@tomei/sso 0.3.4 → 0.6.0

package/index.ts

@@ -1 +1 @@
-export * from "./src"
+export * from './src';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tomei/sso",
-  "version": "0.3.4",
+  "version": "0.6.0",
   "description": "Tomei SSO Package",
   "main": "dist/index.js",
   "scripts": {
@@ -70,5 +70,8 @@
       "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
       "eslint \"{src,apps,libs,test}/**/*.ts\" --fix"
     ]
+  },
+  "dependencies": {
+    "@tomei/mailer": "^0.1.3"
   }
 }

package/src/components/login-user/login-user.ts

@@ -6,12 +6,13 @@ import { UserRepository } from './user.repository';
 import { SystemRepository } from '../system/system.repository';
 import { SystemAccessRepository } from '../system-access/system-access.repository';
 import { LoginHistoryRepository } from '../login-history/login-history.repository';
-import { MailService } from '../../mail/mail.service';
 import { UserUserGroupRepository } from '../user-user-group/user-user-group.repository';
 import { PasswordHashService } from '../password-hash/password-hash.service';
 import { SessionService } from '../../session/session.service';
 import { UserGroupRepository } from '../user-group/user-group.repository';
-
+import * as nodemailer from 'nodemailer';
+import { Mailer } from '@tomei/mailer';
+import { ISystemLogin } from '../../../src/interfaces/system-login.interface';
 export class LoginUser extends ObjectBase implements IPerson {
   FullName: string;
   IDNo: string;
@@ -28,7 +29,6 @@ export class LoginUser extends ObjectBase implements IPerson {
   private _OriginIP: string;
   private _SessionService: ISessionService;
   private _PasswordHashService = new PasswordHashService();
-  private _MailService = new MailService();
   private static _Repository = new UserRepository();
   private static _SystemRepository = new SystemRepository();
   private static _SystemAccessRepository = new SystemAccessRepository();
@@ -134,78 +134,82 @@ export class LoginUser extends ObjectBase implements IPerson {
     password: string,
     ipAddress: string,
   ): Promise<string> {
-    //validate email
-    if (this.Email !== email) {
-      throw new Error('Invalid credentials.');
-    }
+    try {
+      //validate email
+      if (this.Email !== email) {
+        throw new Error('Invalid credentials.');
+      }
 
-    //validate password
-    const isPasswordValid = await this._PasswordHashService.verify(
-      password,
-      this.Password,
-    );
+      //validate password
+      const isPasswordValid = await this._PasswordHashService.verify(
+        password,
+        this.Password,
+      );
 
-    if (!isPasswordValid) {
-      throw new Error('Invalid credentials.');
-    }
+      if (!isPasswordValid) {
+        throw new Error('Invalid credentials.');
+      }
 
-    //validate system code
-    const system = await LoginUser._SystemRepository.findOne({
-      where: {
-        code: systemCode,
-      },
-    });
+      //validate system code
+      const system = await LoginUser._SystemRepository.findOne({
+        where: {
+          code: systemCode,
+        },
+      });
 
-    if (!system) {
-      throw new Error('Invalid system code.');
-    }
+      if (!system) {
+        throw new Error('Invalid system code.');
+      }
 
-    //validate system access
-    await this.checkSystemAccess(this.ObjectId, system.id);
-    // alert user if new login
-    await this.alertNewLogin(this.ObjectId, system.id, ipAddress);
+      //validate system access
+      await this.checkSystemAccess(this.ObjectId, system.id);
+      // alert user if new login
+      await this.alertNewLogin(this.ObjectId, system.id, ipAddress);
 
-    // fetch user session if exists
-    const userSession = await this._SessionService.retrieveUserSession(
-      this.ObjectId,
-    );
-    let systemLogin = userSession.systemLogins.find(
-      (system) => system.code === systemCode,
-    );
+      // fetch user session if exists
+      const userSession = await this._SessionService.retrieveUserSession(
+        this.ObjectId,
+      );
+      let systemLogin = userSession.systemLogins.find(
+        (system) => system.code === systemCode,
+      );
 
-    // generate new session id
-    const { randomUUID } = require('crypto');
-    const sessionId = randomUUID();
+      // generate new session id
+      const { randomUUID } = require('crypto');
+      const sessionId = randomUUID();
 
-    if (systemLogin) {
-      systemLogin = systemLogin.sessionId = sessionId;
-      userSession.systemLogins.map((system) =>
-        system.code === systemCode ? systemLogin : system,
-      );
-    } else {
-      // if not, add new system login into the userSession
-      const newLogin = {
-        id: system.id.toString(),
-        code: system.code,
-        sessionId: sessionId,
-        privileges: await this.getPrivileges(system.code),
-      };
-      userSession.systemLogins.push(newLogin);
-    }
-    // then update userSession inside the redis storage with 1 day duration of time-to-live
-    this._SessionService.setUserSession(this.ObjectId, userSession);
-
-    // record new login history
-    await LoginUser._LoginHistoryRepository.create({
-      data: {
-        userId: this.ObjectId,
-        systemId: system.id,
-        originIp: ipAddress,
-        createdAt: new Date(),
-      },
-    });
+      if (systemLogin) {
+        systemLogin = systemLogin.sessionId = sessionId;
+        userSession.systemLogins.map((system) =>
+          system.code === systemCode ? systemLogin : system,
+        );
+      } else {
+        // if not, add new system login into the userSession
+        const newLogin = {
+          id: system.id.toString(),
+          code: system.code,
+          sessionId: sessionId,
+          privileges: await this.getPrivileges(system.code),
+        };
+        userSession.systemLogins.push(newLogin);
+      }
+      // then update userSession inside the redis storage with 1 day duration of time-to-live
+      this._SessionService.setUserSession(this.ObjectId, userSession);
 
-    return sessionId;
+      // record new login history
+      await LoginUser._LoginHistoryRepository.create({
+        data: {
+          userId: this.ObjectId,
+          systemId: system.id,
+          originIp: ipAddress,
+          createdAt: new Date(),
+        },
+      });
+
+      return sessionId;
+    } catch (error) {
+      throw error;
+    }
   }
 
   private async checkSystemAccess(
@@ -229,30 +233,57 @@ export class LoginUser extends ObjectBase implements IPerson {
     systemId: string,
     ipAddress: string,
   ) {
-    const userLogins = await LoginUser._LoginHistoryRepository.findAll({
-      where: {
-        userId: userId,
-        systemId: systemId,
-      },
-    });
+    try {
+      const userLogins = await LoginUser._LoginHistoryRepository.findAll({
+        where: {
+          userId: userId,
+          systemId: systemId,
+        },
+      });
 
-    const gotPreviousLogins = userLogins?.length !== 0;
-    let ipFound = null;
-    if (gotPreviousLogins) {
-      ipFound = userLogins.find((item) => item.ipAddress === ipAddress);
-    }
+      const gotPreviousLogins = userLogins?.length !== 0;
+      let ipFound = null;
+      if (gotPreviousLogins) {
+        ipFound = userLogins.find((item) => item.ipAddress === ipAddress);
+      }
 
-    if (gotPreviousLogins && !ipFound) {
-      await this._MailService.sendNewLoginAlertEmail({
-        IpAddress: ipAddress,
-        Email: this.Email,
-        Name: this.FullName,
-        LoginDate: new Date(),
-      });
+      if (gotPreviousLogins && !ipFound) {
+        const SMTP_HOST = process.env.SMTP_HOST || '';
+        const SMTP_PORT = process.env.SMTP_PORT || '';
+        const EMAIL_SENDER = process.env.EMAIL_SENDER || '';
+        const EMAIL_PASSWORD = process.env.EMAIL_PASSWORD || '';
+
+        const mailer = new Mailer(nodemailer, {
+          host: SMTP_HOST,
+          port: Number(SMTP_PORT),
+          secure: Number(SMTP_PORT) === 465,
+          auth: {
+            user: EMAIL_SENDER,
+            pass: EMAIL_PASSWORD,
+          },
+        });
+
+        await mailer.sendMail({
+          from: process.env.EMAIL_SENDER,
+          to: this.Email,
+          subject: 'New Login Alert',
+          html: `<p>Dear ${this.FullName},</p>
+                  <p>There was a new login to your account from ${ipAddress} on ${new Date().toLocaleString()}.</p>
+                  <p>If this was you, you can safely ignore this email.</p>
+                  <p>If you suspect that someone else is trying to access your account, please contact us immediately at itd-support@tomei.com.my.</p>
+                  <p>Thank you!,</p>
+                  <p>
+                      Best Regards,
+                      IT Department
+                  </p>`,
+        });
+      }
+    } catch (error) {
+      throw error;
     }
   }
 
-  async getPrivileges(systemCode: string): Promise<string[]> {
+  private async getPrivileges(systemCode: string): Promise<string[]> {
     try {
       const system = await LoginUser._SystemRepository.findOne({
         where: {
@@ -263,12 +294,12 @@ export class LoginUser extends ObjectBase implements IPerson {
       if (!system) {
         throw new Error('Invalid system code.');
       }
+
       // retrive user userGroups with system privileges
       const userUserGroups = await this.getUserUserGroupFromDB(system.id);
 
       // get all userGroup data from user userGroups
       const userGroupData = userUserGroups.map((u) => u.userGroup);
-
       // get all privileges from userGroup data
       let privileges: string[] = [];
       for (const userGroup of userGroupData) {
@@ -286,7 +317,7 @@ export class LoginUser extends ObjectBase implements IPerson {
         ) {
           // get all parent tree privileges
           const parentTreePrivileges = await this.getPrivilegesFromUserGroup(
-            userGroup.parentCode,
+            userGroup.parentGroupCode,
           );
 
           privileges = [...privileges, ...parentTreePrivileges];
@@ -417,8 +448,8 @@ export class LoginUser extends ObjectBase implements IPerson {
         (u) => u.systemPrivilege,
       );
 
-      userSystemPrivileges = userRole.userSystemPrivileges.filter(
-        (u) => u.systemPrivilege.systemId === systemId,
+      userSystemPrivileges = userSystemPrivileges.filter(
+        (u) => u.systemId === systemId,
       );
 
       const userPrivileges: string[] = userSystemPrivileges.map((u) => u.code);
@@ -427,4 +458,63 @@ export class LoginUser extends ObjectBase implements IPerson {
       throw error;
     }
   }
+
+  async checkPrivileges(
+    systemCode: string,
+    privilegeName: string,
+  ): Promise<boolean> {
+    if (!this.ObjectId) {
+      throw new Error('ObjectId(UserId) is not set');
+    }
+
+    const userSession = await this._SessionService.retrieveUserSession(
+      this.ObjectId,
+    );
+
+    const systemLogin = userSession.systemLogins.find(
+      (system) => system.code === systemCode,
+    );
+
+    if (!systemLogin) {
+      return false;
+    }
+
+    const privileges = systemLogin.privileges;
+    const hasPrivilege = privileges.includes(privilegeName);
+    return hasPrivilege;
+  }
+
+  async checkSession(
+    systemCode: string,
+    sessionId: string,
+    userId: string,
+  ): Promise<ISystemLogin> {
+    try {
+      const userSession = await this._SessionService.retrieveUserSession(
+        userId,
+      );
+
+      if (userSession.systemLogins.length === 0) {
+        throw new Error('Session expired.');
+      }
+
+      const systemLogin = userSession.systemLogins.find(
+        (sl) => sl.code === systemCode,
+      );
+
+      if (!systemLogin) {
+        throw new Error('Session expired.');
+      }
+
+      if (systemLogin.sessionId !== sessionId) {
+        throw new Error('Session expired.');
+      }
+
+      await this._SessionService.refreshDuration(userId);
+
+      return systemLogin;
+    } catch (error) {
+      throw error;
+    }
+  }
 }

package/src/index.ts

@@ -2,6 +2,5 @@ require('dotenv').config();
 export * from './components';
 export * from './interfaces';
 export * from './redis-client';
-export * from './mail';
 export * from './prisma-client';
 export * from './session';

package/src/session/interfaces/session-service.interface.ts

@@ -3,4 +3,5 @@ import { IUserSession } from '../../interfaces/user-session.interface';
 export interface ISessionService {
   retrieveUserSession(userId: string): Promise<IUserSession>;
   setUserSession(userId: string, sessionData: IUserSession): Promise<void>;
+  refreshDuration(userId: string): Promise<void>;
 }

package/src/session/session.service.ts

@@ -42,4 +42,14 @@ export class SessionService implements ISessionService {
       throw error;
     }
   }
+
+  async refreshDuration(userid: string): Promise<void> {
+    try {
+      const key = `tomei-sid:${userid}`;
+      const userSession = await this.retrieveUserSession(userid);
+      await this.setUserSession(key, userSession);
+    } catch (error) {
+      throw error;
+    }
+  }
 }

package/src/mail/index.ts

@@ -1,2 +0,0 @@
-export * from './mail.service';
-export * from './mail';

package/src/mail/interfaces/index.ts

@@ -1,2 +0,0 @@
-export * from './send-mail.interface';
-export * from './send-new-login-alert.interface';

package/src/mail/interfaces/send-mail.interface.ts

@@ -1,8 +0,0 @@
-export interface ISendMailOptionsInterface {
-  to: string | string[];
-  cc?: string | string[];
-  bcc?: string | string[];
-  subject: string;
-  text?: string;
-  html: string;
-}

package/src/mail/interfaces/send-new-login-alert.interface.ts

@@ -1,6 +0,0 @@
-export interface ISendNewLoginAlertOptions {
-  IpAddress: string;
-  Email: string;
-  Name: string;
-  LoginDate: Date;
-}

package/src/mail/mail.service.ts

@@ -1,33 +0,0 @@
-import { ISendNewLoginAlertOptions } from './interfaces/send-new-login-alert.interface';
-import Mail from './mail';
-
-export class MailService {
-  MailClient: Mail;
-  constructor() {
-    this.MailClient = Mail.init();
-  }
-
-  public async sendNewLoginAlertEmail(
-    options: ISendNewLoginAlertOptions,
-  ): Promise<void> {
-    try {
-      await this.MailClient.sendMail({
-        to: options.Email,
-        subject: 'New Login Alert',
-        html: `<p>Dear ${options.Name},</p>
-                <p>There was a new login to your account from ${
-                  options.IpAddress
-                } on ${options.LoginDate.toLocaleString()}.</p>
-                <p>If this was you, you can safely ignore this email.</p>
-                <p>If you suspect that someone else is trying to access your account, please contact us immediately at itd-support@tomei.com.my.</p>
-                <p>Thank you!,</p>
-                <p>
-                    Best Regards,
-                    IT Department
-                </p>`,
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-}

package/src/mail/mail.ts

@@ -1,40 +0,0 @@
-import * as nodemailer from 'nodemailer';
-import { ISendMailOptionsInterface } from './interfaces/send-mail.interface';
-
-export default class Mail {
-  private static transporter: nodemailer.Transporter;
-
-  constructor() {}
-
-  static init() {
-    if (!Mail.transporter) {
-      Mail.transporter = nodemailer.createTransport({
-        host: process.env.SMTP_HOST,
-        port: Number(process.env.SMTP_PORT),
-        secure: Number(process.env.SMTP_PORT) === 465,
-        auth: {
-          user: process.env.EMAIL_SENDER,
-          pass: process.env.EMAIL_PASSWORD,
-        },
-      });
-    }
-    return new Mail();
-  }
-
-  //SEND MAIL
-  async sendMail(options: ISendMailOptionsInterface): Promise<void> {
-    try {
-      await Mail.transporter.sendMail({
-        from: process.env.EMAIL_SENDER,
-        to: options.to,
-        cc: options.cc,
-        bcc: options.bcc,
-        subject: options.subject,
-        text: options.text,
-        html: options.html,
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-}