@things-factory/oauth2-client 8.0.0-beta.9 → 8.0.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/oauth2-client",
-  "version": "8.0.0-beta.9",
+  "version": "8.0.2",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -27,15 +27,15 @@
     "migration:create": "node ../../node_modules/typeorm/cli.js migration:create ./server/migrations/migration"
   },
   "dependencies": {
-    "@operato/graphql": "^8.0.0-beta",
-    "@operato/help": "^8.0.0-beta",
-    "@operato/layout": "^8.0.0-beta",
-    "@operato/shell": "^8.0.0-beta",
-    "@operato/utils": "^8.0.0-beta",
-    "@things-factory/auth-base": "^8.0.0-beta.9",
-    "@things-factory/shell": "^8.0.0-beta.9",
+    "@operato/graphql": "^8.0.0",
+    "@operato/help": "^8.0.0",
+    "@operato/layout": "^8.0.0",
+    "@operato/shell": "^8.0.0",
+    "@operato/utils": "^8.0.0",
+    "@things-factory/auth-base": "^8.0.2",
+    "@things-factory/shell": "^8.0.2",
     "client-oauth2": "^4.3.3",
     "clipboard": "^2.0.6"
   },
-  "gitHead": "86b1dfa26292926a2d5447fdc23bfa5a9e983245"
+  "gitHead": "39d60f56e142561233ddf6d47b539c637971357c"
 }

package/server/index.ts

@@ -0,0 +1,3 @@
+import './routes'
+
+export * from './service'

package/server/routes.ts

@@ -0,0 +1,156 @@
+import ClientOAuth2 from 'client-oauth2'
+import crypto from 'crypto'
+
+import { getRedirectSubdomainPath, getRepository } from '@things-factory/shell'
+
+import { Oauth2Client } from './service/oauth2-client/oauth2-client'
+
+process.on('bootstrap-module-domain-private-route' as any, (app, domainPrivateRouter) => {
+  domainPrivateRouter.get('/oauth2-client/:id/auth-uri', async (context, next) => {
+    const { params, origin } = context
+    const { id } = params
+
+    const repository = getRepository(Oauth2Client)
+    const oauth2Client = await repository.findOneBy({ id })
+
+    const {
+      grantType,
+      clientId,
+      clientSecret,
+      accessTokenUrl: accessTokenUri,
+      authUrl: authorizationUri,
+      scopes
+    } = oauth2Client
+
+    if (grantType !== 'code') {
+      throw new Error(`unsupported grant type: ${grantType}`)
+    }
+
+    const state = crypto.randomBytes(16).toString('hex')
+    await repository.save({
+      ...oauth2Client,
+      state
+    })
+
+    var auth = new ClientOAuth2({
+      clientId,
+      clientSecret,
+      accessTokenUri,
+      authorizationUri,
+      redirectUri: `${origin}/oauth2-client/callback`,
+      scopes: scopes?.split(' ') || [],
+      state
+    })
+
+    context.status = 200
+    context.body = await auth.code.getUri()
+  })
+
+  domainPrivateRouter.get('/oauth2-client/:id/refresh', async (context, next) => {
+    const { params } = context
+    const { id } = params
+
+    const repository = getRepository(Oauth2Client)
+    const oauth2Client = await repository.findOneBy({ id })
+
+    const {
+      grantType,
+      clientId,
+      clientSecret,
+      accessTokenUrl: accessTokenUri,
+      authUrl: authorizationUri,
+      scopes,
+      tokenType,
+      accessToken,
+      refreshToken
+    } = oauth2Client
+
+    if (!refreshToken) {
+      context.status = 404
+      context.body = 'refreshToken not found'
+
+      return
+    }
+
+    var auth = new ClientOAuth2({
+      clientId,
+      clientSecret,
+      accessTokenUri,
+      authorizationUri,
+      scopes: scopes?.split(' ') || []
+    })
+
+    const { accessToken: newAccessToken, refreshToken: newRefreshToken } = await auth
+      .createToken(accessToken, refreshToken, tokenType, {})
+      .refresh()
+
+    context.status = 200
+    context.body = await repository.save({
+      ...oauth2Client,
+      accessToken: newAccessToken,
+      refreshToken: newRefreshToken,
+      state: ''
+    })
+  })
+})
+
+process.on('bootstrap-module-domain-public-route' as any, (app, domainPublicRouter) => {
+  domainPublicRouter.get('/oauth2-client/callback', async (context, next) => {
+    const { state } = context.query
+    const { originalUrl } = context
+
+    const repository = getRepository(Oauth2Client)
+    const oauth2Client: Oauth2Client = await repository.findOne({
+      where: { state },
+      relations: ['domain']
+    })
+
+    const {
+      domain,
+      id,
+      grantType,
+      clientId,
+      clientSecret,
+      accessTokenUrl: accessTokenUri,
+      authUrl: authorizationUri,
+      scopes
+    } = oauth2Client
+
+    var auth = new ClientOAuth2({
+      clientId,
+      clientSecret,
+      accessTokenUri,
+      authorizationUri,
+      scopes: scopes?.split(' ') || []
+    })
+
+    var url = originalUrl
+    switch (grantType) {
+      case 'credentials':
+        break
+      case 'jwt':
+        break
+      case 'code':
+        break
+      case 'owner':
+      default:
+        throw new Error(`unsupported grant type: ${grantType}`)
+    }
+
+    const token = await auth.code.getToken(originalUrl)
+    const { tokenType, accessToken, refreshToken, data } = token
+    const expires = data?.expires_in ? token.expiresIn(data?.expires_in as any) : null
+
+    await repository.save({
+      ...oauth2Client,
+      tokenType,
+      accessToken,
+      refreshToken,
+      expires,
+      scopes: data?.scope?.replace(',', ' '),
+      state: ''
+    })
+
+    context.redirect(getRedirectSubdomainPath(context, domain?.subdomain, `/oauth2-client/${id}`))
+  })
+})

package/server/service/index.ts

@@ -0,0 +1,17 @@
+/* IMPORT ENTITIES AND RESOLVERS */
+import { entities as Oauth2ClientEntities, resolvers as Oauth2ClientResolvers } from './oauth2-client'
+
+/* EXPORT ENTITY TYPES */
+export * from './oauth2-client/oauth2-client'
+
+export const entities = [
+  /* ENTITIES */
+  ...Oauth2ClientEntities
+]
+
+export const schema = {
+  resolverClasses: [
+    /* RESOLVER CLASSES */
+    ...Oauth2ClientResolvers
+  ]
+}

package/server/service/oauth2-client/index.ts

@@ -0,0 +1,6 @@
+import { Oauth2Client } from './oauth2-client'
+import { Oauth2ClientQuery } from './oauth2-client-query'
+import { Oauth2ClientMutation } from './oauth2-client-mutation'
+
+export const entities = [Oauth2Client]
+export const resolvers = [Oauth2ClientQuery, Oauth2ClientMutation]

package/server/service/oauth2-client/oauth2-client-mutation.ts

@@ -0,0 +1,202 @@
+import ClientOAuth2 from 'client-oauth2'
+import crypto from 'crypto'
+import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
+import { In } from 'typeorm'
+
+import { config } from '@things-factory/env'
+
+import { Oauth2Client } from './oauth2-client'
+import { NewOauth2Client, Oauth2ClientPatch } from './oauth2-client-type'
+
+const protocol: string = config.get('protocol')
+
+@Resolver(Oauth2Client)
+export class Oauth2ClientMutation {
+  @Directive('@transaction')
+  @Mutation(returns => Oauth2Client, { description: 'To create new Oauth2Client' })
+  async createOauth2Client(
+    @Arg('oauth2Client') oauth2Client: NewOauth2Client,
+    @Ctx() context: ResolverContext
+  ): Promise<Oauth2Client> {
+    const { domain, user, tx } = context.state
+
+    const originalProtocol = context.headers['x-forwarded-proto']
+    const originalHost = context.headers['x-forwarded-host']
+    const originalPort = context.headers['x-forwarded-port']
+
+    if (originalProtocol && originalHost) {
+      var url: URL = new URL(`${originalProtocol}://${originalHost}`)
+      if (originalPort) {
+        url.port = originalPort
+      }
+    } else {
+      var url: URL = new URL(context.request.origin)
+    }
+
+    if (protocol) {
+      url.protocol = protocol
+    }
+
+    url.pathname = '/oauth2-client/callback'
+
+    return await tx.getRepository(Oauth2Client).save({
+      ...oauth2Client,
+      callbackUrl: oauth2Client.callbackUrl || url.href,
+      domain,
+      creator: user,
+      updater: user
+    })
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Oauth2Client, { description: 'To modify Oauth2Client information' })
+  async updateOauth2Client(
+    @Arg('id') id: string,
+    @Arg('patch') patch: Oauth2ClientPatch,
+    @Ctx() context: ResolverContext
+  ): Promise<Oauth2Client> {
+    const { domain, user, tx } = context.state
+
+    const repository = tx.getRepository(Oauth2Client)
+    const oauth2Client = await repository.findOne({
+      where: { domain: { id: domain.id }, id }
+    })
+
+    return await repository.save({
+      ...oauth2Client,
+      ...patch,
+      updater: user
+    })
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Boolean, { description: 'To delete Oauth2Client' })
+  async deleteOauth2Client(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<boolean> {
+    const { domain, tx } = context.state
+
+    await tx.getRepository(Oauth2Client).delete({ domain: { id: domain.id }, id })
+
+    return true
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Boolean, { description: 'To delete multiple Oauth2Clients' })
+  async deleteOauth2Clients(
+    @Arg('ids', type => [String]) ids: string[],
+    @Ctx() context: ResolverContext
+  ): Promise<boolean> {
+    const { domain, tx } = context.state
+
+    await tx.getRepository(Oauth2Client).delete({
+      domain: { id: domain.id },
+      id: In(ids)
+    })
+
+    return true
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Boolean, { description: 'To import multiple Oauth2Clients' })
+  async importOauth2Clients(
+    @Arg('oauth2Clients', type => [Oauth2ClientPatch]) oauth2Clients: Oauth2ClientPatch[],
+    @Ctx() context: ResolverContext
+  ): Promise<boolean> {
+    const { domain, tx } = context.state
+
+    await Promise.all(
+      oauth2Clients.map(async (oauth2Client: Oauth2ClientPatch) => {
+        const createdOauth2Client: Oauth2Client = await tx.getRepository(Oauth2Client).save({ domain, ...oauth2Client })
+      })
+    )
+
+    return true
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => String, { description: 'To get oauth2 auth URL' })
+  async getOauth2AuthUrl(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<string> {
+    const { tx } = context.state
+    const repository = tx.getRepository(Oauth2Client)
+    const oauth2Client = await repository.findOneBy({ id })
+
+    const {
+      grantType,
+      clientId,
+      clientSecret,
+      callbackUrl,
+      accessTokenUrl: accessTokenUri,
+      authUrl: authorizationUri,
+      scopes
+    } = oauth2Client
+
+    if (grantType !== 'code') {
+      throw new Error(`unsupported grant type: ${grantType}`)
+    }
+
+    const state = crypto.randomBytes(16).toString('hex')
+    await repository.save({
+      ...oauth2Client,
+      state
+    })
+
+    var auth = new ClientOAuth2({
+      clientId,
+      clientSecret,
+      accessTokenUri,
+      authorizationUri,
+      redirectUri: callbackUrl || `${context.origin}/oauth2-client/callback`,
+      scopes: scopes?.split(' ') || [],
+      state
+    })
+
+    return await (auth[grantType] as any).getUri()
+  }
+
+  @Directive('@transaction')
+  @Mutation(returns => Oauth2Client, { description: 'To refresh oauth2 access token' })
+  async refreshOauth2AccessToken(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<Oauth2Client> {
+    const { tx } = context.state
+    const repository = tx.getRepository(Oauth2Client)
+    const oauth2Client = await repository.findOneBy({ id })
+
+    const {
+      clientId,
+      clientSecret,
+      accessTokenUrl: accessTokenUri,
+      authUrl: authorizationUri,
+      scopes,
+      tokenType,
+      accessToken,
+      refreshToken
+    } = oauth2Client
+
+    if (!refreshToken) {
+      throw new Error('refreshToken not found')
+    }
+
+    var auth = new ClientOAuth2({
+      clientId,
+      clientSecret,
+      accessTokenUri,
+      authorizationUri,
+      scopes: scopes?.split(' ')
+    })
+
+    try {
+      var token = await auth.createToken(accessToken, refreshToken, tokenType, {}).refresh()
+    } catch (err) {
+      throw err
+    }
+
+    const { accessToken: newAccessToken, refreshToken: newRefreshToken, tokenType: newTokenType, data } = token
+    const expires = data?.expires_in ? token.expiresIn(data?.expires_in as any) : null
+
+    return await repository.save({
+      ...oauth2Client,
+      accessToken: newAccessToken,
+      refreshToken: newRefreshToken,
+      tokenType: newTokenType,
+      expires
+    })
+  }
+}

package/server/service/oauth2-client/oauth2-client-query.ts

@@ -0,0 +1,53 @@
+import { Arg, Args, Ctx, FieldResolver, Query, Resolver, Root } from 'type-graphql'
+
+import { User } from '@things-factory/auth-base'
+import { Domain, getQueryBuilderFromListParams, getRepository, ListParam } from '@things-factory/shell'
+
+import { Oauth2Client } from './oauth2-client'
+import { Oauth2ClientList } from './oauth2-client-type'
+
+@Resolver(Oauth2Client)
+export class Oauth2ClientQuery {
+  @Query(returns => Oauth2Client!, { nullable: true, description: 'To fetch a Oauth2Client' })
+  async oauth2Client(@Arg('id') id: string, @Ctx() context: ResolverContext): Promise<Oauth2Client> {
+    const { domain } = context.state
+
+    return await getRepository(Oauth2Client).findOne({
+      where: { domain: { id: domain.id }, id }
+    })
+  }
+
+  @Query(returns => Oauth2ClientList, { description: 'To fetch multiple Oauth2Clients' })
+  async oauth2Clients(
+    @Args(type => ListParam) params: ListParam,
+    @Ctx() context: ResolverContext
+  ): Promise<Oauth2ClientList> {
+    const { domain } = context.state
+
+    const queryBuilder = getQueryBuilderFromListParams({
+      domain,
+      params,
+      repository: await getRepository(Oauth2Client),
+      searchables: ['name', 'description']
+    })
+
+    const [items, total] = await queryBuilder.getManyAndCount()
+
+    return { items, total }
+  }
+
+  @FieldResolver(type => Domain)
+  async domain(@Root() oauth2Client: Oauth2Client): Promise<Domain> {
+    return await getRepository(Domain).findOneBy({ id: oauth2Client.domainId })
+  }
+
+  @FieldResolver(type => User)
+  async updater(@Root() oauth2Client: Oauth2Client): Promise<User> {
+    return await getRepository(User).findOneBy({ id: oauth2Client.updaterId })
+  }
+
+  @FieldResolver(type => User)
+  async creator(@Root() oauth2Client: Oauth2Client): Promise<User> {
+    return await getRepository(User).findOneBy({ id: oauth2Client.creatorId })
+  }
+}

package/server/service/oauth2-client/oauth2-client-type.ts

@@ -0,0 +1,127 @@
+import { Field, InputType, Int, ObjectType } from 'type-graphql'
+import { GraphQLJWT } from 'graphql-scalars'
+
+import { Oauth2Client } from './oauth2-client'
+
+@InputType()
+export class NewOauth2Client {
+  @Field()
+  name: string
+
+  @Field({ nullable: true })
+  description?: string
+
+  @Field({ nullable: true })
+  icon?: string
+
+  @Field({ nullable: true })
+  grantType?: string
+
+  @Field({ nullable: true })
+  clientId?: string
+
+  @Field({ nullable: true })
+  clientSecret?: string
+
+  @Field({ nullable: true })
+  callbackUrl?: string
+
+  @Field({ nullable: true })
+  authUrl?: string
+
+  @Field({ nullable: true })
+  accessTokenUrl?: string
+
+  @Field({ nullable: true })
+  webhook?: string
+
+  @Field({ nullable: true })
+  username?: string
+
+  @Field({ nullable: true })
+  password?: string
+
+  @Field({ nullable: true })
+  codeChallengeMethod?: string
+
+  @Field({ nullable: true })
+  codeVerifier?: string
+
+  @Field({ nullable: true })
+  scopes?: string
+
+  @Field({ nullable: true })
+  accessToken?: string
+
+  @Field({ nullable: true })
+  refreshToken?: string
+
+  @Field(type => GraphQLJWT, { nullable: true })
+  jwtToken?: string
+}
+
+@InputType()
+export class Oauth2ClientPatch {
+  @Field({ nullable: true })
+  name?: string
+
+  @Field({ nullable: true })
+  description?: string
+
+  @Field({ nullable: true })
+  icon?: string
+
+  @Field({ nullable: true })
+  grantType?: string
+
+  @Field({ nullable: true })
+  clientId?: string
+
+  @Field({ nullable: true })
+  clientSecret?: string
+
+  @Field({ nullable: true })
+  callbackUrl?: string
+
+  @Field({ nullable: true })
+  authUrl?: string
+
+  @Field({ nullable: true })
+  accessTokenUrl?: string
+
+  @Field({ nullable: true })
+  webhook?: string
+
+  @Field({ nullable: true })
+  username?: string
+
+  @Field({ nullable: true })
+  password?: string
+
+  @Field({ nullable: true })
+  codeChallengeMethod?: string
+
+  @Field({ nullable: true })
+  codeVerifier?: string
+
+  @Field({ nullable: true })
+  scopes?: string
+
+  @Field({ nullable: true })
+  accessToken?: string
+
+  @Field({ nullable: true })
+  refreshToken?: string
+
+  @Field(type => GraphQLJWT, { nullable: true })
+  jwtToken?: string
+}
+
+@ObjectType()
+export class Oauth2ClientList {
+  @Field(type => [Oauth2Client])
+  items: Oauth2Client[]
+
+  @Field(type => Int)
+  total: number
+}