B,UAAyB,EACzB,OAAwB;IAExB,MAAM,EAAE,IAAI,EAAE,GAAmB,OAAO,CAAC,KAAK,CAAA;IAC9C,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC1D,CAAC,CAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;QACzE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,CAAA;IAExC,MAAM,+BAAY,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,aAAa,CAAC,CAAA;IAE5D,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAA,gCAAwB,EAAC,OAAO,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC,CAAA;IACvF,CAAC;AACH,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, findSubdomainFromPath, getRedirectSubdomainPath } from '@things-factory/shell'\n\nimport { LoginHistory } from '../service/login-history/login-history.js'\nimport { User } from '../service/user/user.js'\nimport { accepts } from '../utils/accepts.js'\nimport { clearAccessTokenCookie } from '../utils/access-token-cookie.js'\nimport { getUserDomains } from '../utils/get-user-domains.js'\n\nconst domainTypes = config.get('domainTypes')\n\nexport const authCheckinRouter = new Router()\n\nauthCheckinRouter.get('/auth/checkin/:subdomain?', async (context, next) => {\n const { request, t } = context\n const header = request.header\n const { user } = context.state\n let { subdomain } = context.params\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n if (domainTypes) {\n domains = domains.filter(d => !d.extType || domainTypes.includes(d.extType))\n }\n\n if (!accepts(header.accept, ['text/html', '*/*'])) {\n // When request expects non html response\n try {\n if (!subdomain) throw new Error(t('error.domain not specified', { subdomain })) // When params doesn't have subdomain\n const checkInDomain: Partial<Domain> | undefined = domains.find(d => d.subdomain === subdomain) // When no matched domain with subdomain\n if (!checkInDomain) throw new Error(t('error.domain not specified', { subdomain }))\n\n await checkIn(checkInDomain, null, context)\n context.body = true\n } catch (e) {\n clearAccessTokenCookie(context)\n throw e\n }\n } else {\n // When request expects html response\n const { redirect_to: redirectTo = '/' } = context.query\n\n try {\n let message: string\n\n if (!subdomain) {\n /* try to find domain from redirectTo path */\n subdomain = findSubdomainFromPath(context, redirectTo)\n }\n\n let checkInDomain: Partial<Domain>\n if (subdomain) {\n checkInDomain = domains.find(d => d.subdomain == subdomain)\n if (!checkInDomain) message = t('error.domain not allowed', { subdomain })\n } else if (domains.length === 1) {\n checkInDomain = domains[0]\n }\n\n if (checkInDomain) {\n return await checkIn(checkInDomain, redirectTo, context)\n }\n\n await context.render('auth-page', {\n pageElement: 'auth-checkin',\n elementScript: '/auth/checkin.js',\n data: {\n user: {\n username: user.username,\n email: user.email,\n locale: user.locale,\n name: user.name,\n userType: user.userType\n },\n domains,\n domainTypes,\n redirectTo,\n message\n }\n })\n } catch (e) {\n clearAccessTokenCookie(context)\n context.redirect(\n `/auth/signin?username=${encodeURIComponent(user.username)}&redirect_to=${encodeURIComponent(redirectTo)}`\n )\n }\n }\n})\n\nauthCheckinRouter.get('/auth/domains', async context => {\n const { user } = context.state\n var domains = await getUserDomains(user)\n if (domainTypes) {\n domains = domains.filter(d => d.extType == domainTypes)\n }\n\n context.body = domains\n})\n\nasync function checkIn(\n checkInDomain: Partial<Domain>,\n redirectTo: string | null,\n context: ResolverContext\n): Promise<void> {\n const { user }: { user: User } = context.state\n const remoteAddress = context.req.headers['x-forwarded-for']\n ? (context.req.headers['x-forwarded-for'] as string).split(',')[0].trim()\n : context.req.connection.remoteAddress\n\n await LoginHistory.stamp(checkInDomain, user, remoteAddress)\n\n if (redirectTo) {\n return context.redirect(getRedirectSubdomainPath(context, checkInDomain, redirectTo))\n }\n}\n"]}
|
|
@@ -6,13 +6,13 @@ const typeorm_1 = require("typeorm");
|
|
|
6
6
|
const koa_router_1 = tslib_1.__importDefault(require("koa-router"));
|
|
7
7
|
const env_1 = require("@things-factory/env");
|
|
8
8
|
const shell_1 = require("@things-factory/shell");
|
|
9
|
-
const
|
|
10
|
-
const
|
|
11
|
-
const
|
|
12
|
-
const
|
|
13
|
-
const
|
|
14
|
-
const
|
|
15
|
-
const
|
|
9
|
+
const change_pwd_js_1 = require("../controllers/change-pwd.js");
|
|
10
|
+
const delete_user_js_1 = require("../controllers/delete-user.js");
|
|
11
|
+
const profile_js_1 = require("../controllers/profile.js");
|
|
12
|
+
const user_js_1 = require("../service/user/user.js");
|
|
13
|
+
const access_token_cookie_js_1 = require("../utils/access-token-cookie.js");
|
|
14
|
+
const get_user_domains_js_1 = require("../utils/get-user-domains.js");
|
|
15
|
+
const domainTypes = env_1.config.get('domainTypes');
|
|
16
16
|
const languages = env_1.config.get('i18n/languages') || [];
|
|
17
17
|
exports.authPrivateProcessRouter = new koa_router_1.default({
|
|
18
18
|
prefix: '/auth'
|
|
@@ -21,14 +21,14 @@ exports.authPrivateProcessRouter
|
|
|
21
21
|
.post('/change-pass', async (context, next) => {
|
|
22
22
|
const { t } = context;
|
|
23
23
|
let { current_pass, new_pass, confirm_pass } = context.request.body;
|
|
24
|
-
const token = await (0,
|
|
24
|
+
const token = await (0, change_pwd_js_1.changePwd)(context.state.user, current_pass, new_pass, confirm_pass, context);
|
|
25
25
|
context.body = t('text.password changed successfully');
|
|
26
|
-
(0,
|
|
26
|
+
(0, access_token_cookie_js_1.setAccessTokenCookie)(context, token);
|
|
27
27
|
})
|
|
28
28
|
.post('/update-profile', async (context, next) => {
|
|
29
29
|
const { i18next, t } = context;
|
|
30
30
|
const newProfiles = context.request.body;
|
|
31
|
-
await (0,
|
|
31
|
+
await (0, profile_js_1.updateProfile)(context.state.user, newProfiles);
|
|
32
32
|
if (newProfiles.locale) {
|
|
33
33
|
context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully');
|
|
34
34
|
}
|
|
@@ -41,7 +41,7 @@ exports.authPrivateProcessRouter
|
|
|
41
41
|
var { user } = context.state;
|
|
42
42
|
var { id: userId } = user;
|
|
43
43
|
var { password, username } = context.request.body;
|
|
44
|
-
const userRepo = (0, shell_1.getRepository)(
|
|
44
|
+
const userRepo = (0, shell_1.getRepository)(user_js_1.User);
|
|
45
45
|
var userInfo = await userRepo.findOne({
|
|
46
46
|
where: { username },
|
|
47
47
|
relations: ['domains']
|
|
@@ -52,14 +52,14 @@ exports.authPrivateProcessRouter
|
|
|
52
52
|
relations: ['domains']
|
|
53
53
|
});
|
|
54
54
|
}
|
|
55
|
-
if (userInfo.id != userId || !
|
|
55
|
+
if (userInfo.id != userId || !user_js_1.User.verify(userInfo.password, password, userInfo.salt)) {
|
|
56
56
|
context.status = 401;
|
|
57
57
|
context.body = t('error.user validation failed');
|
|
58
58
|
return;
|
|
59
59
|
}
|
|
60
|
-
await (0,
|
|
60
|
+
await (0, delete_user_js_1.deleteUser)(user);
|
|
61
61
|
context.body = t('text.delete account succeed');
|
|
62
|
-
(0,
|
|
62
|
+
(0, access_token_cookie_js_1.clearAccessTokenCookie)(context);
|
|
63
63
|
})
|
|
64
64
|
.get('/profile', async (context, next) => {
|
|
65
65
|
const { t } = context;
|
|
@@ -69,9 +69,9 @@ exports.authPrivateProcessRouter
|
|
|
69
69
|
context.body = t('error.user validation failed');
|
|
70
70
|
return;
|
|
71
71
|
}
|
|
72
|
-
let domains = await (0,
|
|
73
|
-
domains = domains.filter((d) => d.extType
|
|
74
|
-
var privileges = await
|
|
72
|
+
let domains = await (0, get_user_domains_js_1.getUserDomains)(user);
|
|
73
|
+
domains = domains.filter((d) => !d.extType || domainTypes.includes(d.extType));
|
|
74
|
+
var privileges = await user_js_1.User.getPrivilegesByDomain(user, domain);
|
|
75
75
|
if (prohibitedPrivileges) {
|
|
76
76
|
prohibitedPrivileges.forEach(({ category, privilege }) => {
|
|
77
77
|
privileges = privileges.filter(p => p.category != category || p.privilege != privilege);
|
|
@@ -88,10 +88,18 @@ exports.authPrivateProcessRouter
|
|
|
88
88
|
unsafeIP,
|
|
89
89
|
privileges
|
|
90
90
|
},
|
|
91
|
-
domains,
|
|
91
|
+
domains: domains.map(({ id, name, description, subdomain, extType, brandName, brandImage }) => {
|
|
92
|
+
return {
|
|
93
|
+
name,
|
|
94
|
+
description,
|
|
95
|
+
subdomain,
|
|
96
|
+
extType
|
|
97
|
+
};
|
|
98
|
+
}),
|
|
92
99
|
domain: domain && {
|
|
93
100
|
name: domain.name,
|
|
94
|
-
subdomain: domain.subdomain
|
|
101
|
+
subdomain: domain.subdomain,
|
|
102
|
+
type: domain.extType
|
|
95
103
|
},
|
|
96
104
|
languages
|
|
97
105
|
};
|