@twin.org/api-auth-entity-storage-service 0.0.3-next.5 → 0.0.3-next.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/es/entities/authenticationAuditEntry.js +101 -0
- package/dist/es/entities/authenticationAuditEntry.js.map +1 -0
- package/dist/es/entities/authenticationRateEntry.js +37 -0
- package/dist/es/entities/authenticationRateEntry.js.map +1 -0
- package/dist/es/entities/authenticationUser.js +17 -1
- package/dist/es/entities/authenticationUser.js.map +1 -1
- package/dist/es/index.js +11 -1
- package/dist/es/index.js.map +1 -1
- package/dist/es/models/IAuthHeaderProcessorConstructorOptions.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js +4 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js +0 -2
- package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationServiceConstructorOptions.js.map +1 -1
- package/dist/es/processors/authHeaderProcessor.js +81 -14
- package/dist/es/processors/authHeaderProcessor.js.map +1 -1
- package/dist/es/restEntryPoints.js +17 -0
- package/dist/es/restEntryPoints.js.map +1 -1
- package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js +362 -0
- package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js.map +1 -0
- package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js +174 -0
- package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js.map +1 -0
- package/dist/es/routes/entityStorageAuthenticationRoutes.js +20 -21
- package/dist/es/routes/entityStorageAuthenticationRoutes.js.map +1 -1
- package/dist/es/schema.js +4 -0
- package/dist/es/schema.js.map +1 -1
- package/dist/es/services/entityStorageAuthenticationAdminService.js +164 -58
- package/dist/es/services/entityStorageAuthenticationAdminService.js.map +1 -1
- package/dist/es/services/entityStorageAuthenticationAuditService.js +179 -0
- package/dist/es/services/entityStorageAuthenticationAuditService.js.map +1 -0
- package/dist/es/services/entityStorageAuthenticationRateService.js +202 -0
- package/dist/es/services/entityStorageAuthenticationRateService.js.map +1 -0
- package/dist/es/services/entityStorageAuthenticationService.js +197 -17
- package/dist/es/services/entityStorageAuthenticationService.js.map +1 -1
- package/dist/es/utils/passwordHelper.js +45 -16
- package/dist/es/utils/passwordHelper.js.map +1 -1
- package/dist/es/utils/tokenHelper.js +42 -19
- package/dist/es/utils/tokenHelper.js.map +1 -1
- package/dist/types/entities/authenticationAuditEntry.d.ts +49 -0
- package/dist/types/entities/authenticationRateEntry.d.ts +17 -0
- package/dist/types/entities/authenticationUser.d.ts +8 -0
- package/dist/types/index.d.ts +11 -1
- package/dist/types/models/IAuthHeaderProcessorConstructorOptions.d.ts +10 -0
- package/dist/types/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.d.ts +5 -0
- package/dist/types/models/IEntityStorageAuthenticationAuditServiceConfig.d.ts +9 -0
- package/dist/types/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.d.ts +15 -0
- package/dist/types/models/IEntityStorageAuthenticationRateServiceConfig.d.ts +10 -0
- package/dist/types/models/IEntityStorageAuthenticationRateServiceConstructorOptions.d.ts +20 -0
- package/dist/types/models/IEntityStorageAuthenticationServiceConfig.d.ts +22 -1
- package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts +13 -3
- package/dist/types/processors/authHeaderProcessor.d.ts +4 -2
- package/dist/types/restEntryPoints.d.ts +3 -0
- package/dist/types/routes/entityStorageAuthenticationAdminRoutes.d.ts +61 -0
- package/dist/types/routes/entityStorageAuthenticationAuditRoutes.d.ts +29 -0
- package/dist/types/services/entityStorageAuthenticationAdminService.d.ts +26 -9
- package/dist/types/services/entityStorageAuthenticationAuditService.d.ts +53 -0
- package/dist/types/services/entityStorageAuthenticationRateService.d.ts +60 -0
- package/dist/types/services/entityStorageAuthenticationService.d.ts +11 -6
- package/dist/types/utils/passwordHelper.d.ts +13 -5
- package/dist/types/utils/tokenHelper.d.ts +7 -2
- package/docs/changelog.md +820 -65
- package/docs/examples.md +178 -1
- package/docs/reference/classes/AuthHeaderProcessor.md +15 -11
- package/docs/reference/classes/AuthenticationAuditEntry.md +101 -0
- package/docs/reference/classes/AuthenticationRateEntry.md +37 -0
- package/docs/reference/classes/AuthenticationUser.md +21 -5
- package/docs/reference/classes/EntityStorageAuthenticationAdminService.md +80 -20
- package/docs/reference/classes/EntityStorageAuthenticationAuditService.md +157 -0
- package/docs/reference/classes/EntityStorageAuthenticationRateService.md +227 -0
- package/docs/reference/classes/EntityStorageAuthenticationService.md +39 -19
- package/docs/reference/classes/PasswordHelper.md +37 -12
- package/docs/reference/classes/TokenHelper.md +38 -8
- package/docs/reference/functions/authenticationAdminCreateUser.md +31 -0
- package/docs/reference/functions/authenticationAdminGetUser.md +31 -0
- package/docs/reference/functions/authenticationAdminGetUserByIdentity.md +31 -0
- package/docs/reference/functions/authenticationAdminRemoveUser.md +31 -0
- package/docs/reference/functions/authenticationAdminUpdateUser.md +31 -0
- package/docs/reference/functions/authenticationAdminUpdateUserPassword.md +31 -0
- package/docs/reference/functions/authenticationAuditCreate.md +31 -0
- package/docs/reference/functions/authenticationAuditQuery.md +31 -0
- package/docs/reference/functions/generateRestRoutesAuthenticationAdmin.md +25 -0
- package/docs/reference/functions/generateRestRoutesAuthenticationAudit.md +25 -0
- package/docs/reference/index.md +20 -0
- package/docs/reference/interfaces/IAuthHeaderProcessorConfig.md +4 -4
- package/docs/reference/interfaces/IAuthHeaderProcessorConstructorOptions.md +32 -4
- package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConfig.md +2 -2
- package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md +18 -4
- package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConfig.md +11 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md +25 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConfig.md +17 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md +39 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConfig.md +61 -5
- package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md +38 -10
- package/docs/reference/variables/restEntryPoints.md +2 -0
- package/docs/reference/variables/tagsAuthenticationAdmin.md +5 -0
- package/docs/reference/variables/tagsAuthenticationAudit.md +5 -0
- package/locales/en.json +17 -3
- package/package.json +8 -7
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Class defining the storage for authentication audit entries.
|
|
3
|
+
*/
|
|
4
|
+
export declare class AuthenticationAuditEntry {
|
|
5
|
+
/**
|
|
6
|
+
* The unique identifier for the audit entry.
|
|
7
|
+
*/
|
|
8
|
+
id: string;
|
|
9
|
+
/**
|
|
10
|
+
* The timestamp of the audit entry in ISO 8601 format.
|
|
11
|
+
*/
|
|
12
|
+
dateCreated: string;
|
|
13
|
+
/**
|
|
14
|
+
* The audit event that occurred.
|
|
15
|
+
*/
|
|
16
|
+
event: string;
|
|
17
|
+
/**
|
|
18
|
+
* The actor identifier, could be e-mail, username, or other unique identifier.
|
|
19
|
+
*/
|
|
20
|
+
actorId?: string;
|
|
21
|
+
/**
|
|
22
|
+
* The node identifier associated with the audit entry, if applicable.
|
|
23
|
+
*/
|
|
24
|
+
nodeId?: string;
|
|
25
|
+
/**
|
|
26
|
+
* The organization identifier associated with the audit entry, if applicable.
|
|
27
|
+
*/
|
|
28
|
+
organizationId?: string;
|
|
29
|
+
/**
|
|
30
|
+
* The tenant identifier associated with the audit entry, if applicable.
|
|
31
|
+
*/
|
|
32
|
+
tenantId?: string;
|
|
33
|
+
/**
|
|
34
|
+
* The hashed IP addresses of the client.
|
|
35
|
+
*/
|
|
36
|
+
ipAddressHashes?: string[];
|
|
37
|
+
/**
|
|
38
|
+
* The user agent string of the client.
|
|
39
|
+
*/
|
|
40
|
+
userAgent?: string;
|
|
41
|
+
/**
|
|
42
|
+
* The correlation ID for request tracing.
|
|
43
|
+
*/
|
|
44
|
+
correlationId?: string;
|
|
45
|
+
/**
|
|
46
|
+
* Additional data related to the audit entry, such as IP address, user agent, etc.
|
|
47
|
+
*/
|
|
48
|
+
data?: unknown;
|
|
49
|
+
}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Class defining the storage for authentication rate entries.
|
|
3
|
+
*/
|
|
4
|
+
export declare class AuthenticationRateEntry {
|
|
5
|
+
/**
|
|
6
|
+
* The id for the rate entry.
|
|
7
|
+
*/
|
|
8
|
+
id: string;
|
|
9
|
+
/**
|
|
10
|
+
* Array of ISO date strings representing timestamps of failed attempts.
|
|
11
|
+
*/
|
|
12
|
+
timestamps: string[];
|
|
13
|
+
/**
|
|
14
|
+
* Last modification time in ISO date format.
|
|
15
|
+
*/
|
|
16
|
+
dateModified: string;
|
|
17
|
+
}
|
|
@@ -22,4 +22,12 @@ export declare class AuthenticationUser {
|
|
|
22
22
|
* The users organization.
|
|
23
23
|
*/
|
|
24
24
|
organization: string;
|
|
25
|
+
/**
|
|
26
|
+
* The scope assigned to the user, comma separated.
|
|
27
|
+
*/
|
|
28
|
+
scope: string;
|
|
29
|
+
/**
|
|
30
|
+
* The password version counter, incremented on every password change to invalidate existing tokens.
|
|
31
|
+
*/
|
|
32
|
+
passwordVersion?: number;
|
|
25
33
|
}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -1,15 +1,25 @@
|
|
|
1
|
+
export * from "./entities/authenticationAuditEntry.js";
|
|
2
|
+
export * from "./entities/authenticationRateEntry.js";
|
|
1
3
|
export * from "./entities/authenticationUser.js";
|
|
2
4
|
export * from "./models/IAuthHeaderProcessorConfig.js";
|
|
3
5
|
export * from "./models/IAuthHeaderProcessorConstructorOptions.js";
|
|
4
6
|
export * from "./models/IEntityStorageAuthenticationAdminServiceConfig.js";
|
|
5
7
|
export * from "./models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js";
|
|
8
|
+
export * from "./models/IEntityStorageAuthenticationAuditServiceConfig.js";
|
|
9
|
+
export * from "./models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js";
|
|
10
|
+
export * from "./models/IEntityStorageAuthenticationRateServiceConfig.js";
|
|
11
|
+
export * from "./models/IEntityStorageAuthenticationRateServiceConstructorOptions.js";
|
|
6
12
|
export * from "./models/IEntityStorageAuthenticationServiceConfig.js";
|
|
7
13
|
export * from "./models/IEntityStorageAuthenticationServiceConstructorOptions.js";
|
|
8
14
|
export * from "./processors/authHeaderProcessor.js";
|
|
9
15
|
export * from "./restEntryPoints.js";
|
|
16
|
+
export * from "./routes/entityStorageAuthenticationAdminRoutes.js";
|
|
17
|
+
export * from "./routes/entityStorageAuthenticationAuditRoutes.js";
|
|
10
18
|
export * from "./routes/entityStorageAuthenticationRoutes.js";
|
|
11
19
|
export * from "./schema.js";
|
|
12
20
|
export * from "./services/entityStorageAuthenticationAdminService.js";
|
|
21
|
+
export * from "./services/entityStorageAuthenticationAuditService.js";
|
|
22
|
+
export * from "./services/entityStorageAuthenticationRateService.js";
|
|
13
23
|
export * from "./services/entityStorageAuthenticationService.js";
|
|
14
|
-
export * from "./utils/passwordHelper.js";
|
|
15
24
|
export * from "./utils/tokenHelper.js";
|
|
25
|
+
export * from "./utils/passwordHelper.js";
|
|
@@ -3,11 +3,21 @@ import type { IAuthHeaderProcessorConfig } from "./IAuthHeaderProcessorConfig.js
|
|
|
3
3
|
* Options for the AuthHeaderProcessor constructor.
|
|
4
4
|
*/
|
|
5
5
|
export interface IAuthHeaderProcessorConstructorOptions {
|
|
6
|
+
/**
|
|
7
|
+
* The entity storage for users.
|
|
8
|
+
* @default authentication-user
|
|
9
|
+
*/
|
|
10
|
+
userEntityStorageType?: string;
|
|
6
11
|
/**
|
|
7
12
|
* The vault for the private keys.
|
|
8
13
|
* @default vault
|
|
9
14
|
*/
|
|
10
15
|
vaultConnectorType?: string;
|
|
16
|
+
/**
|
|
17
|
+
* The component to retrieve tenant information.
|
|
18
|
+
* @default tenant-admin
|
|
19
|
+
*/
|
|
20
|
+
tenantAdminComponentType?: string;
|
|
11
21
|
/**
|
|
12
22
|
* The configuration for the processor.
|
|
13
23
|
*/
|
|
@@ -8,6 +8,11 @@ export interface IEntityStorageAuthenticationAdminServiceConstructorOptions {
|
|
|
8
8
|
* @default authentication-user
|
|
9
9
|
*/
|
|
10
10
|
userEntityStorageType?: string;
|
|
11
|
+
/**
|
|
12
|
+
* The audit service.
|
|
13
|
+
* @default authentication-audit
|
|
14
|
+
*/
|
|
15
|
+
authenticationAuditServiceType?: string;
|
|
11
16
|
/**
|
|
12
17
|
* The configuration for the authentication.
|
|
13
18
|
*/
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Config for the EntityStorageAuthenticationAuditService constructor.
|
|
3
|
+
*/
|
|
4
|
+
export interface IEntityStorageAuthenticationAuditServiceConfig {
|
|
5
|
+
/**
|
|
6
|
+
* The server-side salt for hashing IP addresses in audit logs, if configured.
|
|
7
|
+
*/
|
|
8
|
+
ipHashSalt?: string;
|
|
9
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { IEntityStorageAuthenticationAuditServiceConfig } from "./IEntityStorageAuthenticationAuditServiceConfig.js";
|
|
2
|
+
/**
|
|
3
|
+
* Options for the EntityStorageAuthenticationAuditService constructor.
|
|
4
|
+
*/
|
|
5
|
+
export interface IEntityStorageAuthenticationAuditServiceConstructorOptions {
|
|
6
|
+
/**
|
|
7
|
+
* The entity storage for the audit entries.
|
|
8
|
+
* @default authentication-audit-entry
|
|
9
|
+
*/
|
|
10
|
+
authenticationAuditEntryStorageType?: string;
|
|
11
|
+
/**
|
|
12
|
+
* The configuration for the authentication audit service.
|
|
13
|
+
*/
|
|
14
|
+
config?: IEntityStorageAuthenticationAuditServiceConfig;
|
|
15
|
+
}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import type { IEntityStorageAuthenticationRateServiceConfig } from "./IEntityStorageAuthenticationRateServiceConfig.js";
|
|
2
|
+
/**
|
|
3
|
+
* Options for the EntityStorageAuthenticationRateService constructor.
|
|
4
|
+
*/
|
|
5
|
+
export interface IEntityStorageAuthenticationRateServiceConstructorOptions {
|
|
6
|
+
/**
|
|
7
|
+
* The entity storage for authentication rate entries.
|
|
8
|
+
* @default authentication-rate-entry
|
|
9
|
+
*/
|
|
10
|
+
authenticationRateEntryStorageType?: string;
|
|
11
|
+
/**
|
|
12
|
+
* The task scheduler component type.
|
|
13
|
+
* @default task-scheduler
|
|
14
|
+
*/
|
|
15
|
+
taskSchedulerComponentType?: string;
|
|
16
|
+
/**
|
|
17
|
+
* The configuration for the authentication rate service.
|
|
18
|
+
*/
|
|
19
|
+
config?: IEntityStorageAuthenticationRateServiceConfig;
|
|
20
|
+
}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { IAuthenticationRateActionConfig } from "@twin.org/api-auth-entity-storage-models";
|
|
1
2
|
/**
|
|
2
3
|
* Configuration for the entity storage authentication service.
|
|
3
4
|
*/
|
|
@@ -9,7 +10,27 @@ export interface IEntityStorageAuthenticationServiceConfig {
|
|
|
9
10
|
signingKeyName?: string;
|
|
10
11
|
/**
|
|
11
12
|
* The default time to live for the JWT.
|
|
12
|
-
* @default
|
|
13
|
+
* @default 60
|
|
13
14
|
*/
|
|
14
15
|
defaultTtlMinutes?: number;
|
|
16
|
+
/**
|
|
17
|
+
* The minimum password length for new password validation.
|
|
18
|
+
* @default 8
|
|
19
|
+
*/
|
|
20
|
+
minPasswordLength?: number;
|
|
21
|
+
/**
|
|
22
|
+
* Optional override for login failure rate limit.
|
|
23
|
+
* @default { maxAttempts: 5, windowMinutes: 15 }
|
|
24
|
+
*/
|
|
25
|
+
loginRateLimit?: IAuthenticationRateActionConfig;
|
|
26
|
+
/**
|
|
27
|
+
* Optional override for password change rate limit.
|
|
28
|
+
* @default { maxAttempts: 5, windowMinutes: 15 }
|
|
29
|
+
*/
|
|
30
|
+
passwordChangeRateLimit?: IAuthenticationRateActionConfig;
|
|
31
|
+
/**
|
|
32
|
+
* Optional override for token refresh rate limit.
|
|
33
|
+
* @default { maxAttempts: 30, windowMinutes: 60 }
|
|
34
|
+
*/
|
|
35
|
+
tokenRefreshRateLimit?: IAuthenticationRateActionConfig;
|
|
15
36
|
}
|
|
@@ -14,10 +14,20 @@ export interface IEntityStorageAuthenticationServiceConstructorOptions {
|
|
|
14
14
|
*/
|
|
15
15
|
vaultConnectorType?: string;
|
|
16
16
|
/**
|
|
17
|
-
* The
|
|
18
|
-
* @default authentication-
|
|
17
|
+
* The audit service.
|
|
18
|
+
* @default authentication-audit
|
|
19
19
|
*/
|
|
20
|
-
|
|
20
|
+
authenticationAuditServiceType?: string;
|
|
21
|
+
/**
|
|
22
|
+
* The rate service.
|
|
23
|
+
* @default authentication-rate
|
|
24
|
+
*/
|
|
25
|
+
authenticationRateServiceType?: string;
|
|
26
|
+
/**
|
|
27
|
+
* The component to retrieve tenant information.
|
|
28
|
+
* @default tenant-admin
|
|
29
|
+
*/
|
|
30
|
+
tenantAdminComponentType?: string;
|
|
21
31
|
/**
|
|
22
32
|
* The configuration for the authentication.
|
|
23
33
|
*/
|
|
@@ -10,7 +10,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
10
10
|
*/
|
|
11
11
|
static readonly CLASS_NAME: string;
|
|
12
12
|
/**
|
|
13
|
-
* Create a new instance of
|
|
13
|
+
* Create a new instance of AuthHeaderProcessor.
|
|
14
14
|
* @param options Options for the processor.
|
|
15
15
|
*/
|
|
16
16
|
constructor(options?: IAuthHeaderProcessorConstructorOptions);
|
|
@@ -22,7 +22,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
22
22
|
/**
|
|
23
23
|
* The service needs to be started when the application is initialized.
|
|
24
24
|
* @param nodeLoggingComponentType The node logging component type.
|
|
25
|
-
* @returns
|
|
25
|
+
* @returns A promise that resolves when the node identity and organization ID have been cached.
|
|
26
26
|
*/
|
|
27
27
|
start(nodeLoggingComponentType?: string): Promise<void>;
|
|
28
28
|
/**
|
|
@@ -32,6 +32,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
32
32
|
* @param route The route to process.
|
|
33
33
|
* @param contextIds The context IDs of the request.
|
|
34
34
|
* @param processorState The state handed through the processors.
|
|
35
|
+
* @returns A promise that resolves when the JWT has been verified and the context populated, or an error response set.
|
|
35
36
|
*/
|
|
36
37
|
pre(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, contextIds: IContextIds, processorState: {
|
|
37
38
|
[id: string]: unknown;
|
|
@@ -43,6 +44,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
43
44
|
* @param route The route to process.
|
|
44
45
|
* @param contextIds The context IDs of the request.
|
|
45
46
|
* @param processorState The state handed through the processors.
|
|
47
|
+
* @returns A promise that resolves when the Set-Cookie header has been applied to the response if required.
|
|
46
48
|
*/
|
|
47
49
|
post(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, contextIds: IContextIds, processorState: {
|
|
48
50
|
[id: string]: unknown;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import type { IAdminUserCreateRequest, IAdminUserGetByIdentityRequest, IAdminUserGetRequest, IAdminUserGetResponse, IAdminUserRemoveRequest, IAdminUserUpdatePasswordRequest, IAdminUserUpdateRequest } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { ICreatedResponse, IHttpRequestContext, INoContentResponse, IRestRoute, ITag } from "@twin.org/api-models";
|
|
3
|
+
/**
|
|
4
|
+
* The tag to associate with the routes.
|
|
5
|
+
*/
|
|
6
|
+
export declare const tagsAuthenticationAdmin: ITag[];
|
|
7
|
+
/**
|
|
8
|
+
* The REST routes for authentication admin.
|
|
9
|
+
* @param baseRouteName Prefix to prepend to the paths.
|
|
10
|
+
* @param componentName The name of the component to use in the routes stored in the ComponentFactory.
|
|
11
|
+
* @returns The generated routes.
|
|
12
|
+
*/
|
|
13
|
+
export declare function generateRestRoutesAuthenticationAdmin(baseRouteName: string, componentName: string): IRestRoute[];
|
|
14
|
+
/**
|
|
15
|
+
* Create a new user.
|
|
16
|
+
* @param httpRequestContext The request context for the API.
|
|
17
|
+
* @param componentName The name of the component to use in the routes.
|
|
18
|
+
* @param request The request.
|
|
19
|
+
* @returns The response object with additional http response properties.
|
|
20
|
+
*/
|
|
21
|
+
export declare function authenticationAdminCreateUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserCreateRequest): Promise<ICreatedResponse>;
|
|
22
|
+
/**
|
|
23
|
+
* Update an existing user.
|
|
24
|
+
* @param httpRequestContext The request context for the API.
|
|
25
|
+
* @param componentName The name of the component to use in the routes.
|
|
26
|
+
* @param request The request.
|
|
27
|
+
* @returns The response object with additional http response properties.
|
|
28
|
+
*/
|
|
29
|
+
export declare function authenticationAdminUpdateUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserUpdateRequest): Promise<INoContentResponse>;
|
|
30
|
+
/**
|
|
31
|
+
* Update an existing user password.
|
|
32
|
+
* @param httpRequestContext The request context for the API.
|
|
33
|
+
* @param componentName The name of the component to use in the routes.
|
|
34
|
+
* @param request The request.
|
|
35
|
+
* @returns The response object with additional http response properties.
|
|
36
|
+
*/
|
|
37
|
+
export declare function authenticationAdminUpdateUserPassword(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserUpdatePasswordRequest): Promise<INoContentResponse>;
|
|
38
|
+
/**
|
|
39
|
+
* Get an existing user.
|
|
40
|
+
* @param httpRequestContext The request context for the API.
|
|
41
|
+
* @param componentName The name of the component to use in the routes.
|
|
42
|
+
* @param request The request.
|
|
43
|
+
* @returns The response object with additional http response properties.
|
|
44
|
+
*/
|
|
45
|
+
export declare function authenticationAdminGetUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserGetRequest): Promise<IAdminUserGetResponse>;
|
|
46
|
+
/**
|
|
47
|
+
* Get an existing user by identity.
|
|
48
|
+
* @param httpRequestContext The request context for the API.
|
|
49
|
+
* @param componentName The name of the component to use in the routes.
|
|
50
|
+
* @param request The request.
|
|
51
|
+
* @returns The response object with additional http response properties.
|
|
52
|
+
*/
|
|
53
|
+
export declare function authenticationAdminGetUserByIdentity(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserGetByIdentityRequest): Promise<IAdminUserGetResponse>;
|
|
54
|
+
/**
|
|
55
|
+
* Remove an existing user.
|
|
56
|
+
* @param httpRequestContext The request context for the API.
|
|
57
|
+
* @param componentName The name of the component to use in the routes.
|
|
58
|
+
* @param request The request.
|
|
59
|
+
* @returns The response object with additional http response properties.
|
|
60
|
+
*/
|
|
61
|
+
export declare function authenticationAdminRemoveUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserRemoveRequest): Promise<INoContentResponse>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import type { IAuditCreateRequest, IAuditQueryRequest, IAuditQueryResponse } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { ICreatedResponse, IHttpRequestContext, IRestRoute, ITag } from "@twin.org/api-models";
|
|
3
|
+
/**
|
|
4
|
+
* The tag to associate with the routes.
|
|
5
|
+
*/
|
|
6
|
+
export declare const tagsAuthenticationAudit: ITag[];
|
|
7
|
+
/**
|
|
8
|
+
* The REST routes for authentication audit.
|
|
9
|
+
* @param baseRouteName Prefix to prepend to the paths.
|
|
10
|
+
* @param componentName The name of the component to use in the routes stored in the ComponentFactory.
|
|
11
|
+
* @returns The generated routes.
|
|
12
|
+
*/
|
|
13
|
+
export declare function generateRestRoutesAuthenticationAudit(baseRouteName: string, componentName: string): IRestRoute[];
|
|
14
|
+
/**
|
|
15
|
+
* Create an authentication audit entry.
|
|
16
|
+
* @param httpRequestContext The request context for the API.
|
|
17
|
+
* @param componentName The name of the component to use in the routes.
|
|
18
|
+
* @param request The request.
|
|
19
|
+
* @returns The response object with additional http response properties.
|
|
20
|
+
*/
|
|
21
|
+
export declare function authenticationAuditCreate(httpRequestContext: IHttpRequestContext, componentName: string, request: IAuditCreateRequest): Promise<ICreatedResponse>;
|
|
22
|
+
/**
|
|
23
|
+
* Query authentication audit entries.
|
|
24
|
+
* @param httpRequestContext The request context for the API.
|
|
25
|
+
* @param componentName The name of the component to use in the routes.
|
|
26
|
+
* @param request The request.
|
|
27
|
+
* @returns The response object with additional http response properties.
|
|
28
|
+
*/
|
|
29
|
+
export declare function authenticationAuditQuery(httpRequestContext: IHttpRequestContext, componentName: string, request: IAuditQueryRequest): Promise<IAuditQueryResponse>;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { IAuthenticationAdminComponent } from "@twin.org/api-auth-entity-storage-models";
|
|
1
|
+
import type { IAuthenticationAdminComponent, IAuthenticationUser } from "@twin.org/api-auth-entity-storage-models";
|
|
2
2
|
import type { IEntityStorageAuthenticationAdminServiceConstructorOptions } from "../models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js";
|
|
3
3
|
/**
|
|
4
4
|
* Implementation of the authentication component using entity storage.
|
|
@@ -20,17 +20,34 @@ export declare class EntityStorageAuthenticationAdminService implements IAuthent
|
|
|
20
20
|
className(): string;
|
|
21
21
|
/**
|
|
22
22
|
* Create a login for the user.
|
|
23
|
-
* @param
|
|
24
|
-
* @
|
|
25
|
-
* @param userIdentity The DID to associate with the account.
|
|
26
|
-
* @param organizationIdentity The organization of the user.
|
|
27
|
-
* @returns Nothing.
|
|
23
|
+
* @param user The user to create.
|
|
24
|
+
* @returns A promise that resolves when the user account has been created and the audit entry recorded.
|
|
28
25
|
*/
|
|
29
|
-
create(
|
|
26
|
+
create(user: IAuthenticationUser & {
|
|
27
|
+
password: string;
|
|
28
|
+
}): Promise<void>;
|
|
29
|
+
/**
|
|
30
|
+
* Update a login for the user.
|
|
31
|
+
* @param user The user to update.
|
|
32
|
+
* @returns A promise that resolves when the user account has been updated and the audit entry recorded.
|
|
33
|
+
*/
|
|
34
|
+
update(user: Partial<IAuthenticationUser>): Promise<void>;
|
|
35
|
+
/**
|
|
36
|
+
* Get a user by email.
|
|
37
|
+
* @param email The email address of the user to get.
|
|
38
|
+
* @returns The user details.
|
|
39
|
+
*/
|
|
40
|
+
get(email: string): Promise<IAuthenticationUser>;
|
|
41
|
+
/**
|
|
42
|
+
* Get a user by identity.
|
|
43
|
+
* @param identity The identity of the user to get.
|
|
44
|
+
* @returns The user details.
|
|
45
|
+
*/
|
|
46
|
+
getByIdentity(identity: string): Promise<IAuthenticationUser>;
|
|
30
47
|
/**
|
|
31
48
|
* Remove the current user.
|
|
32
49
|
* @param email The email address of the user to remove.
|
|
33
|
-
* @returns
|
|
50
|
+
* @returns A promise that resolves when the user account has been removed and the audit entry recorded.
|
|
34
51
|
*/
|
|
35
52
|
remove(email: string): Promise<void>;
|
|
36
53
|
/**
|
|
@@ -38,7 +55,7 @@ export declare class EntityStorageAuthenticationAdminService implements IAuthent
|
|
|
38
55
|
* @param email The email address of the user to update.
|
|
39
56
|
* @param newPassword The new password for the user.
|
|
40
57
|
* @param currentPassword The current password, optional, if supplied will check against existing.
|
|
41
|
-
* @returns
|
|
58
|
+
* @returns A promise that resolves when the password has been updated.
|
|
42
59
|
*/
|
|
43
60
|
updatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;
|
|
44
61
|
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import type { AuthAuditEvent, IAuthenticationAuditComponent, IAuthenticationAuditEntry } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { IEntityStorageAuthenticationAuditServiceConstructorOptions } from "../models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js";
|
|
3
|
+
/**
|
|
4
|
+
* Implementation of the authentication audit component using entity storage.
|
|
5
|
+
*/
|
|
6
|
+
export declare class EntityStorageAuthenticationAuditService implements IAuthenticationAuditComponent {
|
|
7
|
+
/**
|
|
8
|
+
* Runtime name for the class.
|
|
9
|
+
*/
|
|
10
|
+
static readonly CLASS_NAME: string;
|
|
11
|
+
/**
|
|
12
|
+
* Create a new instance of EntityStorageAuthenticationAuditService.
|
|
13
|
+
* @param options The dependencies for the identity connector.
|
|
14
|
+
*/
|
|
15
|
+
constructor(options?: IEntityStorageAuthenticationAuditServiceConstructorOptions);
|
|
16
|
+
/**
|
|
17
|
+
* Returns the class name of the component.
|
|
18
|
+
* @returns The class name of the component.
|
|
19
|
+
*/
|
|
20
|
+
className(): string;
|
|
21
|
+
/**
|
|
22
|
+
* Create a new audit entry.
|
|
23
|
+
* @param entry The audit entry to be logged.
|
|
24
|
+
* @returns The unique identifier of the created audit entry.
|
|
25
|
+
*/
|
|
26
|
+
create(entry: Omit<IAuthenticationAuditEntry, "id" | "dateCreated">): Promise<string>;
|
|
27
|
+
/**
|
|
28
|
+
* Query the audit entries.
|
|
29
|
+
* @param options The query options.
|
|
30
|
+
* @param options.actorId The actor identifier to filter the audit entries, optional.
|
|
31
|
+
* @param options.organizationId The organization identifier to filter the audit entries, optional.
|
|
32
|
+
* @param options.tenantId The tenant identifier to filter the audit entries, optional.
|
|
33
|
+
* @param options.nodeId The node identifier to filter the audit entries, optional.
|
|
34
|
+
* @param options.event The audit event to filter the audit entries, optional.
|
|
35
|
+
* @param options.startDate The start date to filter the audit entries, optional.
|
|
36
|
+
* @param options.endDate The end date to filter the audit entries, optional.
|
|
37
|
+
* @param cursor The cursor for pagination.
|
|
38
|
+
* @param limit The maximum number of entries to return.
|
|
39
|
+
* @returns The audit entries.
|
|
40
|
+
*/
|
|
41
|
+
query(options?: {
|
|
42
|
+
actorId?: string;
|
|
43
|
+
organizationId?: string;
|
|
44
|
+
tenantId?: string;
|
|
45
|
+
nodeId?: string;
|
|
46
|
+
event?: AuthAuditEvent | string;
|
|
47
|
+
startDate?: string;
|
|
48
|
+
endDate?: string;
|
|
49
|
+
}, cursor?: string, limit?: number): Promise<{
|
|
50
|
+
entries: IAuthenticationAuditEntry[];
|
|
51
|
+
cursor?: string;
|
|
52
|
+
}>;
|
|
53
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import type { IAuthenticationRateActionConfig, IAuthenticationRateComponent } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { IEntityStorageAuthenticationRateServiceConstructorOptions } from "../models/IEntityStorageAuthenticationRateServiceConstructorOptions.js";
|
|
3
|
+
/**
|
|
4
|
+
* Implementation of the authentication rate component using entity storage.
|
|
5
|
+
*/
|
|
6
|
+
export declare class EntityStorageAuthenticationRateService implements IAuthenticationRateComponent {
|
|
7
|
+
/**
|
|
8
|
+
* Runtime name for the class.
|
|
9
|
+
*/
|
|
10
|
+
static readonly CLASS_NAME: string;
|
|
11
|
+
/**
|
|
12
|
+
* Create a new instance of EntityStorageAuthenticationRateService.
|
|
13
|
+
* @param options The constructor options.
|
|
14
|
+
*/
|
|
15
|
+
constructor(options?: IEntityStorageAuthenticationRateServiceConstructorOptions);
|
|
16
|
+
/**
|
|
17
|
+
* Register or update rate-limit configuration for an action.
|
|
18
|
+
* @param action The action name.
|
|
19
|
+
* @param config The action configuration.
|
|
20
|
+
* @returns A promise that resolves when the action configuration has been stored.
|
|
21
|
+
*/
|
|
22
|
+
registerAction(action: string, config: IAuthenticationRateActionConfig): Promise<void>;
|
|
23
|
+
/**
|
|
24
|
+
* Unregister rate-limit configuration for an action.
|
|
25
|
+
* @param action The action name.
|
|
26
|
+
* @returns A promise that resolves when the action configuration has been removed.
|
|
27
|
+
*/
|
|
28
|
+
unregisterAction(action: string): Promise<void>;
|
|
29
|
+
/**
|
|
30
|
+
* Returns the class name of the component.
|
|
31
|
+
* @returns The class name of the component.
|
|
32
|
+
*/
|
|
33
|
+
className(): string;
|
|
34
|
+
/**
|
|
35
|
+
* The service needs to be started when the application is initialized.
|
|
36
|
+
* @param nodeLoggingComponentType The node logging component type.
|
|
37
|
+
* @returns A promise that resolves when the periodic cleanup task has been registered.
|
|
38
|
+
*/
|
|
39
|
+
start(nodeLoggingComponentType?: string): Promise<void>;
|
|
40
|
+
/**
|
|
41
|
+
* The component needs to be stopped when the node is closed.
|
|
42
|
+
* @param nodeLoggingComponentType The node logging component type.
|
|
43
|
+
* @returns A promise that resolves when the periodic cleanup task has been removed.
|
|
44
|
+
*/
|
|
45
|
+
stop(nodeLoggingComponentType?: string): Promise<void>;
|
|
46
|
+
/**
|
|
47
|
+
* Check the authentication rate for a given action and identifier.
|
|
48
|
+
* @param action The action to be checked.
|
|
49
|
+
* @param identifier The identifier to be checked.
|
|
50
|
+
* @returns The rate entry id.
|
|
51
|
+
*/
|
|
52
|
+
check(action: string, identifier: string): Promise<string>;
|
|
53
|
+
/**
|
|
54
|
+
* Clear the authentication rate entry for the given action and identifier.
|
|
55
|
+
* @param action The action to clear.
|
|
56
|
+
* @param identifier The identifier to clear.
|
|
57
|
+
* @returns A promise that resolves when the rate entry has been removed.
|
|
58
|
+
*/
|
|
59
|
+
clear(action: string, identifier: string): Promise<void>;
|
|
60
|
+
}
|
|
@@ -21,9 +21,15 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
|
|
|
21
21
|
/**
|
|
22
22
|
* The service needs to be started when the application is initialized.
|
|
23
23
|
* @param nodeLoggingComponentType The node logging component type.
|
|
24
|
-
* @returns
|
|
24
|
+
* @returns A promise that resolves when rate-limit actions have been registered and the node identity cached.
|
|
25
25
|
*/
|
|
26
26
|
start(nodeLoggingComponentType?: string): Promise<void>;
|
|
27
|
+
/**
|
|
28
|
+
* The component needs to be stopped when the node is closed.
|
|
29
|
+
* @param nodeLoggingComponentType The node logging component type.
|
|
30
|
+
* @returns A promise that resolves when all rate-limit actions have been unregistered.
|
|
31
|
+
*/
|
|
32
|
+
stop(nodeLoggingComponentType?: string): Promise<void>;
|
|
27
33
|
/**
|
|
28
34
|
* Perform a login for the user.
|
|
29
35
|
* @param email The email address for the user.
|
|
@@ -37,7 +43,7 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
|
|
|
37
43
|
/**
|
|
38
44
|
* Logout the current user.
|
|
39
45
|
* @param token The token to logout, if it uses a mechanism with public access.
|
|
40
|
-
* @returns
|
|
46
|
+
* @returns A promise that resolves when the logout audit entry has been recorded.
|
|
41
47
|
*/
|
|
42
48
|
logout(token?: string): Promise<void>;
|
|
43
49
|
/**
|
|
@@ -46,15 +52,14 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
|
|
|
46
52
|
* @returns The refreshed token, if it uses a mechanism with public access.
|
|
47
53
|
*/
|
|
48
54
|
refresh(token?: string): Promise<{
|
|
49
|
-
token
|
|
55
|
+
token?: string;
|
|
50
56
|
expiry: number;
|
|
51
57
|
}>;
|
|
52
58
|
/**
|
|
53
59
|
* Update the user's password.
|
|
54
|
-
* @param email The email address of the user to update.
|
|
55
60
|
* @param currentPassword The current password for the user.
|
|
56
61
|
* @param newPassword The new password for the user.
|
|
57
|
-
* @returns
|
|
62
|
+
* @returns A promise that resolves when the password has been updated and the rate limit cleared.
|
|
58
63
|
*/
|
|
59
|
-
updatePassword(
|
|
64
|
+
updatePassword(currentPassword: string, newPassword: string): Promise<void>;
|
|
60
65
|
}
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import type { IAuthenticationAuditComponent } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { IEntityStorageConnector } from "@twin.org/entity-storage-models";
|
|
3
|
+
import type { AuthenticationUser } from "../entities/authenticationUser.js";
|
|
1
4
|
/**
|
|
2
5
|
* Helper class for password operations.
|
|
3
6
|
*/
|
|
@@ -7,10 +10,15 @@ export declare class PasswordHelper {
|
|
|
7
10
|
*/
|
|
8
11
|
static readonly CLASS_NAME: string;
|
|
9
12
|
/**
|
|
10
|
-
*
|
|
11
|
-
*
|
|
12
|
-
* @param
|
|
13
|
-
* @
|
|
13
|
+
* Update the password for a user.
|
|
14
|
+
* Validates password strength, verifies the current password if provided, then hashes and stores the new password and raises an audit event.
|
|
15
|
+
* @param userEntityStorage The entity storage for users.
|
|
16
|
+
* @param authenticationAuditService The optional audit service.
|
|
17
|
+
* @param user The user whose password is being updated.
|
|
18
|
+
* @param newPassword The new password to set.
|
|
19
|
+
* @param currentPassword The current password to verify against, if supplied.
|
|
20
|
+
* @param minPasswordLength Optional minimum password length for validation.
|
|
21
|
+
* @returns A promise that resolves when the new password has been stored and the audit entry recorded.
|
|
14
22
|
*/
|
|
15
|
-
static
|
|
23
|
+
static updatePassword(userEntityStorage: IEntityStorageConnector<AuthenticationUser>, authenticationAuditService: IAuthenticationAuditComponent | undefined, user: AuthenticationUser, newPassword: string, currentPassword?: string, minPasswordLength?: number): Promise<void>;
|
|
16
24
|
}
|