@things-factory/integration-base 6.2.49 → 6.2.51

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/integration-base",
-  "version": "6.2.49",
+  "version": "6.2.51",
   "main": "dist-server/index.js",
   "browser": "client/index.js",
   "things-factory": true,
@@ -26,12 +26,12 @@
   },
   "dependencies": {
     "@apollo/client": "^3.6.9",
-    "@things-factory/api": "^6.2.49",
-    "@things-factory/auth-base": "^6.2.49",
+    "@things-factory/api": "^6.2.51",
+    "@things-factory/auth-base": "^6.2.51",
     "@things-factory/env": "^6.2.33",
-    "@things-factory/oauth2-client": "^6.2.49",
-    "@things-factory/scheduler-client": "^6.2.49",
-    "@things-factory/shell": "^6.2.48",
+    "@things-factory/oauth2-client": "^6.2.51",
+    "@things-factory/scheduler-client": "^6.2.51",
+    "@things-factory/shell": "^6.2.51",
     "async-mqtt": "^2.5.0",
     "chance": "^1.1.11",
     "cross-fetch": "^3.0.4",
@@ -46,5 +46,5 @@
   "devDependencies": {
     "@types/cron": "^2.0.1"
   },
-  "gitHead": "57266c96220301729f9c5cd633af1a4e2a651096"
+  "gitHead": "365e8ae6475eede1a4fd51460c24569d13de14b6"
 }

package/server/engine/connector/operato-connector.ts

@@ -15,7 +15,7 @@ import { Connector } from '../types'
 import { Scenario, ScenarioInstance } from '../../service'
 
 import { getRepository, GraphqlLocalClient, Domain } from '@things-factory/shell'
-import { PrivilegeObject, User } from '@things-factory/auth-base'
+import { PrivilegeObject, User, checkPermission } from '@things-factory/auth-base'
 
 const debug = require('debug')('things-factory:integration-base:operato-connector-subscription')
 
@@ -40,39 +40,6 @@ const cache = new InMemoryCache({
 export const GRAPHQL_URI = '/graphql'
 export const SUBSCRIPTION_URI = GRAPHQL_URI
 
-async function checkPermission(
-  privilegeObject: PrivilegeObject,
-  user: User,
-  domain: Domain,
-  protectedIP: boolean
-): Promise<boolean> {
-  if (!privilegeObject) {
-    return true
-  }
-
-  const {
-    owner: domainOwnerGranted,
-    super: superUserGranted,
-    category,
-    privilege,
-    protected: protectedIPOnly
-  } = privilegeObject
-
-  if (protectedIPOnly && !protectedIP) {
-    return false
-  }
-
-  if (!privilege || !category) {
-    return true
-  }
-
-  return (
-    (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
-    (superUserGranted && (await process.superUserGranted(domain, user))) ||
-    (category && privilege && (await User.hasPrivilege(privilege, category, domain, user)))
-  )
-}
-
 interface SubscriberData {
   tag: string
   scenario: any
@@ -230,7 +197,7 @@ export class OperatoConnector implements Connector {
   }
 
   async runScenario(subscriptions: SubscriberData[], variables: any): Promise<ScenarioInstance> {
-    const { domain, user } = this.context
+    const { domain, user, unsafeIP, prohibitedPrivileges } = this.context
     const { tag } = variables
 
     if (!tag) {
@@ -242,9 +209,13 @@ export class OperatoConnector implements Connector {
       throw new Error(`scenario is not found - ${tag}`)
     }
 
-    if (!(await checkPermission(scenario.privilege, user, domain, false))) {
+    if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
       const { category, privilege } = scenario.privilege || {}
-      throw new Error(`Unauthorized! ${category}-${privilege} privilege required`)
+      throw new Error(
+        `Unauthorized! ${
+          category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
+        } required`
+      )
     }
 
     /* create a scenario instance */

package/server/engine/types.ts

@@ -14,7 +14,8 @@ export type Context = {
   domain: Object
   user: Object
   lng: string
-  protected: boolean | undefined
+  unsafeIP: boolean | undefined
+  prohibitedPrivileges: { category: string; privilege: string }[] | undefined
   logger: any
   publish: Function
   load: Function

package/server/service/connection/connection-mutation.ts

@@ -96,7 +96,7 @@ export class ConnectionMutation {
   async deleteConnection(@Arg('name') name: string, @Ctx() context: ResolverContext): Promise<boolean> {
     const { domain, tx } = context.state
 
-    await tx.getRepository(Connection).delete({ domain, name })
+    await tx.getRepository(Connection).delete({ domain: { id: domain.id }, name })
     return true
   }
 

package/server/service/scenario/scenario-mutation.ts

@@ -118,7 +118,7 @@ export class ScenarioMutation {
   async deleteScenario(@Arg('name') name: string, @Ctx() context: ResolverContext): Promise<boolean> {
     const { domain, tx } = context.state
 
-    await tx.getRepository(Scenario).delete({ domain, name })
+    await tx.getRepository(Scenario).delete({ domain: { id: domain.id }, name })
 
     return true
   }

package/server/service/scenario-instance/scenario-instance-mutation.ts

@@ -5,7 +5,7 @@ import { getRepository, Domain, GraphqlLocalClient, ScalarObject } from '@things
 import { ScenarioEngine } from '../../engine'
 import { Scenario } from '../scenario/scenario-type'
 import { ScenarioInstance } from './scenario-instance-type'
-import { PrivilegeObject, User } from '@things-factory/auth-base'
+import { PrivilegeObject, User, checkPermission } from '@things-factory/auth-base'
 import { Step } from '../step/step-type'
 
 const debug = require('debug')('things-factory:integration-base:scenario-instance-mutation')
@@ -31,39 +31,6 @@ async function findScenario(
   return scenario as any
 }
 
-async function checkPermission(
-  privilegeObject: PrivilegeObject,
-  user: User,
-  domain: Domain,
-  protectedIP?: boolean
-): Promise<boolean> {
-  if (!privilegeObject) {
-    return true
-  }
-
-  const {
-    owner: domainOwnerGranted,
-    super: superUserGranted,
-    category,
-    privilege,
-    protected: protectedIPOnly
-  } = privilegeObject || {}
-
-  if (protectedIPOnly && !protectedIP) {
-    return false
-  }
-
-  if (!privilege || !category) {
-    return true
-  }
-
-  return (
-    (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
-    (superUserGranted && (await process.superUserGranted(domain, user))) ||
-    (category && privilege && (await User.hasPrivilege(privilege, category, domain, user)))
-  )
-}
-
 @Resolver(ScenarioInstance)
 export class ScenarioInstanceMutation {
   @Mutation(returns => ScenarioInstance, {
@@ -75,7 +42,7 @@ export class ScenarioInstanceMutation {
     @Arg('variables', type => ScalarObject, { nullable: true }) variables: any,
     @Ctx() context: ResolverContext
   ): Promise<ScenarioInstance> {
-    const { domain, user, lng, protected: protectedIP } = context.state
+    const { domain, user, lng, unsafeIP, prohibitedPrivileges } = context.state
 
     debug('runScenario', scenarioName, instanceName, variables)
 
@@ -89,8 +56,13 @@ export class ScenarioInstanceMutation {
       )
     }
 
-    if (!(await checkPermission(scenario.privilege, user, domain, protectedIP))) {
-      throw new Error(`Unauthorized!`)
+    if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
+      const { category, privilege } = scenario.privilege || {}
+      throw new Error(
+        `Unauthorized! ${
+          category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
+        } required`
+      )
     }
 
     /* 시나리오 인스턴스를 생성한다. */
@@ -115,7 +87,7 @@ export class ScenarioInstanceMutation {
     @Arg('variables', type => ScalarObject, { nullable: true }) variables: any,
     @Ctx() context: ResolverContext
   ): Promise<ScenarioInstance> {
-    const { domain, user, lng, protected: protectedIP } = context.state
+    const { domain, user, lng, unsafeIP, prohibitedPrivileges } = context.state
 
     debug('startScenario', instanceName, scenarioName, variables)
 
@@ -129,8 +101,13 @@ export class ScenarioInstanceMutation {
       )
     }
 
-    if (!(await checkPermission(scenario.privilege, user, domain, protectedIP))) {
-      throw new Error(`Unauthorized!`)
+    if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
+      const { category, privilege } = scenario.privilege || {}
+      throw new Error(
+        `Unauthorized! ${
+          category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
+        } required`
+      )
     }
 
     instanceName = instanceName || scenarioName
@@ -142,7 +119,7 @@ export class ScenarioInstanceMutation {
     @Arg('instanceName', { nullable: true }) instanceName: string,
     @Ctx() context: ResolverContext
   ): Promise<ScenarioInstance | undefined> {
-    const { domain, user, protected: protectedIP } = context.state
+    const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
 
     debug('stopScenario', instanceName)
 
@@ -159,8 +136,13 @@ export class ScenarioInstanceMutation {
 
     var scenario = await findScenario(scenarioInstance.scenarioName, domain)
 
-    if (!(await checkPermission(scenario.privilege, user, domain, protectedIP))) {
-      throw new Error(`Unauthorized!`)
+    if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
+      const { category, privilege } = scenario.privilege || {}
+      throw new Error(
+        `Unauthorized! ${
+          category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
+        } required`
+      )
     }
 
     await ScenarioEngine.unload(domain, instanceName)

package/server/service/scenario-instance/scenario-instance-type.ts

@@ -153,7 +153,7 @@ export class ScenarioInstance {
   }
 
   constructor(instanceName, { name: scenarioName, steps, domain: scenarioDomain }, context?) {
-    var { domain, user, lng, protected: protectedIP } = context || {}
+    var { domain, user, lng, unsafeIP, prohibitedPrivileges } = context || {}
     domain ||= scenarioDomain
 
     this.instanceName = instanceName
@@ -167,7 +167,8 @@ export class ScenarioInstance {
       domain,
       user,
       lng,
-      protected: protectedIP,
+      unsafeIP,
+      prohibitedPrivileges,
       logger:
         context?.logger ||
         createLogger({