@things-factory/auth-base 9.0.0-beta.8 → 9.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config.development.js +1 -0
- package/dist-client/auth.js +2 -7
- package/dist-client/auth.js.map +1 -1
- package/dist-client/reducers/auth.js +9 -2
- package/dist-client/reducers/auth.js.map +1 -1
- package/dist-client/tsconfig.tsbuildinfo +1 -1
- package/dist-server/controllers/change-pwd.js +5 -2
- package/dist-server/controllers/change-pwd.js.map +1 -1
- package/dist-server/controllers/checkin.js +1 -1
- package/dist-server/controllers/checkin.js.map +1 -1
- package/dist-server/controllers/delete-user.js +2 -2
- package/dist-server/controllers/delete-user.js.map +1 -1
- package/dist-server/controllers/profile.js +4 -1
- package/dist-server/controllers/profile.js.map +1 -1
- package/dist-server/controllers/reset-password.js +5 -2
- package/dist-server/controllers/reset-password.js.map +1 -1
- package/dist-server/controllers/signin.js +2 -2
- package/dist-server/controllers/signin.js.map +1 -1
- package/dist-server/controllers/signup.js +8 -1
- package/dist-server/controllers/signup.js.map +1 -1
- package/dist-server/errors/auth-error.js +3 -1
- package/dist-server/errors/auth-error.js.map +1 -1
- package/dist-server/middlewares/authenticate-401-middleware.js +22 -9
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/middlewares/bypass-signin-middleware.d.ts +1 -0
- package/dist-server/middlewares/bypass-signin-middleware.js +20 -0
- package/dist-server/middlewares/bypass-signin-middleware.js.map +1 -0
- package/dist-server/middlewares/domain-authenticate-middleware.js +1 -5
- package/dist-server/middlewares/domain-authenticate-middleware.js.map +1 -1
- package/dist-server/middlewares/index.js +6 -1
- package/dist-server/middlewares/index.js.map +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js +1 -1
- package/dist-server/middlewares/jwt-authenticate-middleware.js.map +1 -1
- package/dist-server/migrations/1548206416130-SeedUser.js +11 -3
- package/dist-server/migrations/1548206416130-SeedUser.js.map +1 -1
- package/dist-server/router/auth-checkin-router.js +11 -13
- package/dist-server/router/auth-checkin-router.js.map +1 -1
- package/dist-server/router/auth-private-process-router.js +10 -4
- package/dist-server/router/auth-private-process-router.js.map +1 -1
- package/dist-server/router/auth-signup-router.js +5 -2
- package/dist-server/router/auth-signup-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-authorize-router.js +5 -2
- package/dist-server/router/oauth2/oauth2-authorize-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.js +1 -2
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-server.js +21 -3
- package/dist-server/router/oauth2/oauth2-server.js.map +1 -1
- package/dist-server/router/site-root-router.js +1 -1
- package/dist-server/router/site-root-router.js.map +1 -1
- package/dist-server/router/webauthn-router.js +1 -1
- package/dist-server/router/webauthn-router.js.map +1 -1
- package/dist-server/routes.js +74 -48
- package/dist-server/routes.js.map +1 -1
- package/dist-server/service/app-binding/app-binding-types.js +3 -3
- package/dist-server/service/app-binding/app-binding-types.js.map +1 -1
- package/dist-server/service/app-binding/app-binding.js +6 -4
- package/dist-server/service/app-binding/app-binding.js.map +1 -1
- package/dist-server/service/appliance/appliance-mutation.js +37 -34
- package/dist-server/service/appliance/appliance-mutation.js.map +1 -1
- package/dist-server/service/appliance/appliance-types.js +18 -18
- package/dist-server/service/appliance/appliance-types.js.map +1 -1
- package/dist-server/service/appliance/appliance.d.ts +2 -0
- package/dist-server/service/appliance/appliance.js +61 -14
- package/dist-server/service/appliance/appliance.js.map +1 -1
- package/dist-server/service/application/application-mutation.js +22 -4
- package/dist-server/service/application/application-mutation.js.map +1 -1
- package/dist-server/service/application/application-types.js +24 -24
- package/dist-server/service/application/application-types.js.map +1 -1
- package/dist-server/service/application/application.d.ts +6 -6
- package/dist-server/service/application/application.js +22 -22
- package/dist-server/service/application/application.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-mutation.js +29 -7
- package/dist-server/service/auth-provider/auth-provider-mutation.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-parameter-spec.js +12 -7
- package/dist-server/service/auth-provider/auth-provider-parameter-spec.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider-type.js +24 -21
- package/dist-server/service/auth-provider/auth-provider-type.js.map +1 -1
- package/dist-server/service/auth-provider/auth-provider.js +35 -25
- package/dist-server/service/auth-provider/auth-provider.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-mutation.js +1 -2
- package/dist-server/service/domain-generator/domain-generator-mutation.js.map +1 -1
- package/dist-server/service/domain-generator/domain-generator-types.js +17 -14
- package/dist-server/service/domain-generator/domain-generator-types.js.map +1 -1
- package/dist-server/service/domain-link/domain-link-mutation.d.ts +9 -0
- package/dist-server/service/domain-link/domain-link-mutation.js +133 -0
- package/dist-server/service/domain-link/domain-link-mutation.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-query.d.ts +11 -0
- package/dist-server/service/domain-link/domain-link-query.js +75 -0
- package/dist-server/service/domain-link/domain-link-query.js.map +1 -0
- package/dist-server/service/domain-link/domain-link-types.d.ts +18 -0
- package/dist-server/service/domain-link/domain-link-types.js +66 -0
- package/dist-server/service/domain-link/domain-link-types.js.map +1 -0
- package/dist-server/service/domain-link/domain-link.d.ts +28 -0
- package/dist-server/service/domain-link/domain-link.js +105 -0
- package/dist-server/service/domain-link/domain-link.js.map +1 -0
- package/dist-server/service/domain-link/index.d.ts +6 -0
- package/dist-server/service/domain-link/index.js +10 -0
- package/dist-server/service/domain-link/index.js.map +1 -0
- package/dist-server/service/granted-role/granted-role-mutation.js +7 -7
- package/dist-server/service/granted-role/granted-role-mutation.js.map +1 -1
- package/dist-server/service/granted-role/granted-role.js +4 -4
- package/dist-server/service/granted-role/granted-role.js.map +1 -1
- package/dist-server/service/index.d.ts +3 -1
- package/dist-server/service/index.js +7 -2
- package/dist-server/service/index.js.map +1 -1
- package/dist-server/service/invitation/invitation-mutation.js +6 -2
- package/dist-server/service/invitation/invitation-mutation.js.map +1 -1
- package/dist-server/service/invitation/invitation-types.js +3 -3
- package/dist-server/service/invitation/invitation-types.js.map +1 -1
- package/dist-server/service/invitation/invitation.js +10 -10
- package/dist-server/service/invitation/invitation.js.map +1 -1
- package/dist-server/service/login-history/login-history-type.js +3 -3
- package/dist-server/service/login-history/login-history-type.js.map +1 -1
- package/dist-server/service/login-history/login-history.js +6 -6
- package/dist-server/service/login-history/login-history.js.map +1 -1
- package/dist-server/service/partner/partner-types.js +3 -3
- package/dist-server/service/partner/partner-types.js.map +1 -1
- package/dist-server/service/partner/partner.js +8 -8
- package/dist-server/service/partner/partner.js.map +1 -1
- package/dist-server/service/password-history/password-history.js +3 -3
- package/dist-server/service/password-history/password-history.js.map +1 -1
- package/dist-server/service/privilege/privilege-directive.js +1 -2
- package/dist-server/service/privilege/privilege-directive.js.map +1 -1
- package/dist-server/service/privilege/privilege-mutation.js +11 -2
- package/dist-server/service/privilege/privilege-mutation.js.map +1 -1
- package/dist-server/service/privilege/privilege.js +20 -20
- package/dist-server/service/privilege/privilege.js.map +1 -1
- package/dist-server/service/role/role-mutation.js +12 -2
- package/dist-server/service/role/role-mutation.js.map +1 -1
- package/dist-server/service/role/role-query.d.ts +7 -3
- package/dist-server/service/role/role-query.js +18 -10
- package/dist-server/service/role/role-query.js.map +1 -1
- package/dist-server/service/role/role-types.d.ts +4 -0
- package/dist-server/service/role/role-types.js +41 -27
- package/dist-server/service/role/role-types.js.map +1 -1
- package/dist-server/service/role/role.js +11 -11
- package/dist-server/service/role/role.js.map +1 -1
- package/dist-server/service/user/user-mutation.js +89 -41
- package/dist-server/service/user/user-mutation.js.map +1 -1
- package/dist-server/service/user/user-query.d.ts +1 -0
- package/dist-server/service/user/user-query.js +25 -9
- package/dist-server/service/user/user-query.js.map +1 -1
- package/dist-server/service/user/user-types.js +33 -32
- package/dist-server/service/user/user-types.js.map +1 -1
- package/dist-server/service/user/user.d.ts +5 -5
- package/dist-server/service/user/user.js +25 -22
- package/dist-server/service/user/user.js.map +1 -1
- package/dist-server/service/users-auth-providers/users-auth-providers.js +11 -8
- package/dist-server/service/users-auth-providers/users-auth-providers.js.map +1 -1
- package/dist-server/service/verification-token/verification-token.d.ts +3 -3
- package/dist-server/service/verification-token/verification-token.js +8 -8
- package/dist-server/service/verification-token/verification-token.js.map +1 -1
- package/dist-server/service/web-auth-credential/web-auth-credential.js +11 -10
- package/dist-server/service/web-auth-credential/web-auth-credential.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/dist-server/utils/access-token-cookie.js +1 -11
- package/dist-server/utils/access-token-cookie.js.map +1 -1
- package/dist-server/utils/check-user-belongs-domain.js +1 -2
- package/dist-server/utils/check-user-belongs-domain.js.map +1 -1
- package/dist-server/utils/get-domain-users.js +2 -2
- package/dist-server/utils/get-domain-users.js.map +1 -1
- package/dist-server/utils/get-user-domains.d.ts +0 -1
- package/dist-server/utils/get-user-domains.js +28 -22
- package/dist-server/utils/get-user-domains.js.map +1 -1
- package/package.json +6 -6
- package/dist-server/utils/get-domain-from-hostname.d.ts +0 -1
- package/dist-server/utils/get-domain-from-hostname.js +0 -9
- package/dist-server/utils/get-domain-from-hostname.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-private-process-router.js","sourceRoot":"","sources":["../../server/router/auth-private-process-router.ts"],"names":[],"mappings":";;;;AAAA,qCAA+B;AAC/B,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA6D;AAE7D,gEAAwD;AACxD,kEAA0D;AAC1D,0DAAyD;AACzD,qDAA8C;AAC9C,4EAA8F;AAC9F,sEAA6D;AAE7D,MAAM,
|
|
1
|
+
{"version":3,"file":"auth-private-process-router.js","sourceRoot":"","sources":["../../server/router/auth-private-process-router.ts"],"names":[],"mappings":";;;;AAAA,qCAA+B;AAC/B,oEAA+B;AAE/B,6CAA4C;AAC5C,iDAA6D;AAE7D,gEAAwD;AACxD,kEAA0D;AAC1D,0DAAyD;AACzD,qDAA8C;AAC9C,4EAA8F;AAC9F,sEAA6D;AAE7D,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;AAEvC,QAAA,wBAAwB,GAAG,IAAI,oBAAM,CAAC;IACjD,MAAM,EAAE,OAAO;CAChB,CAAC,CAAA;AAEF,gCAAwB;KACrB,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEnE,MAAM,KAAK,GAAG,MAAM,IAAA,yBAAS,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAA;IAEhG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,oCAAoC,CAAC,CAAA;IAEtD,IAAA,6CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;AACtC,CAAC,CAAC;KACD,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC/C,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAC9B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IACxC,MAAM,IAAA,0BAAa,EAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAEpD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAA;IAC3F,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;IACvD,CAAC;AACH,CAAC,CAAC;KACD,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC5C,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC9B,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC5B,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IAEzB,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;IAEjD,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAA;IAEpC,IAAI,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QACpC,KAAK,EAAE,EAAE,QAAQ,EAAE;QACnB,SAAS,EAAE,CAAC,SAAS,CAAC;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,QAAQ,IAAI,4BAA4B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7D,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;YAChC,KAAK,EAAE,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,QAAQ,CAAC,EAAE;YACjC,SAAS,EAAE,CAAC,SAAS,CAAC;SACvB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,EAAE,IAAI,MAAM,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,MAAM,IAAA,2BAAU,EAAC,IAAI,CAAC,CAAA;IAEtB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,6BAA6B,CAAC,CAAA;IAC/C,IAAA,+CAAsB,EAAC,OAAO,CAAC,CAAA;AACjC,CAAC,CAAC;KACD,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACvC,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IACrB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,8BAA8B,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,IAAI,OAAO,GAAsB,MAAM,IAAA,oCAAc,EAAC,IAAI,CAAC,CAAA;IAE3D,IAAI,UAAU,GAAG,MAAM,cAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAE/D,IAAI,oBAAoB,EAAE,CAAC;QACzB,oBAAoB,CAAC,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;YACvD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;QACzF,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,IAAI,EAAE;YACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;YACrD,KAAK,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YACnD,QAAQ;YACR,UAAU;SACX;QACD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE;YAC5F,OAAO;gBACL,IAAI;gBACJ,WAAW;gBACX,SAAS;gBACT,OAAO;aACR,CAAA;QACH,CAAC,CAAC;QACF,MAAM,EAAE,MAAM,IAAI;YAChB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,IAAI,EAAE,MAAM,CAAC,OAAO;SACrB;QACD,SAAS;KACV,CAAA;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { ILike } from 'typeorm'\nimport Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { changePwd } from '../controllers/change-pwd.js'\nimport { deleteUser } from '../controllers/delete-user.js'\nimport { updateProfile } from '../controllers/profile.js'\nimport { User } from '../service/user/user.js'\nimport { clearAccessTokenCookie, setAccessTokenCookie } from '../utils/access-token-cookie.js'\nimport { getUserDomains } from '../utils/get-user-domains.js'\n\nconst languages = config.get('i18n/languages') || []\n\nexport const authPrivateProcessRouter = new Router({\n prefix: '/auth'\n})\n\nauthPrivateProcessRouter\n .post('/change-pass', async (context, next) => {\n const { t } = context\n let { current_pass, new_pass, confirm_pass } = context.request.body\n\n const token = await changePwd(context.state.user, current_pass, new_pass, confirm_pass, context)\n\n context.body = t('text.password changed successfully')\n\n setAccessTokenCookie(context, token)\n })\n .post('/update-profile', async (context, next) => {\n const { i18next, t } = context\n const newProfiles = context.request.body\n await updateProfile(context.state.user, newProfiles)\n\n if (newProfiles.locale) {\n context.body = i18next.getFixedT(newProfiles.locale)('text.profile changed successfully')\n } else {\n context.body = t('text.profile changed successfully')\n }\n })\n .post('/delete-user', async (context, next) => {\n const { t, session } = context\n var { user } = context.state\n var { id: userId } = user\n\n var { password, username } = context.request.body\n\n const userRepo = getRepository(User)\n\n var userInfo = await userRepo.findOne({\n where: { username },\n relations: ['domains']\n })\n\n if (!userInfo && /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/.test(username)) {\n userInfo = await userRepo.findOne({\n where: { email: ILike(username) },\n relations: ['domains']\n })\n }\n\n if (userInfo.id != userId || !User.verify(userInfo.password, password, userInfo.salt)) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n await deleteUser(user)\n\n context.body = t('text.delete account succeed')\n clearAccessTokenCookie(context)\n })\n .get('/profile', async (context, next) => {\n const { t } = context\n const { domain, user, unsafeIP, prohibitedPrivileges } = context.state\n\n if (!domain) {\n context.status = 401\n context.body = t('error.user validation failed')\n return\n }\n\n let domains: Partial<Domain>[] = await getUserDomains(user)\n\n var privileges = await User.getPrivilegesByDomain(user, domain)\n\n if (prohibitedPrivileges) {\n prohibitedPrivileges.forEach(({ category, privilege }) => {\n privileges = privileges.filter(p => p.category != category || p.privilege != privilege)\n })\n }\n\n context.body = {\n user: {\n username: user.username,\n email: user.email,\n name: user.name,\n userType: user.userType,\n owner: await process.domainOwnerGranted(domain, user),\n super: await process.superUserGranted(domain, user),\n unsafeIP,\n privileges\n },\n domains: domains.map(({ id, name, description, subdomain, extType, brandName, brandImage }) => {\n return {\n name,\n description,\n subdomain,\n extType\n }\n }),\n domain: domain && {\n name: domain.name,\n subdomain: domain.subdomain,\n type: domain.extType\n },\n languages\n }\n })\n"]}
|
|
@@ -46,8 +46,11 @@ if (!disableUserSignupProcess) {
|
|
|
46
46
|
const { domain } = context.state;
|
|
47
47
|
const user = context.request.body;
|
|
48
48
|
// try {
|
|
49
|
-
const { token } = await (0, signup_js_1.signup)(
|
|
50
|
-
|
|
49
|
+
const { token } = await (0, signup_js_1.signup)({
|
|
50
|
+
...user,
|
|
51
|
+
context,
|
|
52
|
+
domain
|
|
53
|
+
}, true);
|
|
51
54
|
const message = t('text.user registered successfully');
|
|
52
55
|
context.body = {
|
|
53
56
|
message,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-signup-router.js","sourceRoot":"","sources":["../../server/router/auth-signup-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAE5C,wDAAiD;AACjD,oDAA6C;AAC7C,4EAAsE;AACtE,kGAAwF;AAExF,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AACrD,MAAM,gBAAgB,GAAG,YAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;AAExD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,IAAI,CAAC,wBAAwB,EAAE,CAAC;IAC9B,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEzC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,QAAQ;gBACR,KAAK;gBACL,YAAY;gBACZ,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;gBACT,gBAAgB;aACjB;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAA,yDAAwB,EAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC5G,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEjC,QAAQ;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,kBAAM,
|
|
1
|
+
{"version":3,"file":"auth-signup-router.js","sourceRoot":"","sources":["../../server/router/auth-signup-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,6CAA4C;AAE5C,wDAAiD;AACjD,oDAA6C;AAC7C,4EAAsE;AACtE,kGAAwF;AAExF,MAAM,wBAAwB,GAAG,YAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAC9E,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AACrD,MAAM,gBAAgB,GAAG,YAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;AAExD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI;IAC7C,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,gBAAgB,EAAE,IAAI;IACtB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,IAAI;IACrB,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,CAAC;IACvB,oBAAoB,EAAE,EAAE;CACzB,CAAA;AAEY,QAAA,gBAAgB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE5C,IAAI,CAAC,wBAAwB,EAAE,CAAC;IAC9B,wBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAEzC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;YAChC,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,iBAAiB;YAChC,IAAI,EAAE;gBACJ,QAAQ;gBACR,KAAK;gBACL,YAAY;gBACZ,wBAAwB;gBACxB,0BAA0B;gBAC1B,SAAS;gBACT,gBAAgB;aACjB;SACF,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,wBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAA,yDAAwB,EAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC5G,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAA;QAEjC,QAAQ;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,kBAAM,EAC5B;YACE,GAAG,IAAI;YACP,OAAO;YACP,MAAM;SACP,EACD,IAAI,CACL,CAAA;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,mCAAmC,CAAC,CAAA;QACtD,OAAO,CAAC,IAAI,GAAG;YACb,OAAO;YACP,KAAK;SACN,CAAA;QAED,IAAA,6CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAEpC,IAAI,IAAA,oBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;gBAChC,WAAW,EAAE,aAAa;gBAC1B,aAAa,EAAE,iBAAiB;gBAChC,IAAI,EAAE;oBACJ,OAAO;oBACP,wBAAwB;oBACxB,0BAA0B;oBAC1B,SAAS;iBACV;aACF,CAAC,CAAA;QACJ,CAAC;QACD,gBAAgB;QAChB,yBAAyB;QACzB,6BAA6B;QAE7B,wDAAwD;QACxD,0CAA0C;QAC1C,oCAAoC;QACpC,0CAA0C;QAC1C,gBAAgB;QAChB,iFAAiF;QACjF,uBAAuB;QACvB,UAAU;QACV,SAAS;QACT,MAAM;QACN,IAAI;IACN,CAAC,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import Router from 'koa-router'\n\nimport { config } from '@things-factory/env'\n\nimport { signup } from '../controllers/signup.js'\nimport { accepts } from '../utils/accepts.js'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie.js'\nimport { verifyRecaptcaMiddleware } from '../middlewares/verify-recaptcha-middleware.js'\n\nconst disableUserSignupProcess = config.get('disableUserSignupProcess', false)\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\nconst recaptchaSiteKey = config.get('recaptcha/siteKey')\n\nconst passwordRule = config.get('password') || {\n lowerCase: true,\n upperCase: true,\n digit: true,\n specialCharacter: true,\n allowRepeat: false,\n useTightPattern: true,\n useLoosePattern: false,\n tightCharacterLength: 8,\n looseCharacterLength: 15\n}\n\nexport const authSignupRouter = new Router()\n\nif (!disableUserSignupProcess) {\n authSignupRouter.get('/auth/signup', async (context, next) => {\n const { username, email } = context.query\n\n await context.render('auth-page', {\n pageElement: 'auth-signup',\n elementScript: '/auth/signup.js',\n data: {\n username,\n email,\n passwordRule,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages,\n recaptchaSiteKey\n }\n })\n })\n\n authSignupRouter.post('/auth/signup', verifyRecaptcaMiddleware({ action: 'signup' }), async (context, next) => {\n const { header, t } = context\n const { domain } = context.state\n const user = context.request.body\n\n // try {\n const { token } = await signup(\n {\n ...user,\n context,\n domain\n },\n true\n )\n\n const message = t('text.user registered successfully')\n context.body = {\n message,\n token\n }\n\n setAccessTokenCookie(context, token)\n\n if (accepts(header.accept, ['text/html', '*/*'])) {\n await context.render('auth-page', {\n pageElement: 'auth-result',\n elementScript: '/auth/result.js',\n data: {\n message,\n disableUserSignupProcess,\n disableUserFavoredLanguage,\n languages\n }\n })\n }\n // } catch (e) {\n // context.status = 401\n // context.body = e.message\n\n // if (accepts(header.accept, ['text/html', '*/*'])) {\n // await context.render('auth-page', {\n // pageElement: 'auth-signup',\n // elementScript: '/auth/signup.js',\n // data: {\n // message: e instanceof AuthError ? t(`error.${e.message}`) : e.message,\n // passwordRule\n // }\n // })\n // }\n // }\n })\n}\n"]}
|
|
@@ -48,11 +48,14 @@ exports.oauth2AuthorizeRouter.get('/authorize', oauth2_server_js_1.server.author
|
|
|
48
48
|
elementScript,
|
|
49
49
|
data: {
|
|
50
50
|
domain,
|
|
51
|
-
oauth2:
|
|
51
|
+
oauth2: {
|
|
52
|
+
...oauth2,
|
|
53
|
+
user: {
|
|
52
54
|
id: oauth2.user.id,
|
|
53
55
|
name: oauth2.user.name,
|
|
54
56
|
email: oauth2.user.email
|
|
55
|
-
}
|
|
57
|
+
}
|
|
58
|
+
},
|
|
56
59
|
disableUserFavoredLanguage,
|
|
57
60
|
languages
|
|
58
61
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AACrD,6CAA4C;AAE5C,6EAAsE;AACtE,yDAA2E;AAE9D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,yBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,4BAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,4BAAS,CAAC,EAAE,EAAE,CAAC;QACtC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,
|
|
1
|
+
{"version":3,"file":"oauth2-authorize-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-authorize-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAE/B,iDAAqD;AACrD,6CAA4C;AAE5C,6EAAsE;AACtE,yDAA2E;AAE9D,QAAA,qBAAqB,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEjD,MAAM,0BAA0B,GAAG,YAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;AACvF,MAAM,SAAS,GAAG,YAAM,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAA;AAErD,8BAA8B;AAC9B,EAAE;AACF,oEAAoE;AACpE,8EAA8E;AAC9E,uEAAuE;AACvE,oEAAoE;AACpE,6EAA6E;AAC7E,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,0CAA0C;AAE1C,6BAAqB,CAAC,GAAG,CACvB,YAAY,EACZ,yBAAiB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,EAAE,WAAW;IAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAA;IACF,oCAAoC;IACpC,4CAA4C;IAC5C,iBAAiB;IACjB,IAAI;IAEJ,OAAO,CAAC,MAAM,IAAI,4BAAS,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC,CAAC,EACF,KAAK,WAAW,OAAO,EAAE,IAAI;IAC3B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAE9C,IAAI,WAAW,GAAW,iBAAiB,CAAA;IAC3C,IAAI,aAAa,GAAW,iCAAiC,CAAA;IAE7D,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,4BAAS,CAAC,EAAE,EAAE,CAAC;QACtC,WAAW,GAAG,uBAAuB,CAAA;QACrC,aAAa,GAAG,uCAAuC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE;YAClC,WAAW;YACX,aAAa;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,MAAM,EAAE;oBACN,GAAG,MAAM;oBACT,IAAI,EAAE;wBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;wBACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;qBACzB;iBACF;gBACD,0BAA0B;gBAC1B,SAAS;aACV;SACF,CAAC,CAAA;QACF,uCAAuC;QACvC,oBAAoB;QACpB,2HAA2H;QAC3H,oBAAoB;QACpB,KAAK;IACP,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\n\nimport { getRepository } from '@things-factory/shell'\nimport { config } from '@things-factory/env'\n\nimport { Application } from '../../service/application/application.js'\nimport { NonClient, server as oauth2orizeServer } from './oauth2-server.js'\n\nexport const oauth2AuthorizeRouter = new Router()\n\nconst disableUserFavoredLanguage = config.get('i18n/disableUserFavoredLanguage', false)\nconst languages = config.get('i18n/languages', false)\n\n// user authorization endpoint\n//\n// `authorization` middleware accepts a `validate` callback which is\n// responsible for validating the client making the authorization request. In\n// doing so, is recommended that the `redirectURI` be checked against a\n// registered value, although security requirements may vary accross\n// implementations. Once validated, the `done` callback must be invoked with\n// a `client` instance, as well as the `redirectURI` to which the user will be\n// redirected after an authorization decision is obtained.\n//\n// This middleware simply initializes a new authorization transaction. It is\n// the application's responsibility to authenticate the user and render a dialog\n// to obtain their approval (displaying details about the client requesting\n// authorization). We accomplish that here by routing through `ensureLoggedIn()`\n// first, and rendering the `dialog` view.\n\noauth2AuthorizeRouter.get(\n '/authorize',\n oauth2orizeServer.authorize(async function (clientID, redirectURI) {\n const client = await getRepository(Application).findOneBy({\n appKey: clientID\n })\n // CONFIRM-ME redirectUrl 의 허용 범위는 ?\n // if (!client.redirectUrl != redirectURI) {\n // return false\n // }\n\n return [client || NonClient, redirectURI]\n }),\n async function (context, next) {\n const { oauth2, user, domain } = context.state\n\n let pageElement: string = 'oauth2-decision'\n let elementScript: string = '/oauth2/oauth2-decision-page.js'\n\n if (oauth2.client.id === NonClient.id) {\n pageElement = 'oauth2-decision-error'\n elementScript = '/oauth2/oauth2-decision-error-page.js'\n }\n\n try {\n await context.render('oauth2-page', {\n pageElement,\n elementScript,\n data: {\n domain,\n oauth2: {\n ...oauth2,\n user: {\n id: oauth2.user.id,\n name: oauth2.user.name,\n email: oauth2.user.email\n }\n },\n disableUserFavoredLanguage,\n languages\n }\n })\n // await context.render(decisionPage, {\n // domain: domain,\n // ...oauth2, // client, redirectURI, req { type, clientID, redirectURI, scope, state}, user, transactionID, info, locals\n // availableScopes\n // })\n } catch (e) {\n throw e\n }\n }\n)\n"]}
|
|
@@ -47,8 +47,7 @@ exports.oauth2Router.post('/decision', index_js_1.jwtAuthenticateMiddleware, (0,
|
|
|
47
47
|
// authenticate when making requests to this endpoint.
|
|
48
48
|
exports.oauth2Router.post('/access-token', koa_passport_1.default.authenticate('oauth2-client-password', { session: false }), oauth2_server_js_1.server.token(), oauth2_server_js_1.server.errorHandler());
|
|
49
49
|
exports.oauth2Router.post('/refresh-token', async (context, next) => {
|
|
50
|
-
|
|
51
|
-
const refreshToken = (_b = (_a = context.request) === null || _a === void 0 ? void 0 : _a.body) === null || _b === void 0 ? void 0 : _b.refreshToken;
|
|
50
|
+
const refreshToken = context.request?.body?.refreshToken;
|
|
52
51
|
if (!refreshToken)
|
|
53
52
|
throw new Error('Missing refresh token');
|
|
54
53
|
const appUser = await (0, shell_1.getRepository)(user_js_1.User).findOneBy({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,yDAAsE;AACtE,6EAAsE;AACtE,wDAA6D;AAC7D,+EAAyE;AACzE,6DAAkD;AAClD,yDAAgE;AAChE,6FAAyF;AAU5E,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,6CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,4BAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,oCAAyB,EACzB,IAAA,qBAAO,EACL,yBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,yBAAiB,CAAC,KAAK,EAAE,EACzB,yBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE
|
|
1
|
+
{"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;AAAA,wEAA8B;AAC9B,sEAAiC;AACjC,wEAAmC;AACnC,oEAA+B;AAE/B,iDAA6D;AAE7D,yDAAsE;AACtE,6EAAsE;AACtE,wDAA6D;AAC7D,+EAAyE;AACzE,6DAAkD;AAClD,yDAAgE;AAChE,6FAAyF;AAU5E,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,6CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,IAAA,qBAAa,EAAC,4BAAW,CAAC;SACvB,SAAS,CAAC;QACT,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,oCAAyB,EACzB,IAAA,qBAAO,EACL,yBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,yBAAiB,CAAC,KAAK,EAAE,EACzB,yBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC1D,MAAM,YAAY,GAAuB,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,SAAS,CAAC;QACpE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI,CAAC;QACH,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,sBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,4BAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,4BAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,6CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;IAC1B,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,oCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE,CAAC;QAC1B,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;IACjE,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,oCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI,CAAC;QACH,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QAE5B,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YAClD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;QACrC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,oBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtC,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;IACrB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,CAAA;IACT,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import jwt from 'jsonwebtoken'\nimport compose from 'koa-compose'\nimport passport from 'koa-passport'\nimport Router from 'koa-router'\n\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { jwtAuthenticateMiddleware } from '../../middlewares/index.js'\nimport { Application } from '../../service/application/application.js'\nimport { User, UserStatus } from '../../service/user/user.js'\nimport { setAccessTokenCookie } from '../../utils/access-token-cookie.js'\nimport { SECRET } from '../../utils/get-secret.js'\nimport { server as oauth2orizeServer } from './oauth2-server.js'\nimport { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password.js'\n\ndeclare global {\n namespace NodeJS {\n interface Process {\n oauthDisconnect: (user: User) => Promise<void>\n }\n }\n}\n\nexport const oauth2Router = new Router()\n\npassport.use(\n 'oauth2-client-password',\n new ClientPasswordStrategy({}, (clientId, clientSecret, done) => {\n getRepository(Application)\n .findOneBy({\n appKey: clientId\n })\n .then(client => {\n if (!client || client.appSecret != clientSecret) {\n done(null, false)\n return\n }\n\n done(null, client)\n })\n .catch(err => done(err))\n })\n)\n\n// user decision endpoint\n//\n// `decision` middleware processes a user's decision to allow or deny access\n// requested by a client application. Based on the grant type requested by the\n// client, the above grant middleware configured above will be invoked to send\n// a response.\n\noauth2Router.post(\n '/decision',\n jwtAuthenticateMiddleware,\n compose(\n oauth2orizeServer.decision(async function (context) {\n const { request } = context\n\n return request.body\n })\n )\n)\n\n// token endpoint\n//\n// `token` middleware handles client requests to exchange authorization grants\n// for access tokens. Based on the grant type being exchanged, the above\n// exchange middleware will be invoked to handle the request. Clients must\n// authenticate when making requests to this endpoint.\n\noauth2Router.post(\n '/access-token',\n passport.authenticate('oauth2-client-password', { session: false }),\n oauth2orizeServer.token(),\n oauth2orizeServer.errorHandler()\n)\n\noauth2Router.post('/refresh-token', async (context, next) => {\n const refreshToken: string | undefined = context.request?.body?.refreshToken\n if (!refreshToken) throw new Error('Missing refresh token')\n\n const appUser: User | undefined = await getRepository(User).findOneBy({\n password: refreshToken\n })\n\n if (!appUser) throw new Error('App user is not found')\n\n try {\n jwt.verify(refreshToken, SECRET)\n const decoded = jwt.decode(refreshToken) as any\n const subdomain: string = decoded.domain.subdomain\n const domain: Domain | undefined = await getRepository(Domain).findOne({\n where: { subdomain }\n })\n if (!domain) throw new Error('Domain is not found')\n const appKey: string = decoded.application.appKey\n const scopes: any[] = decoded.scope\n\n const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)\n const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)\n\n appUser.password = newRefreshToken\n await getRepository(User).save(appUser)\n\n setAccessTokenCookie(context, newAccessToken)\n\n context.body = {\n accessToken: newAccessToken,\n refreshToken: newRefreshToken\n }\n } catch (e) {\n context.status = 401\n context.body = e.message\n }\n})\n\noauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const { name, description, email, userType: type, locale } = user\n const { name: domainName, subdomain, brandName, brandImage, contentImage, timezone } = domain || {}\n\n var application = {}\n if (type == 'application') {\n /* user entity에 reference 필드가 추가되기 전까지, appKey취득 방법임. */\n application['appKey'] = email.substr(0, email.lastIndexOf('@'))\n }\n\n context.body = {\n profile: {\n name,\n description,\n email,\n type /* (admin|user|application|appliance) */,\n domain: {\n name: domainName,\n subdomain,\n brandName,\n brandImage,\n contentImage,\n timezone\n },\n application\n }\n }\n})\n\noauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next) => {\n try {\n let { user } = context.state\n\n if (typeof process.oauthDisconnect === 'function') {\n await process.oauthDisconnect(user)\n } else {\n user.domains = []\n user.roles = []\n user.status = UserStatus.DELETED\n await getRepository(User).save(user)\n }\n context.status = 200\n context.body = 'ok'\n } catch (e) {\n throw e\n }\n})\n"]}
|
|
@@ -99,7 +99,18 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.code(async (client, c
|
|
|
99
99
|
},
|
|
100
100
|
relations: ['domains', 'creator', 'updater']
|
|
101
101
|
});
|
|
102
|
-
appuser = await (0, shell_1.getRepository)(user_js_1.User).save(
|
|
102
|
+
appuser = await (0, shell_1.getRepository)(user_js_1.User).save({
|
|
103
|
+
...(appuser || {}),
|
|
104
|
+
email: appuserEmail,
|
|
105
|
+
name: application.name,
|
|
106
|
+
userType: 'application',
|
|
107
|
+
reference: application.id,
|
|
108
|
+
domains: [domain],
|
|
109
|
+
roles: scopes,
|
|
110
|
+
status: user_js_1.UserStatus.ACTIVATED,
|
|
111
|
+
updater: creator,
|
|
112
|
+
creator
|
|
113
|
+
});
|
|
103
114
|
// appuser = await getRepository(User).findOne({
|
|
104
115
|
// where: { email: ILike(appuserEmail) },
|
|
105
116
|
// relations: ['domains']
|
|
@@ -110,7 +121,10 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.code(async (client, c
|
|
|
110
121
|
// Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.
|
|
111
122
|
var accessToken = application_js_1.Application.generateAccessToken(domain, appuser, appKey, scopes);
|
|
112
123
|
var refreshToken = application_js_1.Application.generateRefreshToken(domain, appuser, appKey, scopes);
|
|
113
|
-
await (0, shell_1.getRepository)(user_js_1.User).save(
|
|
124
|
+
await (0, shell_1.getRepository)(user_js_1.User).save({
|
|
125
|
+
...appuser,
|
|
126
|
+
password: refreshToken
|
|
127
|
+
});
|
|
114
128
|
return [
|
|
115
129
|
accessToken,
|
|
116
130
|
refreshToken,
|
|
@@ -179,7 +193,11 @@ exports.server.exchange(oauth2orize_koa_1.default.exchange.refreshToken(async (c
|
|
|
179
193
|
});
|
|
180
194
|
var accessToken = application_js_1.Application.generateAccessToken(domain, appuser, appKey, scope);
|
|
181
195
|
var refreshToken = application_js_1.Application.generateRefreshToken(domain, appuser, appKey, scope);
|
|
182
|
-
await (0, shell_1.getRepository)(user_js_1.User).save(
|
|
196
|
+
await (0, shell_1.getRepository)(user_js_1.User).save({
|
|
197
|
+
...appuser,
|
|
198
|
+
roles,
|
|
199
|
+
password: refreshToken
|
|
200
|
+
});
|
|
183
201
|
return [
|
|
184
202
|
accessToken,
|
|
185
203
|
refreshToken,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-server.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-server.ts"],"names":[],"mappings":";;;;AAAA,8EAAyC;AACzC,qCAAmC;AAEnC,6CAA4C;AAC5C,iDAA6D;AAE7D,6EAAsE;AACtE,wDAAiD;AACjD,wDAA6D;AAE7D,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEnB,QAAA,QAAQ,GAAG,UAAU,CAAA;AACrB,QAAA,SAAS,GAAG;IACvB,EAAE,EAAE,gBAAQ;CACb,CAAA;AAED,0BAA0B;AACb,QAAA,MAAM,GAAG,yBAAW,CAAC,YAAY,EAAE,CAAA;AAEhD,2DAA2D;AAC3D,EAAE;AACF,oEAAoE;AACpE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,sCAAsC;AAEtC,cAAM,CAAC,eAAe,CAAC,KAAK,WAAW,MAAM;IAC3C,OAAO,MAAM,CAAC,EAAE,CAAA;AAClB,CAAC,CAAC,CAAA;AAEF,cAAM,CAAC,iBAAiB,CAAC,KAAK,WAAW,EAAE;IACzC,IAAI,EAAE,IAAI,gBAAQ,EAAE,CAAC;QACnB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IACtE,OAAO,WAAW,CAAA;AACpB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,iCAAiC;AAEjC,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,6EAA6E;AAC7E,2EAA2E;AAC3E,qDAAqD;AAErD,cAAM,CAAC,KAAK,CACV,yBAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;IAExD,OAAO,4BAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;AAC9E,CAAC,CAAC,CACH,CAAA;AAED,4EAA4E;AAC5E,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,QAAQ;AAER,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE;IAC5D,IAAI,CAAC;QACH,wBAAwB;QACxB,IAAI,OAAO,GAAQ,4BAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAElD,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,sCAAsC;IACtC,sGAAsG;IACtG,kBAAkB;IAClB,wFAAwF;IACxF,mBAAmB;IACnB,8BAA8B;IAC9B,MAAM;IACN,oBAAoB;IACpB,yBAAyB;IACzB,uIAAuI;IACvI,MAAM;IACN,IAAI;IAEJ,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAElF,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,IAAI,SAAS,EAAE,CAAA;IAE1D,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QAED,SAAS,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,GAAG,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,iCACnC,CAAC,OAAO,IAAI,EAAE,CAAC,KAClB,KAAK,EAAE,YAAY,EACnB,IAAI,EAAE,WAAW,CAAC,IAAI,EACtB,QAAQ,EAAE,aAAa,EACvB,SAAS,EAAE,WAAW,CAAC,EAAE,EACzB,OAAO,EAAE,CAAC,MAAM,CAAC,EACjB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,oBAAU,CAAC,SAAS,EAC5B,OAAO,EAAE,OAAO,EAChB,OAAO,IACP,CAAA;IAEF,gDAAgD;IAChD,2CAA2C;IAC3C,2BAA2B;IAC3B,KAAK;IAEL,8CAA8C;IAC9C,0CAA0C;IAC1C,yEAAyE;IACzE,qEAAqE;IAErE,IAAI,WAAW,GAAG,4BAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAClF,IAAI,YAAY,GAAG,4BAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAEpF,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;SACpB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA;AAED,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE;IACtE,IAAI,CAAC;QACH,mBAAmB;QACnB,IAAI,OAAO,GAAQ,4BAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;IAC7D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,OAAO,KAAK,CAAA;IACd,CAAC;IACD,MAAM,EACJ,EAAE,EACF,QAAQ,EACR,KAAK,EACL,WAAW,EAAE,EAAE,MAAM,EAAE,EACvB,MAAM,EAAE,EAAE,SAAS,EAAE,EACrB,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,UAAU,EAChB,GAAG,OAAO,CAAA;IAEX,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,EAAE,CAAC;QACnC,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,SAAS,CAAC;QACxD,EAAE;QACF,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAE7C,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QACD,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;KAC5C,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;OAEG;IAEH,KAAK,GAAG,KAAK,IAAI,aAAa,CAAA;IAE9B,MAAM,MAAM,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,cAAc,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,eAAe,EAAE,CAAC;QACpB,YAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,YAAY,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,MAAM,CAAC;QAC7C,IAAI,EAAE,IAAA,YAAE,EAAC,MAAM,CAAC;QAChB,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;KAC1B,CAAC,CAAA;IAEF,IAAI,WAAW,GAAG,4BAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IACjF,IAAI,YAAY,GAAQ,4BAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IAExF,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,iCACxB,OAAe,KACnB,KAAK,EACL,QAAQ,EAAE,YAAY,IACtB,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;SACrB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA","sourcesContent":["import oauth2orize from 'oauth2orize-koa'\nimport { ILike, In } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { Application } from '../../service/application/application.js'\nimport { Role } from '../../service/role/role.js'\nimport { User, UserStatus } from '../../service/user/user.js'\n\nconst crypto = require('crypto')\n\nexport const NOTFOUND = 'NOTFOUND'\nexport const NonClient = {\n id: NOTFOUND\n}\n\n// create OAuth 2.0 server\nexport const server = oauth2orize.createServer()\n\n// Register serialialization and deserialization functions.\n//\n// When a client redirects a user to user authorization endpoint, an\n// authorization transaction is initiated. To complete the transaction, the\n// user must authenticate and approve the authorization request. Because this\n// may involve multiple HTTP request/response exchanges, the transaction is\n// stored in the session.\n//\n// An application must supply serialization functions, which determine how the\n// client object is serialized into the session. Typically this will be a\n// simple matter of serializing the client's ID, and deserializing by finding\n// the client by ID from the database.\n\nserver.serializeClient(async function (client) {\n return client.id\n})\n\nserver.deserializeClient(async function (id) {\n if (id == NOTFOUND) {\n return {}\n }\n\n const application = await getRepository(Application).findOneBy({ id })\n return application\n})\n\n// Register supported grant types.\n//\n// OAuth 2.0 specifies a framework that allows users to grant client\n// applications limited access to their protected resources. It does this\n// through a process of the user granting access, and the client exchanging\n// the grant for an access token.\n\n// Grant authorization codes. The callback takes the `client` requesting\n// authorization, the `redirectURI` (which is used as a verifier in the\n// subsequent exchange), the authenticated `user` granting access, and\n// their response, which contains approved scope, duration, etc. as parsed by\n// the application. The application issues a code, which is bound to these\n// values, and will be exchanged for an access token.\n\nserver.grant(\n oauth2orize.grant.code(async (client, redirectUrl, user, ares, areq) => {\n const { email, appKey, subdomain, scopes, state } = ares\n\n return Application.generateAuthCode(email, appKey, subdomain, scopes, state)\n })\n)\n\n// Exchange authorization codes for access tokens. The callback accepts the\n// `client`, which is exchanging `code` and any `redirectURI` from the\n// authorization request for verification. If these values are validated, the\n// application issues an access token on behalf of the user who authorized the\n// code.\n\nserver.exchange(\n oauth2orize.exchange.code(async (client, code, redirectUrl) => {\n try {\n /* authorization code */\n var decoded: any = Application.verifyAuthCode(code)\n } catch (e) {\n return false\n }\n let { email, appKey, subdomain, scopes } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n return false\n }\n\n /* DONT-FORGET uncomment after test */\n // if (redirectUrl !== application.redirectUrl && redirectUrl.indexOf(application.redirectUrl) != 0) {\n // logger.error(\n // 'oauth2 exchange error - redirectUrl should begins with the application setting',\n // redirectUrl,\n // application.redirectUrl\n // )\n // // return false\n // throw new TypeError(\n // `oauth2 exchange error - redirectUrl should begins with the application setting : '${redirectUrl}':'${application.redirectUrl}'`\n // )\n // }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({ email: ILike(email) })\n\n const appuserEmail = `${crypto.randomUUID()}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n\n relations: ['domains', 'creator', 'updater']\n })\n\n appuser = await getRepository(User).save({\n ...(appuser || {}),\n email: appuserEmail,\n name: application.name,\n userType: 'application',\n reference: application.id,\n domains: [domain],\n roles: scopes,\n status: UserStatus.ACTIVATED,\n updater: creator,\n creator\n })\n\n // appuser = await getRepository(User).findOne({\n // where: { email: ILike(appuserEmail) },\n // relations: ['domains']\n // })\n\n // appuser.domains = Promise.resolve([domain])\n // await getRepository(User).save(appuser)\n // Lazy relation 필드들(domain, domains)들에 대한 업데이트. 이상의 방법으로 업데이트 해야하는 것 같다.\n // Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scopes)\n var refreshToken = Application.generateRefreshToken(domain, appuser, appKey, scopes)\n\n await getRepository(User).save({\n ...(appuser as any),\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer',\n centerId: subdomain\n }\n ]\n })\n)\n\nserver.exchange(\n oauth2orize.exchange.refreshToken(async (client, refreshToken, scope) => {\n try {\n /* refresh token */\n var decoded: any = Application.verifyAuthCode(refreshToken)\n } catch (e) {\n logger.error(e)\n return false\n }\n const {\n id,\n userType,\n email,\n application: { appKey },\n domain: { subdomain },\n scope: originalScope,\n exp: expires_in\n } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n logger.error('application is not exist')\n return false\n }\n\n if (Date.now() > expires_in * 1000) {\n logger.error('refresh token is expired')\n return false\n }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({\n id,\n userType\n })\n\n const appuserEmail = `${appKey}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n relations: ['domain', 'creator', 'updater']\n })\n\n if (!appuser) {\n logger.error('application is not bound')\n return false\n }\n\n /*\n * `scope` is the scope of access requested by the client, which must not include any scope not originally granted.\n */\n\n scope = scope || originalScope\n\n const scopes: string[] = scope.split(',')\n const originalScopes = (originalScope || '').split(',')\n const additionalScope = scopes.find(scope => originalScopes.indexOf(scope) === -1)\n if (additionalScope) {\n logger.error(`additional scope(${additionalScope}) required`)\n return false\n }\n\n const roles = await getRepository(Role).findBy({\n name: In(scopes),\n domain: { id: domain.id }\n })\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scope)\n var refreshToken: any = Application.generateRefreshToken(domain, appuser, appKey, scope)\n\n await getRepository(User).save({\n ...(appuser as any),\n roles,\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer'\n }\n ]\n })\n)\n"]}
|
|
1
|
+
{"version":3,"file":"oauth2-server.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-server.ts"],"names":[],"mappings":";;;;AAAA,8EAAyC;AACzC,qCAAmC;AAEnC,6CAA4C;AAC5C,iDAA6D;AAE7D,6EAAsE;AACtE,wDAAiD;AACjD,wDAA6D;AAE7D,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEnB,QAAA,QAAQ,GAAG,UAAU,CAAA;AACrB,QAAA,SAAS,GAAG;IACvB,EAAE,EAAE,gBAAQ;CACb,CAAA;AAED,0BAA0B;AACb,QAAA,MAAM,GAAG,yBAAW,CAAC,YAAY,EAAE,CAAA;AAEhD,2DAA2D;AAC3D,EAAE;AACF,oEAAoE;AACpE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,sCAAsC;AAEtC,cAAM,CAAC,eAAe,CAAC,KAAK,WAAW,MAAM;IAC3C,OAAO,MAAM,CAAC,EAAE,CAAA;AAClB,CAAC,CAAC,CAAA;AAEF,cAAM,CAAC,iBAAiB,CAAC,KAAK,WAAW,EAAE;IACzC,IAAI,EAAE,IAAI,gBAAQ,EAAE,CAAC;QACnB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IACtE,OAAO,WAAW,CAAA;AACpB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,iCAAiC;AAEjC,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,6EAA6E;AAC7E,2EAA2E;AAC3E,qDAAqD;AAErD,cAAM,CAAC,KAAK,CACV,yBAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IACrE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;IAExD,OAAO,4BAAW,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;AAC9E,CAAC,CAAC,CACH,CAAA;AAED,4EAA4E;AAC5E,sEAAsE;AACtE,8EAA8E;AAC9E,8EAA8E;AAC9E,QAAQ;AAER,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE;IAC5D,IAAI,CAAC;QACH,wBAAwB;QACxB,IAAI,OAAO,GAAQ,4BAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAElD,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,KAAK,CAAA;IACd,CAAC;IAED,sCAAsC;IACtC,sGAAsG;IACtG,kBAAkB;IAClB,wFAAwF;IACxF,mBAAmB;IACnB,8BAA8B;IAC9B,MAAM;IACN,oBAAoB;IACpB,yBAAyB;IACzB,uIAAuI;IACvI,MAAM;IACN,IAAI;IAEJ,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAA,eAAK,EAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAElF,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,IAAI,SAAS,EAAE,CAAA;IAE1D,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QAED,SAAS,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAA;IAEF,OAAO,GAAG,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,CAAC;QACvC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;QAClB,KAAK,EAAE,YAAY;QACnB,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,WAAW,CAAC,EAAE;QACzB,OAAO,EAAE,CAAC,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM;QACb,MAAM,EAAE,oBAAU,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO;QAChB,OAAO;KACR,CAAC,CAAA;IAEF,gDAAgD;IAChD,2CAA2C;IAC3C,2BAA2B;IAC3B,KAAK;IAEL,8CAA8C;IAC9C,0CAA0C;IAC1C,yEAAyE;IACzE,qEAAqE;IAErE,IAAI,WAAW,GAAG,4BAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAClF,IAAI,YAAY,GAAG,4BAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAEpF,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,CAAC;QAC7B,GAAI,OAAe;QACnB,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;SACpB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA;AAED,cAAM,CAAC,QAAQ,CACb,yBAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE;IACtE,IAAI,CAAC;QACH,mBAAmB;QACnB,IAAI,OAAO,GAAQ,4BAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;IAC7D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,YAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,OAAO,KAAK,CAAA;IACd,CAAC;IACD,MAAM,EACJ,EAAE,EACF,QAAQ,EACR,KAAK,EACL,WAAW,EAAE,EAAE,MAAM,EAAE,EACvB,MAAM,EAAE,EAAE,SAAS,EAAE,EACrB,KAAK,EAAE,aAAa,EACpB,GAAG,EAAE,UAAU,EAChB,GAAG,OAAO,CAAA;IAEX,MAAM,WAAW,GAAgB,MAAM,IAAA,qBAAa,EAAC,4BAAW,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,EAAE,CAAC;QACnC,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAW,MAAM,IAAA,qBAAa,EAAC,cAAM,CAAC,CAAC,SAAS,CAAC;QAC3D,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,SAAS,CAAC;QACxD,EAAE;QACF,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAE7C,IAAI,OAAO,GAAS,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,OAAO,CAAC;QACpD,KAAK,EAAE;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,WAAW,CAAC,EAAE;YACzB,QAAQ,EAAE,aAAa;SACxB;QACD,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;KAC5C,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,YAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;OAEG;IAEH,KAAK,GAAG,KAAK,IAAI,aAAa,CAAA;IAE9B,MAAM,MAAM,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,MAAM,cAAc,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,eAAe,EAAE,CAAC;QACpB,YAAM,CAAC,KAAK,CAAC,oBAAoB,eAAe,YAAY,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,MAAM,CAAC;QAC7C,IAAI,EAAE,IAAA,YAAE,EAAC,MAAM,CAAC;QAChB,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;KAC1B,CAAC,CAAA;IAEF,IAAI,WAAW,GAAG,4BAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IACjF,IAAI,YAAY,GAAQ,4BAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;IAExF,MAAM,IAAA,qBAAa,EAAC,cAAI,CAAC,CAAC,IAAI,CAAC;QAC7B,GAAI,OAAe;QACnB,KAAK;QACL,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,OAAO;QACL,WAAW;QACX,YAAY;QACZ;YACE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS;YACvC,UAAU,EAAE,QAAQ;SACrB;KACF,CAAA;AACH,CAAC,CAAC,CACH,CAAA","sourcesContent":["import oauth2orize from 'oauth2orize-koa'\nimport { ILike, In } from 'typeorm'\n\nimport { logger } from '@things-factory/env'\nimport { Domain, getRepository } from '@things-factory/shell'\n\nimport { Application } from '../../service/application/application.js'\nimport { Role } from '../../service/role/role.js'\nimport { User, UserStatus } from '../../service/user/user.js'\n\nconst crypto = require('crypto')\n\nexport const NOTFOUND = 'NOTFOUND'\nexport const NonClient = {\n id: NOTFOUND\n}\n\n// create OAuth 2.0 server\nexport const server = oauth2orize.createServer()\n\n// Register serialialization and deserialization functions.\n//\n// When a client redirects a user to user authorization endpoint, an\n// authorization transaction is initiated. To complete the transaction, the\n// user must authenticate and approve the authorization request. Because this\n// may involve multiple HTTP request/response exchanges, the transaction is\n// stored in the session.\n//\n// An application must supply serialization functions, which determine how the\n// client object is serialized into the session. Typically this will be a\n// simple matter of serializing the client's ID, and deserializing by finding\n// the client by ID from the database.\n\nserver.serializeClient(async function (client) {\n return client.id\n})\n\nserver.deserializeClient(async function (id) {\n if (id == NOTFOUND) {\n return {}\n }\n\n const application = await getRepository(Application).findOneBy({ id })\n return application\n})\n\n// Register supported grant types.\n//\n// OAuth 2.0 specifies a framework that allows users to grant client\n// applications limited access to their protected resources. It does this\n// through a process of the user granting access, and the client exchanging\n// the grant for an access token.\n\n// Grant authorization codes. The callback takes the `client` requesting\n// authorization, the `redirectURI` (which is used as a verifier in the\n// subsequent exchange), the authenticated `user` granting access, and\n// their response, which contains approved scope, duration, etc. as parsed by\n// the application. The application issues a code, which is bound to these\n// values, and will be exchanged for an access token.\n\nserver.grant(\n oauth2orize.grant.code(async (client, redirectUrl, user, ares, areq) => {\n const { email, appKey, subdomain, scopes, state } = ares\n\n return Application.generateAuthCode(email, appKey, subdomain, scopes, state)\n })\n)\n\n// Exchange authorization codes for access tokens. The callback accepts the\n// `client`, which is exchanging `code` and any `redirectURI` from the\n// authorization request for verification. If these values are validated, the\n// application issues an access token on behalf of the user who authorized the\n// code.\n\nserver.exchange(\n oauth2orize.exchange.code(async (client, code, redirectUrl) => {\n try {\n /* authorization code */\n var decoded: any = Application.verifyAuthCode(code)\n } catch (e) {\n return false\n }\n let { email, appKey, subdomain, scopes } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n return false\n }\n\n /* DONT-FORGET uncomment after test */\n // if (redirectUrl !== application.redirectUrl && redirectUrl.indexOf(application.redirectUrl) != 0) {\n // logger.error(\n // 'oauth2 exchange error - redirectUrl should begins with the application setting',\n // redirectUrl,\n // application.redirectUrl\n // )\n // // return false\n // throw new TypeError(\n // `oauth2 exchange error - redirectUrl should begins with the application setting : '${redirectUrl}':'${application.redirectUrl}'`\n // )\n // }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({ email: ILike(email) })\n\n const appuserEmail = `${crypto.randomUUID()}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n\n relations: ['domains', 'creator', 'updater']\n })\n\n appuser = await getRepository(User).save({\n ...(appuser || {}),\n email: appuserEmail,\n name: application.name,\n userType: 'application',\n reference: application.id,\n domains: [domain],\n roles: scopes,\n status: UserStatus.ACTIVATED,\n updater: creator,\n creator\n })\n\n // appuser = await getRepository(User).findOne({\n // where: { email: ILike(appuserEmail) },\n // relations: ['domains']\n // })\n\n // appuser.domains = Promise.resolve([domain])\n // await getRepository(User).save(appuser)\n // Lazy relation 필드들(domain, domains)들에 대한 업데이트. 이상의 방법으로 업데이트 해야하는 것 같다.\n // Lazy relation 업데이트 방법의 일관성이 부족하므로, Lazy relation 필드를 사용하지 않기를 권장함.\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scopes)\n var refreshToken = Application.generateRefreshToken(domain, appuser, appKey, scopes)\n\n await getRepository(User).save({\n ...(appuser as any),\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer',\n centerId: subdomain\n }\n ]\n })\n)\n\nserver.exchange(\n oauth2orize.exchange.refreshToken(async (client, refreshToken, scope) => {\n try {\n /* refresh token */\n var decoded: any = Application.verifyAuthCode(refreshToken)\n } catch (e) {\n logger.error(e)\n return false\n }\n const {\n id,\n userType,\n email,\n application: { appKey },\n domain: { subdomain },\n scope: originalScope,\n exp: expires_in\n } = decoded\n\n const application: Application = await getRepository(Application).findOneBy({\n appKey\n })\n\n if (!application) {\n logger.error('application is not exist')\n return false\n }\n\n if (Date.now() > expires_in * 1000) {\n logger.error('refresh token is expired')\n return false\n }\n\n const domain: Domain = await getRepository(Domain).findOneBy({\n subdomain\n })\n\n const creator: User = await getRepository(User).findOneBy({\n id,\n userType\n })\n\n const appuserEmail = `${appKey}@${subdomain}`\n\n var appuser: User = await getRepository(User).findOne({\n where: {\n email: appuserEmail,\n reference: application.id,\n userType: 'application'\n },\n relations: ['domain', 'creator', 'updater']\n })\n\n if (!appuser) {\n logger.error('application is not bound')\n return false\n }\n\n /*\n * `scope` is the scope of access requested by the client, which must not include any scope not originally granted.\n */\n\n scope = scope || originalScope\n\n const scopes: string[] = scope.split(',')\n const originalScopes = (originalScope || '').split(',')\n const additionalScope = scopes.find(scope => originalScopes.indexOf(scope) === -1)\n if (additionalScope) {\n logger.error(`additional scope(${additionalScope}) required`)\n return false\n }\n\n const roles = await getRepository(Role).findBy({\n name: In(scopes),\n domain: { id: domain.id }\n })\n\n var accessToken = Application.generateAccessToken(domain, appuser, appKey, scope)\n var refreshToken: any = Application.generateRefreshToken(domain, appuser, appKey, scope)\n\n await getRepository(User).save({\n ...(appuser as any),\n roles,\n password: refreshToken\n })\n\n return [\n accessToken,\n refreshToken,\n {\n expires_in: 30 * 24 * 60 * 60 /* 30d */,\n token_type: 'bearer'\n }\n ]\n })\n)\n"]}
|
|
@@ -24,7 +24,7 @@ async function findAuth(context, next) {
|
|
|
24
24
|
}
|
|
25
25
|
exports.siteRootRouter.get('/', findAuth, shell_1.domainMiddleware, async (context, next) => {
|
|
26
26
|
const { user, domain } = context.state;
|
|
27
|
-
const subdomain = domain
|
|
27
|
+
const subdomain = domain?.subdomain;
|
|
28
28
|
if (user && subdomain) {
|
|
29
29
|
const userDomains = await (0, get_user_domains_js_1.getUserDomains)(user);
|
|
30
30
|
if (userDomains.find(userDomain => userDomain.subdomain == subdomain)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"site-root-router.js","sourceRoot":"","sources":["../../server/router/site-root-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAC/B,wEAAmC;AAEnC,iDAAgE;AAChE,6CAA4C;AAE5C,qDAA8C;AAC9C,sEAA6D;AAE7D,MAAM,iBAAiB,GAAG,YAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;AAE1D,QAAA,cAAc,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE1C,KAAK,UAAU,QAAQ,CAAC,OAAO,EAAE,IAAI;IACnC,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,cAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;gBAC1C,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAC3B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAED,sBAAc,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,EAAE,wBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC1E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,SAAS,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"site-root-router.js","sourceRoot":"","sources":["../../server/router/site-root-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAC/B,wEAAmC;AAEnC,iDAAgE;AAChE,6CAA4C;AAE5C,qDAA8C;AAC9C,sEAA6D;AAE7D,MAAM,iBAAiB,GAAG,YAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;AAE1D,QAAA,cAAc,GAAG,IAAI,oBAAM,EAAE,CAAA;AAE1C,KAAK,UAAU,QAAQ,CAAC,OAAO,EAAE,IAAI;IACnC,OAAO,MAAM,sBAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACzF,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,cAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;gBAC1C,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;YAC3B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACnB,CAAC;AAED,sBAAc,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,EAAE,wBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC1E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,MAAM,SAAS,GAAG,MAAM,EAAE,SAAS,CAAA;IAEnC,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;QACtB,MAAM,WAAW,GAAsB,MAAM,IAAA,oCAAc,EAAC,IAAI,CAAC,CAAA;QACjE,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;YACtE,OAAO,MAAM,IAAI,EAAE,CAAA;QACrB,CAAC;QAED,OAAO,OAAO,CAAC,QAAQ,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAA;IACvD,CAAC;IAED,IAAI,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;QAEjC,OAAM;IACR,CAAC;IAED,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;AACrC,CAAC,CAAC,CAAA","sourcesContent":["import Router from 'koa-router'\nimport passport from 'koa-passport'\n\nimport { Domain, domainMiddleware } from '@things-factory/shell'\nimport { config } from '@things-factory/env'\n\nimport { User } from '../service/user/user.js'\nimport { getUserDomains } from '../utils/get-user-domains.js'\n\nconst PUBLIC_HOME_ROUTE = config.get('publicHomeRoute', '/public/home')\n\nexport const siteRootRouter = new Router()\n\nasync function findAuth(context, next) {\n return await passport.authenticate('jwt', { session: false }, async (err, decoded, info) => {\n if (decoded) {\n try {\n const user = await User.checkAuth(decoded)\n context.state.user = user\n } catch (e) {}\n }\n\n await next()\n })(context, next)\n}\n\nsiteRootRouter.get('/', findAuth, domainMiddleware, async (context, next) => {\n const { user, domain } = context.state\n\n const subdomain = domain?.subdomain\n\n if (user && subdomain) {\n const userDomains: Partial<Domain>[] = await getUserDomains(user)\n if (userDomains.find(userDomain => userDomain.subdomain == subdomain)) {\n return await next()\n }\n\n return context.redirect(`/auth/checkin/${subdomain}`)\n }\n\n if (user && !subdomain) {\n context.redirect('/auth/checkin')\n\n return\n }\n\n context.redirect(PUBLIC_HOME_ROUTE)\n})\n"]}
|
|
@@ -109,7 +109,7 @@ exports.webAuthnGlobalPublicRouter.post('/auth/signin-webauthn', (0, webauthn_mi
|
|
|
109
109
|
const { domain, user } = context.state;
|
|
110
110
|
const { request } = context;
|
|
111
111
|
const { body: reqBody } = request;
|
|
112
|
-
const token = await user.sign({ subdomain: domain
|
|
112
|
+
const token = await user.sign({ subdomain: domain?.subdomain });
|
|
113
113
|
(0, access_token_cookie_js_1.setAccessTokenCookie)(context, token);
|
|
114
114
|
var redirectURL = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(reqBody.redirectTo || '/')}`;
|
|
115
115
|
/* Due to the two-step interaction, it will be processed by fetch(...) in the browser, so it cannot be handled with a redirect(3xx) response. Therefore, respond with redirectURL as data. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webauthn-router.js","sourceRoot":"","sources":["../../server/router/webauthn-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAC/B,iDAAqD;AACrD,6CAAgD;AAEhD,mDAI+B;AAE/B,kGAAyF;AACzF,4EAAsE;AACtE,kFAAgF;AAEnE,QAAA,0BAA0B,GAAG,IAAI,oBAAM,EAAE,CAAA;AACzC,QAAA,2BAA2B,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEvD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,gBAAiB,CAAA;AAE1C,qEAAqE;AACrE,mCAA2B,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzF,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAA;IAE7B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAA;QAClD,OAAM;IACR,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAC,IAAI,CAAC;QACrE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACjC,CAAC,CAAA;IAEF,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAA;QAC7E,OAAM;IACR,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,sCAA6B,EAAC;QAClD,IAAI;QACJ,gBAAgB,EAAE,WAAW;QAC7B,gBAAgB,EAAE,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACtD,EAAE,EAAE,UAAU,CAAC,YAAY;YAC3B,IAAI,EAAE,YAAY;SACnB,CAAC,CAAC;KACJ,CAAC,CAAA;IAEF,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAC7C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,mCAA2B,CAAC,IAAI,CAC9B,uBAAuB;AACvB,sDAAsD;AACtD,IAAA,iDAAwB,EAAC,gBAAgB,CAAC,EAC1C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC3B,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAA;QACrE,OAAM;IACR,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,qCAAqC;KAC/C,CAAA;IAED,MAAM,IAAI,EAAE,CAAA;AACd,CAAC,CACF,CAAA;AAED,mEAAmE;AACnE,mCAA2B,CAAC,GAAG,CAAC,mCAAmC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC3F,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAA;IAE7B,MAAM,kBAAkB,GAAG,MAAM,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAC,IAAI,CAAC;QACrE,KAAK,EAAE;YACL,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;SACtB;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GAA2C,MAAM,IAAA,oCAA2B,EAAC;QACxF,MAAM;QACN,IAAI;QACJ,QAAQ,EAAE,IAAI,CAAC,KAAK;QACpB,eAAe,EAAE,IAAI,CAAC,IAAI;QAC1B,wEAAwE;QACxE,gCAAgC;QAChC,eAAe,EAAE,MAAM;QACvB,4DAA4D;QAC5D,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACxD,EAAE,EAAE,UAAU,CAAC,YAAY;YAC3B,WAAW;YACX,oCAAoC;SACrC,CAAC,CAAC;QACH,sBAAsB,EAAE;YACtB,WAAW;YACX,WAAW,EAAE,WAAW;YACxB,gBAAgB,EAAE,WAAW;YAC7B,WAAW;YACX,uBAAuB,EAAE,UAAU;SACpC;KACF,CAAC,CAAA;IAEF,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAC7C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,sBAAsB;AACtB,mCAA2B,CAAC,IAAI,CAAC,2BAA2B,EAAE,IAAA,iDAAwB,EAAC,mBAAmB,CAAC,CAAC,CAAA;AAE5G,6BAA6B;AAC7B,kCAA0B,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACxF,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAA;IAE7B,MAAM,OAAO,GAAG,MAAM,IAAA,sCAA6B,EAAC;QAClD,IAAI;QACJ,gBAAgB,EAAE,WAAW;KAC9B,CAAC,CAAA;IAEF,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAC7C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,wCAAwC;AACxC,kCAA0B,CAAC,IAAI,CAC7B,uBAAuB,EACvB,IAAA,iDAAwB,EAAC,gBAAgB,CAAC,EAC1C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IACtC,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC3B,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"webauthn-router.js","sourceRoot":"","sources":["../../server/router/webauthn-router.ts"],"names":[],"mappings":";;;;AAAA,oEAA+B;AAC/B,iDAAqD;AACrD,6CAAgD;AAEhD,mDAI+B;AAE/B,kGAAyF;AACzF,4EAAsE;AACtE,kFAAgF;AAEnE,QAAA,0BAA0B,GAAG,IAAI,oBAAM,EAAE,CAAA;AACzC,QAAA,2BAA2B,GAAG,IAAI,oBAAM,EAAE,CAAA;AAEvD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,gBAAiB,CAAA;AAE1C,qEAAqE;AACrE,mCAA2B,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACzF,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAA;IAE7B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAA;QAClD,OAAM;IACR,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAC,IAAI,CAAC;QACrE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;KACjC,CAAC,CAAA;IAEF,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAA;QAC7E,OAAM;IACR,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,sCAA6B,EAAC;QAClD,IAAI;QACJ,gBAAgB,EAAE,WAAW;QAC7B,gBAAgB,EAAE,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACtD,EAAE,EAAE,UAAU,CAAC,YAAY;YAC3B,IAAI,EAAE,YAAY;SACnB,CAAC,CAAC;KACJ,CAAC,CAAA;IAEF,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAC7C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,kCAAkC;AAClC,mCAA2B,CAAC,IAAI,CAC9B,uBAAuB;AACvB,sDAAsD;AACtD,IAAA,iDAAwB,EAAC,gBAAgB,CAAC,EAC1C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtB,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC3B,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAA;QACrE,OAAM;IACR,CAAC;IAED,OAAO,CAAC,IAAI,GAAG;QACb,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,qCAAqC;KAC/C,CAAA;IAED,MAAM,IAAI,EAAE,CAAA;AACd,CAAC,CACF,CAAA;AAED,mEAAmE;AACnE,mCAA2B,CAAC,GAAG,CAAC,mCAAmC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC3F,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAA;IAE7B,MAAM,kBAAkB,GAAG,MAAM,IAAA,qBAAa,EAAC,0CAAiB,CAAC,CAAC,IAAI,CAAC;QACrE,KAAK,EAAE;YACL,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;SACtB;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GAA2C,MAAM,IAAA,oCAA2B,EAAC;QACxF,MAAM;QACN,IAAI;QACJ,QAAQ,EAAE,IAAI,CAAC,KAAK;QACpB,eAAe,EAAE,IAAI,CAAC,IAAI;QAC1B,wEAAwE;QACxE,gCAAgC;QAChC,eAAe,EAAE,MAAM;QACvB,4DAA4D;QAC5D,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACxD,EAAE,EAAE,UAAU,CAAC,YAAY;YAC3B,WAAW;YACX,oCAAoC;SACrC,CAAC,CAAC;QACH,sBAAsB,EAAE;YACtB,WAAW;YACX,WAAW,EAAE,WAAW;YACxB,gBAAgB,EAAE,WAAW;YAC7B,WAAW;YACX,uBAAuB,EAAE,UAAU;SACpC;KACF,CAAC,CAAA;IAEF,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAC7C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,sBAAsB;AACtB,mCAA2B,CAAC,IAAI,CAAC,2BAA2B,EAAE,IAAA,iDAAwB,EAAC,mBAAmB,CAAC,CAAC,CAAA;AAE5G,6BAA6B;AAC7B,kCAA0B,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACxF,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAA;IAE7B,MAAM,OAAO,GAAG,MAAM,IAAA,sCAA6B,EAAC;QAClD,IAAI;QACJ,gBAAgB,EAAE,WAAW;KAC9B,CAAC,CAAA;IAEF,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAC7C,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;AACxB,CAAC,CAAC,CAAA;AAEF,wCAAwC;AACxC,kCAA0B,CAAC,IAAI,CAC7B,uBAAuB,EACvB,IAAA,iDAAwB,EAAC,gBAAgB,CAAC,EAC1C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACtB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IACtC,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAC3B,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;IAC/D,IAAA,6CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAEpC,IAAI,WAAW,GAAG,gBAAgB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,kBAAkB,CAAC,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC,EAAE,CAAA;IAErI,6LAA6L;IAC7L,OAAO,CAAC,IAAI,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;IAE9C,MAAM,IAAI,EAAE,CAAA;AACd,CAAC,CACF,CAAA","sourcesContent":["import Router from 'koa-router'\nimport { getRepository } from '@things-factory/shell'\nimport { appPackage } from '@things-factory/env'\n\nimport {\n PublicKeyCredentialCreationOptionsJSON,\n generateRegistrationOptions,\n generateAuthenticationOptions\n} from '@simplewebauthn/server'\n\nimport { WebAuthCredential } from '../service/web-auth-credential/web-auth-credential.js'\nimport { setAccessTokenCookie } from '../utils/access-token-cookie.js'\nimport { createWebAuthnMiddleware } from '../middlewares/webauthn-middleware.js'\n\nexport const webAuthnGlobalPublicRouter = new Router()\nexport const webAuthnGlobalPrivateRouter = new Router()\n\nconst { name: rpName } = appPackage as any\n\n// Generate authentication challenge for the currently logged-in user\nwebAuthnGlobalPrivateRouter.get('/auth/verify-webauthn/challenge', async (context, next) => {\n const { user } = context.state\n const rpID = context.hostname\n\n if (!user) {\n context.status = 401\n context.body = { error: 'User not authenticated' }\n return\n }\n\n const webAuthCredentials = await getRepository(WebAuthCredential).find({\n where: { user: { id: user.id } }\n })\n\n if (webAuthCredentials.length === 0) {\n context.status = 400\n context.body = { error: 'No biometric credentials registered for this user' }\n return\n }\n\n const options = await generateAuthenticationOptions({\n rpID,\n userVerification: 'preferred',\n allowCredentials: webAuthCredentials.map(credential => ({\n id: credential.credentialId,\n type: 'public-key'\n }))\n })\n\n context.session.challenge = options.challenge\n context.body = options\n})\n\n// Verify biometric authentication\nwebAuthnGlobalPrivateRouter.post(\n '/auth/verify-webauthn',\n /* reuse webauthn-login as webauthn-verify strategy */\n createWebAuthnMiddleware('webauthn-login'),\n async (context, next) => {\n const { user } = context.state\n const { request } = context\n const { body: reqBody } = request\n\n if (!user) {\n context.status = 401\n context.body = { verified: false, message: 'User not authenticated' }\n return\n }\n\n context.body = {\n verified: true,\n message: 'Biometric authentication successful'\n }\n\n await next()\n }\n)\n\n// Generate registration challenge for the currently logged-in user\nwebAuthnGlobalPrivateRouter.get('/auth/register-webauthn/challenge', async (context, next) => {\n const { user } = context.state\n const rpID = context.hostname\n\n const webAuthCredentials = await getRepository(WebAuthCredential).find({\n where: {\n user: { id: user.id }\n }\n })\n\n const options: PublicKeyCredentialCreationOptionsJSON = await generateRegistrationOptions({\n rpName,\n rpID,\n userName: user.email,\n userDisplayName: user.name,\n // Don't prompt users for additional information about the authenticator\n // (Recommended for smoother UX)\n attestationType: 'none',\n // Prevent users from re-registering existing authenticators\n excludeCredentials: webAuthCredentials.map(credential => ({\n id: credential.credentialId\n // Optional\n // transports: credential.transports\n })),\n authenticatorSelection: {\n // Defaults\n residentKey: 'preferred',\n userVerification: 'preferred',\n // Optional\n authenticatorAttachment: 'platform'\n }\n })\n\n context.session.challenge = options.challenge\n context.body = options\n})\n\n// Verify registration\nwebAuthnGlobalPrivateRouter.post('/auth/verify-registration', createWebAuthnMiddleware('webauthn-register'))\n\n// Generate sign-in challenge\nwebAuthnGlobalPublicRouter.get('/auth/signin-webauthn/challenge', async (context, next) => {\n const rpID = context.hostname\n\n const options = await generateAuthenticationOptions({\n rpID,\n userVerification: 'preferred'\n })\n\n context.session.challenge = options.challenge\n context.body = options\n})\n\n// Sign in with biometric authentication\nwebAuthnGlobalPublicRouter.post(\n '/auth/signin-webauthn',\n createWebAuthnMiddleware('webauthn-login'),\n async (context, next) => {\n const { domain, user } = context.state\n const { request } = context\n const { body: reqBody } = request\n\n const token = await user.sign({ subdomain: domain?.subdomain })\n setAccessTokenCookie(context, token)\n\n var redirectURL = `/auth/checkin${domain ? '/' + domain.subdomain : ''}?redirect_to=${encodeURIComponent(reqBody.redirectTo || '/')}`\n\n /* Due to the two-step interaction, it will be processed by fetch(...) in the browser, so it cannot be handled with a redirect(3xx) response. Therefore, respond with redirectURL as data. */\n context.body = { redirectURL, verified: true }\n\n await next()\n }\n)\n"]}
|
package/dist-server/routes.js
CHANGED
|
@@ -1,57 +1,83 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const env_1 = require("@things-factory/env");
|
|
4
|
+
const shell_1 = require("@things-factory/shell");
|
|
4
5
|
const index_js_1 = require("./middlewares/index.js");
|
|
5
6
|
const index_js_2 = require("./router/index.js");
|
|
6
7
|
const access_token_cookie_js_1 = require("./utils/access-token-cookie.js");
|
|
7
|
-
const isPathBaseDomain = !env_1.config.get('subdomain')
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
8
|
+
const isPathBaseDomain = !env_1.config.get('subdomain');
|
|
9
|
+
const bypassUserSigninProcess = env_1.config.get('bypassUserSigninProcess', false);
|
|
10
|
+
if (bypassUserSigninProcess) {
|
|
11
|
+
process.on('bootstrap-module-global-public-route', (app, globalPublicRouter) => {
|
|
12
|
+
globalPublicRouter.use(index_js_2.siteRootRouter.routes(), index_js_2.siteRootRouter.allowedMethods());
|
|
13
|
+
globalPublicRouter.use(index_js_2.authPublicProcessRouter.routes(), index_js_2.authPublicProcessRouter.allowedMethods());
|
|
14
|
+
});
|
|
15
|
+
process.on('bootstrap-module-global-private-route', (app, globalPrivateRouter) => {
|
|
16
|
+
/* globalPrivateRouter based nested-routers */
|
|
17
|
+
globalPrivateRouter.use(index_js_2.authCheckinRouter.routes(), index_js_2.authCheckinRouter.allowedMethods());
|
|
18
|
+
globalPrivateRouter.use(index_js_2.authPrivateProcessRouter.routes(), index_js_2.authPrivateProcessRouter.allowedMethods());
|
|
19
|
+
});
|
|
20
|
+
process.on('bootstrap-module-domain-private-route', (app, domainPrivateRouter) => {
|
|
21
|
+
// Client Routing : path 확장자가 없는 경우는 대부분 client 라우팅에 해당한다.
|
|
22
|
+
// 즉, browser-history-fallback 으로 index.html을 send 하는 경우에, 사용자 로그인이 필요한 경우에,
|
|
23
|
+
// 화면깜박임없이 signin page로 redirect 하고자하는 목적의 설정이다.
|
|
24
|
+
// domain-private 라우트를 통과하고 싶지 않다면, regexp를 조정한다.
|
|
25
|
+
// '(.[^.]+)' 은 '', '/'는 제외하고, '/xxx', '/yyy/zzz' 등 모두를 포함하지만, path에 '.'가 있는 경우는 제외한다.
|
|
26
|
+
// (테스트는 여기서 : http://forbeslindesay.github.io/express-route-tester/)
|
|
27
|
+
domainPrivateRouter.get('(.[^.]+)', async (context, next) => {
|
|
28
|
+
await next();
|
|
29
|
+
});
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
else {
|
|
33
|
+
process.on('bootstrap-module-global-public-route', (app, globalPublicRouter) => {
|
|
34
|
+
globalPublicRouter.use(index_js_2.siteRootRouter.routes(), index_js_2.siteRootRouter.allowedMethods());
|
|
35
|
+
globalPublicRouter.use(index_js_2.authPublicProcessRouter.routes(), index_js_2.authPublicProcessRouter.allowedMethods());
|
|
36
|
+
/* ssoMiddleware가 정의되어있다면, /auth/sso-signin 패스를 활성화한다. */
|
|
37
|
+
if (app.ssoMiddlewares.length > 0) {
|
|
38
|
+
index_js_2.authSigninRouter.get('/auth/sso-signin', app.ssoMiddlewares[0], async (context) => {
|
|
39
|
+
const { user } = context.state;
|
|
40
|
+
const token = await user.sign();
|
|
41
|
+
(0, access_token_cookie_js_1.setAccessTokenCookie)(context, token);
|
|
42
|
+
context.redirect('/auth/checkin');
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
});
|
|
46
|
+
process.on('bootstrap-module-global-private-route', (app, globalPrivateRouter) => {
|
|
47
|
+
globalPrivateRouter.use(index_js_1.jwtAuthenticateMiddleware);
|
|
48
|
+
globalPrivateRouter.use(index_js_2.authCheckinRouter.routes(), index_js_2.authCheckinRouter.allowedMethods());
|
|
49
|
+
/* globalPrivateRouter based nested-routers */
|
|
50
|
+
globalPrivateRouter.use(index_js_2.authPrivateProcessRouter.routes(), index_js_2.authPrivateProcessRouter.allowedMethods());
|
|
51
|
+
globalPrivateRouter.use(index_js_2.webAuthnGlobalPrivateRouter.routes(), index_js_2.webAuthnGlobalPrivateRouter.allowedMethods());
|
|
52
|
+
});
|
|
53
|
+
process.on('bootstrap-module-domain-public-route', (app, domainPublicRouter) => {
|
|
54
|
+
/* domainPublicRouter based nested-routers */
|
|
55
|
+
domainPublicRouter.use(index_js_2.authSigninRouter.routes(), index_js_2.authSigninRouter.allowedMethods());
|
|
56
|
+
domainPublicRouter.use(index_js_2.authSignupRouter.routes(), index_js_2.authSignupRouter.allowedMethods());
|
|
57
|
+
domainPublicRouter.use(index_js_2.webAuthnGlobalPublicRouter.routes(), index_js_2.webAuthnGlobalPublicRouter.allowedMethods());
|
|
58
|
+
/* path '/admin/oauth/...' is deprecated. should use path '/oauth/...' for oauth2 related routing */
|
|
59
|
+
domainPublicRouter.use('/oauth', index_js_2.oauth2Router.routes(), index_js_2.oauth2Router.allowedMethods()); // if i use context
|
|
60
|
+
});
|
|
61
|
+
process.on('bootstrap-module-domain-private-route', (app, domainPrivateRouter) => {
|
|
62
|
+
domainPrivateRouter.use(index_js_1.jwtAuthenticateMiddleware);
|
|
63
|
+
domainPrivateRouter.use(index_js_1.domainAuthenticateMiddleware);
|
|
64
|
+
/* domainPrivateRouter based nested-routers */
|
|
65
|
+
if (isPathBaseDomain) {
|
|
66
|
+
// pathBaseDomainRouter는 history-fallback의 경우에 인증 처리를 하기 위한 라우터이다.
|
|
67
|
+
// (보통, URL 링크등을 통해서 domain path URL로 바로 요청하는 경우에 해당한다.)
|
|
68
|
+
// pathBaseDomainRouter는 domain path를 domain-private-router를 사용하는 것을 전제로 한다.
|
|
69
|
+
domainPrivateRouter.use(`/${(0, shell_1.getRoutePrefixForDomainType)()}/:domain/oauth`, index_js_2.oauth2AuthorizeRouter.routes(), index_js_2.oauth2AuthorizeRouter.allowedMethods());
|
|
70
|
+
domainPrivateRouter.use(`/${(0, shell_1.getRoutePrefixForDomainType)()}`, index_js_2.pathBaseDomainRouter.routes(), index_js_2.pathBaseDomainRouter.allowedMethods());
|
|
71
|
+
}
|
|
72
|
+
// Client Routing : path 확장자가 없는 경우는 대부분 client 라우팅에 해당한다.
|
|
73
|
+
// 즉, browser-history-fallback 으로 index.html을 send 하는 경우에, 사용자 로그인이 필요한 경우에,
|
|
74
|
+
// 화면깜박임없이 signin page로 redirect 하고자하는 목적의 설정이다.
|
|
75
|
+
// domain-private 라우트를 통과하고 싶지 않다면, regexp를 조정한다.
|
|
76
|
+
// '(.[^.]+)' 은 '', '/'는 제외하고, '/xxx', '/yyy/zzz' 등 모두를 포함하지만, path에 '.'가 있는 경우는 제외한다.
|
|
77
|
+
// (테스트는 여기서 : http://forbeslindesay.github.io/express-route-tester/)
|
|
78
|
+
domainPrivateRouter.get('(.[^.]+)', async (context, next) => {
|
|
79
|
+
await next();
|
|
18
80
|
});
|
|
19
|
-
}
|
|
20
|
-
});
|
|
21
|
-
process.on('bootstrap-module-global-private-route', (app, globalPrivateRouter) => {
|
|
22
|
-
globalPrivateRouter.use(index_js_1.jwtAuthenticateMiddleware);
|
|
23
|
-
/* globalPrivateRouter based nested-routers */
|
|
24
|
-
globalPrivateRouter.use(index_js_2.authCheckinRouter.routes(), index_js_2.authCheckinRouter.allowedMethods());
|
|
25
|
-
globalPrivateRouter.use(index_js_2.authPrivateProcessRouter.routes(), index_js_2.authPrivateProcessRouter.allowedMethods());
|
|
26
|
-
globalPrivateRouter.use(index_js_2.webAuthnGlobalPrivateRouter.routes(), index_js_2.webAuthnGlobalPrivateRouter.allowedMethods());
|
|
27
|
-
});
|
|
28
|
-
process.on('bootstrap-module-domain-public-route', (app, domainPublicRouter) => {
|
|
29
|
-
/* domainPublicRouter based nested-routers */
|
|
30
|
-
domainPublicRouter.use(index_js_2.authSigninRouter.routes(), index_js_2.authSigninRouter.allowedMethods());
|
|
31
|
-
domainPublicRouter.use(index_js_2.authSignupRouter.routes(), index_js_2.authSignupRouter.allowedMethods());
|
|
32
|
-
domainPublicRouter.use(index_js_2.webAuthnGlobalPublicRouter.routes(), index_js_2.webAuthnGlobalPublicRouter.allowedMethods());
|
|
33
|
-
/* path '/admin/oauth/...' is deprecated. should use path '/oauth/...' for oauth2 related routing */
|
|
34
|
-
domainPublicRouter.use('/oauth', index_js_2.oauth2Router.routes(), index_js_2.oauth2Router.allowedMethods()); // if i use context
|
|
35
|
-
});
|
|
36
|
-
process.on('bootstrap-module-domain-private-route', (app, domainPrivateRouter) => {
|
|
37
|
-
domainPrivateRouter.use(index_js_1.jwtAuthenticateMiddleware);
|
|
38
|
-
domainPrivateRouter.use(index_js_1.domainAuthenticateMiddleware);
|
|
39
|
-
/* domainPrivateRouter based nested-routers */
|
|
40
|
-
if (isPathBaseDomain) {
|
|
41
|
-
// pathBaseDomainRouter는 history-fallback의 경우에 인증 처리를 하기 위한 라우터이다.
|
|
42
|
-
// (보통, URL 링크등을 통해서 domain path URL로 바로 요청하는 경우에 해당한다.)
|
|
43
|
-
// pathBaseDomainRouter는 domain path를 domain-private-router를 사용하는 것을 전제로 한다.
|
|
44
|
-
domainPrivateRouter.use('/domain/:domain/oauth', index_js_2.oauth2AuthorizeRouter.routes(), index_js_2.oauth2AuthorizeRouter.allowedMethods());
|
|
45
|
-
domainPrivateRouter.use('/domain', index_js_2.pathBaseDomainRouter.routes(), index_js_2.pathBaseDomainRouter.allowedMethods());
|
|
46
|
-
}
|
|
47
|
-
// Client Routing : path 확장자가 없는 경우는 대부분 client 라우팅에 해당한다.
|
|
48
|
-
// 즉, browser-history-fallback 으로 index.html을 send 하는 경우에, 사용자 로그인이 필요한 경우에,
|
|
49
|
-
// 화면깜박임없이 signin page로 redirect 하고자하는 목적의 설정이다.
|
|
50
|
-
// domain-private 라우트를 통과하고 싶지 않다면, regexp를 조정한다.
|
|
51
|
-
// '(.[^.]+)' 은 '', '/'는 제외하고, '/xxx', '/yyy/zzz' 등 모두를 포함하지만, path에 '.'가 있는 경우는 제외한다.
|
|
52
|
-
// (테스트는 여기서 : http://forbeslindesay.github.io/express-route-tester/)
|
|
53
|
-
domainPrivateRouter.get('(.[^.]+)', async (context, next) => {
|
|
54
|
-
await next();
|
|
55
81
|
});
|
|
56
|
-
}
|
|
82
|
+
}
|
|
57
83
|
//# sourceMappingURL=routes.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../server/routes.ts"],"names":[],"mappings":";;AAAA,6CAA4C;
|
|
1
|
+
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../server/routes.ts"],"names":[],"mappings":";;AAAA,6CAA4C;AAC5C,iDAAmE;AAEnE,qDAAgG;AAChG,gDAY0B;AAE1B,2EAAqE;AAErE,MAAM,gBAAgB,GAAG,CAAC,YAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;AACjD,MAAM,uBAAuB,GAAG,YAAM,CAAC,GAAG,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAA;AAE5E,IAAI,uBAAuB,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,CAAC,sCAA6C,EAAE,CAAC,GAAG,EAAE,kBAAkB,EAAE,EAAE;QACpF,kBAAkB,CAAC,GAAG,CAAC,yBAAc,CAAC,MAAM,EAAE,EAAE,yBAAc,CAAC,cAAc,EAAE,CAAC,CAAA;QAChF,kBAAkB,CAAC,GAAG,CAAC,kCAAuB,CAAC,MAAM,EAAE,EAAE,kCAAuB,CAAC,cAAc,EAAE,CAAC,CAAA;IACpG,CAAC,CAAC,CAAA;IAEF,OAAO,CAAC,EAAE,CAAC,uCAA8C,EAAE,CAAC,GAAG,EAAE,mBAAmB,EAAE,EAAE;QACtF,8CAA8C;QAC9C,mBAAmB,CAAC,GAAG,CAAC,4BAAiB,CAAC,MAAM,EAAE,EAAE,4BAAiB,CAAC,cAAc,EAAE,CAAC,CAAA;QACvF,mBAAmB,CAAC,GAAG,CAAC,mCAAwB,CAAC,MAAM,EAAE,EAAE,mCAAwB,CAAC,cAAc,EAAE,CAAC,CAAA;IACvG,CAAC,CAAC,CAAA;IAEF,OAAO,CAAC,EAAE,CAAC,uCAA8C,EAAE,CAAC,GAAG,EAAE,mBAAmB,EAAE,EAAE;QACtF,0DAA0D;QAC1D,4EAA4E;QAC5E,gDAAgD;QAChD,iDAAiD;QACjD,sFAAsF;QACtF,qEAAqE;QACrE,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YAC1D,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;KAAM,CAAC;IACN,OAAO,CAAC,EAAE,CAAC,sCAA6C,EAAE,CAAC,GAAG,EAAE,kBAAkB,EAAE,EAAE;QACpF,kBAAkB,CAAC,GAAG,CAAC,yBAAc,CAAC,MAAM,EAAE,EAAE,yBAAc,CAAC,cAAc,EAAE,CAAC,CAAA;QAChF,kBAAkB,CAAC,GAAG,CAAC,kCAAuB,CAAC,MAAM,EAAE,EAAE,kCAAuB,CAAC,cAAc,EAAE,CAAC,CAAA;QAElG,yDAAyD;QACzD,IAAI,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,2BAAgB,CAAC,GAAG,CAAC,kBAAkB,EAAE,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,KAAK,EAAC,OAAO,EAAC,EAAE;gBAC9E,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;gBAE9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;gBAC/B,IAAA,6CAAoB,EAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBAEpC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;YACnC,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,CAAC,EAAE,CAAC,uCAA8C,EAAE,CAAC,GAAG,EAAE,mBAAmB,EAAE,EAAE;QACtF,mBAAmB,CAAC,GAAG,CAAC,oCAAyB,CAAC,CAAA;QAElD,mBAAmB,CAAC,GAAG,CAAC,4BAAiB,CAAC,MAAM,EAAE,EAAE,4BAAiB,CAAC,cAAc,EAAE,CAAC,CAAA;QACvF,8CAA8C;QAC9C,mBAAmB,CAAC,GAAG,CAAC,mCAAwB,CAAC,MAAM,EAAE,EAAE,mCAAwB,CAAC,cAAc,EAAE,CAAC,CAAA;QACrG,mBAAmB,CAAC,GAAG,CAAC,sCAA2B,CAAC,MAAM,EAAE,EAAE,sCAA2B,CAAC,cAAc,EAAE,CAAC,CAAA;IAC7G,CAAC,CAAC,CAAA;IAEF,OAAO,CAAC,EAAE,CAAC,sCAA6C,EAAE,CAAC,GAAG,EAAE,kBAAkB,EAAE,EAAE;QACpF,6CAA6C;QAC7C,kBAAkB,CAAC,GAAG,CAAC,2BAAgB,CAAC,MAAM,EAAE,EAAE,2BAAgB,CAAC,cAAc,EAAE,CAAC,CAAA;QACpF,kBAAkB,CAAC,GAAG,CAAC,2BAAgB,CAAC,MAAM,EAAE,EAAE,2BAAgB,CAAC,cAAc,EAAE,CAAC,CAAA;QACpF,kBAAkB,CAAC,GAAG,CAAC,qCAA0B,CAAC,MAAM,EAAE,EAAE,qCAA0B,CAAC,cAAc,EAAE,CAAC,CAAA;QAExG,oGAAoG;QACpG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,EAAE,uBAAY,CAAC,MAAM,EAAE,EAAE,uBAAY,CAAC,cAAc,EAAE,CAAC,CAAA,CAAC,mBAAmB;IAC5G,CAAC,CAAC,CAAA;IAEF,OAAO,CAAC,EAAE,CAAC,uCAA8C,EAAE,CAAC,GAAG,EAAE,mBAAmB,EAAE,EAAE;QACtF,mBAAmB,CAAC,GAAG,CAAC,oCAAyB,CAAC,CAAA;QAClD,mBAAmB,CAAC,GAAG,CAAC,uCAA4B,CAAC,CAAA;QAErD,8CAA8C;QAC9C,IAAI,gBAAgB,EAAE,CAAC;YACrB,kEAAkE;YAClE,wDAAwD;YACxD,4EAA4E;YAC5E,mBAAmB,CAAC,GAAG,CACrB,IAAI,IAAA,mCAA2B,GAAE,gBAAgB,EACjD,gCAAqB,CAAC,MAAM,EAAE,EAC9B,gCAAqB,CAAC,cAAc,EAAE,CACvC,CAAA;YACD,mBAAmB,CAAC,GAAG,CACrB,IAAI,IAAA,mCAA2B,GAAE,EAAE,EACnC,+BAAoB,CAAC,MAAM,EAAE,EAC7B,+BAAoB,CAAC,cAAc,EAAE,CACtC,CAAA;QACH,CAAC;QAED,0DAA0D;QAC1D,4EAA4E;QAC5E,gDAAgD;QAChD,iDAAiD;QACjD,sFAAsF;QACtF,qEAAqE;QACrE,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YAC1D,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { config } from '@things-factory/env'\nimport { getRoutePrefixForDomainType } from '@things-factory/shell'\n\nimport { domainAuthenticateMiddleware, jwtAuthenticateMiddleware } from './middlewares/index.js'\nimport {\n authCheckinRouter,\n authPrivateProcessRouter,\n authPublicProcessRouter,\n authSigninRouter,\n authSignupRouter,\n oauth2AuthorizeRouter,\n oauth2Router,\n pathBaseDomainRouter,\n siteRootRouter,\n webAuthnGlobalPublicRouter,\n webAuthnGlobalPrivateRouter\n} from './router/index.js'\n\nimport { setAccessTokenCookie } from './utils/access-token-cookie.js'\n\nconst isPathBaseDomain = !config.get('subdomain')\nconst bypassUserSigninProcess = config.get('bypassUserSigninProcess', false)\n\nif (bypassUserSigninProcess) {\n process.on('bootstrap-module-global-public-route' as any, (app, globalPublicRouter) => {\n globalPublicRouter.use(siteRootRouter.routes(), siteRootRouter.allowedMethods())\n globalPublicRouter.use(authPublicProcessRouter.routes(), authPublicProcessRouter.allowedMethods())\n })\n\n process.on('bootstrap-module-global-private-route' as any, (app, globalPrivateRouter) => {\n /* globalPrivateRouter based nested-routers */\n globalPrivateRouter.use(authCheckinRouter.routes(), authCheckinRouter.allowedMethods())\n globalPrivateRouter.use(authPrivateProcessRouter.routes(), authPrivateProcessRouter.allowedMethods())\n })\n\n process.on('bootstrap-module-domain-private-route' as any, (app, domainPrivateRouter) => {\n // Client Routing : path 확장자가 없는 경우는 대부분 client 라우팅에 해당한다.\n // 즉, browser-history-fallback 으로 index.html을 send 하는 경우에, 사용자 로그인이 필요한 경우에,\n // 화면깜박임없이 signin page로 redirect 하고자하는 목적의 설정이다.\n // domain-private 라우트를 통과하고 싶지 않다면, regexp를 조정한다.\n // '(.[^.]+)' 은 '', '/'는 제외하고, '/xxx', '/yyy/zzz' 등 모두를 포함하지만, path에 '.'가 있는 경우는 제외한다.\n // (테스트는 여기서 : http://forbeslindesay.github.io/express-route-tester/)\n domainPrivateRouter.get('(.[^.]+)', async (context, next) => {\n await next()\n })\n })\n} else {\n process.on('bootstrap-module-global-public-route' as any, (app, globalPublicRouter) => {\n globalPublicRouter.use(siteRootRouter.routes(), siteRootRouter.allowedMethods())\n globalPublicRouter.use(authPublicProcessRouter.routes(), authPublicProcessRouter.allowedMethods())\n\n /* ssoMiddleware가 정의되어있다면, /auth/sso-signin 패스를 활성화한다. */\n if (app.ssoMiddlewares.length > 0) {\n authSigninRouter.get('/auth/sso-signin', app.ssoMiddlewares[0], async context => {\n const { user } = context.state\n\n const token = await user.sign()\n setAccessTokenCookie(context, token)\n\n context.redirect('/auth/checkin')\n })\n }\n })\n\n process.on('bootstrap-module-global-private-route' as any, (app, globalPrivateRouter) => {\n globalPrivateRouter.use(jwtAuthenticateMiddleware)\n\n globalPrivateRouter.use(authCheckinRouter.routes(), authCheckinRouter.allowedMethods())\n /* globalPrivateRouter based nested-routers */\n globalPrivateRouter.use(authPrivateProcessRouter.routes(), authPrivateProcessRouter.allowedMethods())\n globalPrivateRouter.use(webAuthnGlobalPrivateRouter.routes(), webAuthnGlobalPrivateRouter.allowedMethods())\n })\n\n process.on('bootstrap-module-domain-public-route' as any, (app, domainPublicRouter) => {\n /* domainPublicRouter based nested-routers */\n domainPublicRouter.use(authSigninRouter.routes(), authSigninRouter.allowedMethods())\n domainPublicRouter.use(authSignupRouter.routes(), authSignupRouter.allowedMethods())\n domainPublicRouter.use(webAuthnGlobalPublicRouter.routes(), webAuthnGlobalPublicRouter.allowedMethods())\n\n /* path '/admin/oauth/...' is deprecated. should use path '/oauth/...' for oauth2 related routing */\n domainPublicRouter.use('/oauth', oauth2Router.routes(), oauth2Router.allowedMethods()) // if i use context\n })\n\n process.on('bootstrap-module-domain-private-route' as any, (app, domainPrivateRouter) => {\n domainPrivateRouter.use(jwtAuthenticateMiddleware)\n domainPrivateRouter.use(domainAuthenticateMiddleware)\n\n /* domainPrivateRouter based nested-routers */\n if (isPathBaseDomain) {\n // pathBaseDomainRouter는 history-fallback의 경우에 인증 처리를 하기 위한 라우터이다.\n // (보통, URL 링크등을 통해서 domain path URL로 바로 요청하는 경우에 해당한다.)\n // pathBaseDomainRouter는 domain path를 domain-private-router를 사용하는 것을 전제로 한다.\n domainPrivateRouter.use(\n `/${getRoutePrefixForDomainType()}/:domain/oauth`,\n oauth2AuthorizeRouter.routes(),\n oauth2AuthorizeRouter.allowedMethods()\n )\n domainPrivateRouter.use(\n `/${getRoutePrefixForDomainType()}`,\n pathBaseDomainRouter.routes(),\n pathBaseDomainRouter.allowedMethods()\n )\n }\n\n // Client Routing : path 확장자가 없는 경우는 대부분 client 라우팅에 해당한다.\n // 즉, browser-history-fallback 으로 index.html을 send 하는 경우에, 사용자 로그인이 필요한 경우에,\n // 화면깜박임없이 signin page로 redirect 하고자하는 목적의 설정이다.\n // domain-private 라우트를 통과하고 싶지 않다면, regexp를 조정한다.\n // '(.[^.]+)' 은 '', '/'는 제외하고, '/xxx', '/yyy/zzz' 등 모두를 포함하지만, path에 '.'가 있는 경우는 제외한다.\n // (테스트는 여기서 : http://forbeslindesay.github.io/express-route-tester/)\n domainPrivateRouter.get('(.[^.]+)', async (context, next) => {\n await next()\n })\n })\n}\n"]}
|
|
@@ -8,14 +8,14 @@ let AppBindingList = class AppBindingList {
|
|
|
8
8
|
};
|
|
9
9
|
exports.AppBindingList = AppBindingList;
|
|
10
10
|
tslib_1.__decorate([
|
|
11
|
-
(0, type_graphql_1.Field)(type => [app_binding_js_1.AppBinding], { nullable: true }),
|
|
11
|
+
(0, type_graphql_1.Field)(type => [app_binding_js_1.AppBinding], { nullable: true, description: 'The list of application binding items.' }),
|
|
12
12
|
tslib_1.__metadata("design:type", Array)
|
|
13
13
|
], AppBindingList.prototype, "items", void 0);
|
|
14
14
|
tslib_1.__decorate([
|
|
15
|
-
(0, type_graphql_1.Field)(type => type_graphql_1.Int, { nullable: true }),
|
|
15
|
+
(0, type_graphql_1.Field)(type => type_graphql_1.Int, { nullable: true, description: 'The total number of application bindings.' }),
|
|
16
16
|
tslib_1.__metadata("design:type", Number)
|
|
17
17
|
], AppBindingList.prototype, "total", void 0);
|
|
18
18
|
exports.AppBindingList = AppBindingList = tslib_1.__decorate([
|
|
19
|
-
(0, type_graphql_1.ObjectType)()
|
|
19
|
+
(0, type_graphql_1.ObjectType)({ description: 'A paginated list of application bindings.' })
|
|
20
20
|
], AppBindingList);
|
|
21
21
|
//# sourceMappingURL=app-binding-types.js.map
|